With the advent of IoT, the hybrid cloud environment, and workplace mobility, enterprise security has cracked open and the resulting fissure threatens to paralyze large organizations, operations, and business data. A simple device – your connected car, for example – can be used to abduct you; your fitness tracker can be hacked and all your personal data stolen and misused without you ever knowing.
On a much larger scale, the infamous WannaCry and NotPetya outbreaks in 2017 caused massive ransomware destruction. WannaCry shut down computers in more than 80 national health organizations, resulting in almost 20,000 cancelled appointments, 600 GP practices having to return to pen and paper, and five hospitals forced to turn ambulances away, unable to handle any more emergency cases. NotPetya cost pharmaceutical giant Merck $310 million in Q3 2017 alone. Shipping firm Maersk and logistics company FedEx also took hits in the ballpark of $300 million from that attack. The attack on American credit company Equifax compromised the personal data of 100+ million customers. These examples show the level of sophistication in attacks and the magnitude of damage caused by hacking into vulnerabilities.
Cybersecurity, at its core, is protecting networks, devices, programs, information, and systems from attack, damage, unauthorized access, or major cyber threats (malware, ransomware, phishing, etc.) While we have advanced solutions to provide security across the endpoint, network, email, web, and cloud, there is a growing threat from attackers and cyber adversaries using technologies to launch new, sophisticated attacks capable of paralyzing existing security.
To better address the growing risks, let’s start by understanding the changes in the attack landscape.
THE CHANGING ATTACK LANDSCAPE
A few years ago, cybersecurity was synonymous with enterprise security. Information and infrastructure were under the complete control of the enterprise where they had a clear distinction of infrastructure boundaries. But now, with the rise of mobile working, IoT, the cloud, and “XaaS,” the scenarios are different.
With the increased use of IoT and mobile devices, the front line of endpoints is constantly expanding as new traditional and non-traditional devices are added. Working in synchronization with each other, these connected devices form their own ecosystem. But as ecosystems expand, new weak links appear. Mobile and IoT devices don’t have strong built-in security, making them vulnerable to attack.
Increased pressure on monitoring systems to oversee a growing number of endpoints raises the likelihood of threats getting into the system and undermining endpoint security.
As the network moved from a single-point server to multiple servers in the cloud, it created multiple connection fibers and increased pressure on the network security layers. The cloud has eliminated the need to run applications from the system with its XaaS. Organizations are moving to a multi-cloud environment where ensuring data security on the public cloud and establishing a secure connection to various clouds is becoming increasingly difficult. Modern attacks and threat vectors target the service spectrum of the cloud. They use the cloud network to access millions of users, thus rapidly propagating throughout the system to a vast network.
On the one hand, machine learning and AI have enabled enterprises to derive real-time insights from data and create machine-generated human responses. On the other hand, this has created new threats to cybersecurity. Hackers use AI to develop sophisticated phishing emails, which are difficult to categorize as dormant or infectious, increasing concerns for email security. These attacks evolve in real time, achieving high impact rates and increasing their chance of infection. Such techniques are very prominent in zero-day attacks.
EVOLVING DEFENCE TECHNIQUES
Cybersecurity needs to evolve to incorporate real-time total protection, threat identification, segregation, and termination. With connected systems and cloud applications becoming more prevalent and the security threats to them evolving rapidly, prevention is critical. Solutions should eliminate risks by safeguarding the systems from interacting with attacks. But even once initiated, the security solution should identify and mitigate the attack in real time, simultaneously extending the updated security to all other connected nodes to prevent a repeated attack.
The next step in endpoint security is to advance from simply stopping malicious executables to actually seeking out the indicators of the attack and the indicators of compromise to identify modern breach activities. Improved machine learning and advanced analytical capabilities are bringing about this transformation. Another major shift is towards endpoint behavior and pattern analysis rather than just file analysis. With machine learning, previously unnoticed attack patterns can now be identified and analyzed to create a near-real attack picture. This provides deeper insight into attack execution, thus seamlessly extending security to other IoT devices. Instead of focusing on the ever-changing nature of the attack, attack patterns are analyzed to identify and eliminate potential threats.
Cloud and network security, especially for the multi-cloud environment, is difficult to achieve. Traditional cloud security was perimeter-based (once the devices are inside the perimeter, they are considered safe). This opens up the network to lateral movement where attackers move laterally between different connected VMs to access the network. To overcome this, cloud security is adopting a “zero-trust model” based on the “never trust, always verify” principle. Zero trust mitigates risks associated with cloud perimeter security by replacing network-level access with point-to-point application level access. At the same time, user activity within the application is audited in real time while blocking undesired and suspicious activities.
Email and network security solutions use a combination of machine-learning algorithms, deception, and isolation. A typical flow for emails and browsers is fetch, execute, and render. Companies are migrating the fetch and execute processes to a secure cloud network where email contents are screened for suspicious activities. Using machine-learning algorithms, these contents are analyzed for malware or targeted phishing attacks in real time by understanding the relationship graphs in the emails. If any malware or suspicious activity is identified, the threat is isolated in the secure cloud environment.
Cybersecurity companies are preparing for the next leap by leveraging blockchain technology. Security vendors are migrating their existing solutions to the blockchain network. Companies are using software-defined perimeter (SDP) architectures on the blockchain network to create to create a zero-trust, blockchain-defined perimeter. They are also trying to use a process called continual reconciliation in which consensus between devices is used to secure the networks. When a new device is added, devices establish a consensus to identify and isolate bad devices and affected applications.
The cybersecurity space is also seeing a rise in hardware-based security solutions to form a 360o closed loop. Hardware-based security chips provide increased protection for devices. Google and Titan security are already working on such solutions for their “Nest” ecosystem solutions. Recently launched Google phones and other devices (Google Slate, Google Hub) have already been released with such built-in security chips, which provide increased security for disk encryption and integrity of the operating system by monitoring the boot firmware.
In conclusion, the cybersecurity industry is forging ahead to ensure the rapid adoption of the new technology in order to pave an express route to a secure world. Be it the modernization of old solutions using new technologies, such as machine learning and artificial intelligence, or securing networks and ecosystems by using blockchain and hardware security, the cybersecurity space is gathering momentum to be ready for the upcoming influx.
Thank you Akshay Bijwe (firstname.lastname@example.org) for your contribution to the blog. Connect with him!