WyzGuys Tech Talk

The cybersecurity threat surface is constantly changing.  Below are listed the top areas of concern among cybersecurity experts.  Some are new, and some have been around seemingly forever.

New Threats

• Emerging technologies and the Internet of Things (IoT).  It seems that all of our new toys are Internet enabled in some way, and many of these devices present a new attack surface for cyber-criminals.  The important issue here is to never run these devices with the default configuration and default user ID and password.
• Cyber-terrorism and SCADA systems.  Electric and gas distribution systems and municipal control systems for services such as water, sewer, and traffic control are under attack from hacktivists, cyber-criminals, terrorist groups and national cyber-warfare teams.  These facilities are run using SCADA (Supervisory Control and Data Acquisition) systems.  These systems used to be standalone systems that were not connected to the Internet, but that is not the case any longer.  If your business is supporting these sorts of operations, this is a big area of concern.
• Third-Party Access and Services. Most businesses have customer-vendor relationships that extend to the network these days.  Whether your clients connect to resources you manage, or whether you connect to a big client to manage services for them, these third-party remote connections are a new avenue of exposure for businesses and organizations.  It is important that you manage these connects properly.
• Cloud Services.  Similarly, with many of your operations moving from servers you controlled physically inside your location to cloud connected operations and services provided by services such as Amazon, RackSpace, Microsoft Office 365, and Salesforce.com, your security in many cases is only as good as the service provider you are using.  Due diligence is required before any of these relationships are established.

Legacy Issues

• Perimeter and Endpoint Defense.  It is no longer enough to expect your firewalls and intrusion prevention systems, and endpoint security software to keep your network secure.  While these systems are still necessary, it is important to be proactively monitoring your network for unusual connections or traffic.  A defender has to protect against everything, an attacker only needs to exploit a single weakness to gain access.  It is prudent at this stage in the game to engage a qualified penetration tester to look for these weaknesses.
• The Human Factor.  Your staff and coworkers still represent the single biggest point of entry into your network.  Over 95% of successful exploits begin as a simple phishing email delivered to one or more employee inboxes, and a simple unguarded click on a link or opening an attached file is enough to launch a remote access Trojan horse that provides the initial point of entry into your network.  Mitigating this risk will require a steady program of training to help your people recognize potential threats and know what to do about them.

Strategic Considerations

• Strategic Deception.  Since the likelihood of having your network penetrated is so high, many organizations are using deception as a strategic weapon in their cyber-security arsenal.  By setting up fake servers and honeypots, and traceable data sets, cyber-attackers have a harder time identifying what resources are truly valuable.  Providing traceable data for the attackers to exfiltrate can make it easier for law enforcement to track down and ultimately prosecute the criminals behind the attack.

It is no longer good enough (if it ever was) to thing that security through obscurity, or believing that “we are too small to be a target” is a suitable defense.  When establishing a cybersecurity strategy, it is important to be thinking like an attacker.