IoT botnets, DDoS, zero-day attacks and co. are currently and will continue to be a challenge for companies this year, but there are also a number of other risks that most people are (still) not aware of, and that could turn the world of cyber security upside down from one day to the next. This article will tell you about what we should be expecting in the coming year.
There is danger lurking everywhere - the keyword here is digitalization. If you think about the latest trends and developments in this area and the data protection that they entail, you will find many pointers to predictions for the future of cyber security. Many companies have already felt the catastrophic effects of what are actually positive technological advances. As if the more and more frequent and aggressive attacks were not scary enough, more new attack vectors are just waiting to be exploited to mount attacks.
Artificial intelligence – a double-edged sword
According to Gartner, more than a third of all companies are already relying on artificial intelligence, for example in the form of chatbots or automated data analysis. You, too? Great! Unfortunately, hackers are also happy about this and are increasingly using artificial intelligence (AI) as a weapon. This allows them to mimic human behaviour and so bypass traditional security measures, crack biometric security systems and carry out highly-personalised attacks completely automatically. This puts companies under pressure to take action; so what could be better than turning the enemy's weapons against them? Playing cat-and-mouse thus enters a new phase. Make your systems even more "intelligent" than the attacker's and make the gruelling operational tasks automatic so that your cyber security specialists can concentrate on the most important thing - protecting your data.
Trust is good, monitoring is better – supplier risk management
Of course, we are sure that you have put your suppliers and partners through their paces before working with them. But have you also thought about their security status? It's a given that more than one in three companies has already been seriously affected by a cyber attack, so you should do so as soon as you can because increased networking and the growing dependence on suppliers, partners and service providers also influences your cyber security. For example, one unthinkable possibility could be to install compromised devices coming from your supplier or to bring malware from a compromised supplier via a collaboration platform into your company.
Are you asking yourself what secure supplier risk management might look like? We'll show you - with SecurityScorecard! In this clear dashboard, you get a comprehensive overview of your third party security risks so you can take the appropriate measures. You can find more information about SecurityScorecard here:
5G not only expands connectivity but also the attack area
In 2019, the 5G network infrastructure will become available in Switzerland. That's a good thing because the number of 5G-capable network devices is constantly on the rise. Of course, this does not just mean smartphones. Digitalisation in our everyday lives and in business is being driven forward by 5G, (but we'll come back to IoT security later.) So what's the catch with 5G?
New, improved operating models and architectures are required to increase the data rate from 1 Gbit/s to a full 10 Gbit/s. This ranges from small-scale WLAN routers at home to network infrastructures throughout Switzerland, and "new" also always implies new attack areas for hackers. Researchers have found that the 5G infrastructure does not yet meet certain critical security requirements, such as the key exchange protocol. They believe that attackers could set up secure channels with previously issued 5G security keys. The full report - published by ETH Zurich, among others - can be found here.
Internet of Things – or should it be Things of Vulnerabilities?
Since the advent of the Internet of Things (IoT), there have been countless attacks, and that’s no surprise. (Read more about the (in)security of IoT here.) Even though in the meantime there have been fewer reports about attacks like these, that does not mean that they are no longer happening - quite the opposite. This means that in the future we will have to invest even more resources in cyber security, as cyber attacks on IoT devices will increase exponentially. On the other hand, we need to assume that attacks will be able to span the digital and physical worlds. For example, intelligent homes call for stronger authentication methods such as biometric identification, so that unwanted "guests" stay outside, otherwise entire infrastructures such as communication networks could be hacked, which would have a massive impact on our daily communication.
In order to overcome these challenges and optimise the availability and security of IoT networks, companies need information about the entire attack surface. This is because the more networked we and our environment become, the more common and frequent these attacks on IoT and IIoT devices will be.
If you are interested in IoT and IIoT risk, we can highly recommend our free whitepaper "IoT & Industry 4.0 security barometer"! It shows you how in just 5 steps you can significantly reduce your IoT and IIoT risks.
Cloud security – but with no storm clouds
For many companies, the subject of cloud security will become unavoidable in the coming year. Many companies are already using hybrid networks consisting of physical, virtual and multi-cloud environments. This creates an ever larger surface area for attacks, which runs counter to the most important cyber security principle of keeping the risk of attacks as low as possible. For many companies, ensuring the security of their data and assets in cloud environments is an extra challenge.
Especially in complex cloud environments, it is impossible to find and fix vulnerabilities manually, and instead, automated supporting processes are needed. As well as their vulnerabilities, the configuration management of cloud environments is an increasingly common problem. This makes the continual analysis of configurations that comply with company policies and generally accepted security criteria a major challenge, as does the capture and visualisation of all assets in the cloud.
Cyber security becomes a worldwide affair of state
Security and data protection concerns are growing and, of course, they are justified. Legislators are increasingly confronted with challenges in the field of cyber security. These require action - and rapid action, which does not exactly fit the rather slow slog of the political world. Implementing the GDPR in mid-2018 was a step in the right direction and should serve as a model for security and data protection initiatives outside the European Union. Both Canada and Brazil have since passed similar laws. Many others will follow suit soon. In California, for example, shortly after the GDPR came into force, the toughest data protection law in the USA was enacted, but in a global context, there is still a lot of room for improvement.
At first glance, many people would welcome this development. However, like many other issues, legislative and regulatory measures also have drawbacks. For example, overly strict regulations could hinder the options for effective cyber defence, as the required measures would be restricted, or, due to regulatory requirements, there could even be a failure to implement new, innovative business models.
Effective cyber security – is it an impossibility?
You can see that cyber security is and will remain an exciting area. Above all, it is a challenge! In addition to the factors listed above, there are many other risks and challenges, such as the rising shortage of well-trained cyber security and cyber defence specialists. But don't worry, because even companies that are not fortunate enough to have the capacity to manage everything on their own can optimise their cyber security. In our blog, you can find many exciting and informative articles to help you. The best thing to do is to subscribe to our blog updates right away so that you don't miss out on any of the articles!
Have you seen our whitepapers and checklists? We can guarantee that even the most experienced cyber security expert will find something to learn!
360° cyber security? Of course!
At InfoGuard, we can provide you with exactly the protection you need. Our comprehensive services mean that you benefit from experienced specialists in every field, from security consulting, security audits, architecture and integration of leading network and security solutions to cyber defence services at our ISO 27001-certified Cyber Defence Center in Baar. We know what 360° cyber security is all about.
Are you already one of our clients? If not, then allow yourself to be convinced by our services. Or better still, get in touch with us right now to get customised advice.