The Everlasting Cybersecurity Conundrum

Cybersecurity Conundrum

Technologies put forward that attempt to block and ensnare cyber-criminals and the more infamous advances of said cyber-criminals searching for new loopholes and implementing fresh attacks. Unfortunately, just as tech advances such as artificial intelligence aid the security world in the design and development of modern defences, so too is it being used by hackers in automated attacks that are able to more quickly break into user accounts. Overall, cyber-security is a chicken and egg conundrum that’s not likely to change in the foreseeable future.

With regards to security breaches and cyber-attacks, said Jonathan Couch, SVP of Strategy at ThreatQuotient, at the end of last year, “Unfortunately right now I think we’re still in that area where the bad guys are winning.“” According to Trend Micro’s Rundown of the Biggest cybersecurity Incidents of 2016, ransomware attackers were the most persistent cyber-criminals, while Mirai with the capability of turning devices into DDoS attacking bots took the role of worst all-round troublemaker. In 2016 we unfortunately also saw the first successful cyber-attack on an industrial facility when parts of the Ukrainian power grid were captured causing unscheduled power outages that affected approximately a quarter of a million customers. And with news in December of over a billion users breached and compromised, Yahoo takes the dubious prize for largest breach on record. Along with SWIFT Vulnerabilities, the prevalence of ransomware, and further vulnerabilities coming to light, 2016’s cyber-security landscape was troubled, to say the least.

A New Year, a New Strategy?

As much as we’d like to believe that all these holes have been plugged, 2016’s cybersecurity failures imply more to follow in 2017. Experts believe IoT will continue to be vulnerable to attack this year, but with the landscape broadening across personal, business, and governmental areas, as well as innovations and adoptions steadily expanding, the potential for attacks cresting even the recent DDoS attack on Dyn can be envisaged. Malware is also being predicted to be an active threat this year, and with artificial intelligence imbuing such methods with greater ability as well as the industrialisation of cybercrime, it’s a race to see whether security providers and experts can plug holes as quickly as they appear.

Gladly, security automation and orchestration could provide greater defence against cybercrime through machine learning, behavioural analytics, and threat intelligence, but while bolstering the security field and filling skill gaps, such innovations can also be exploited for immoral assistance’s; just as autonomous security programs seek out and patch vulnerabilities, so too can autonomous hacking programs seek vulnerabilities, but with a very different end goal in mind. Ransomware is also likely to evolve in 2017, and being one of the ‘better paid’ forms of cybercrime, organizations will have to review strategies to safeguard their systems and data. Regrettably, some experts predict ransomware attacks may develop from primarily finance-driven models to efforts to influence business decisions and policies, affecting strategic outcomes.

A daunting setting, but it’s important not to forget the good guys tirelessly battling these challenges, racing against the clock to prevent intrusions, disruptions and violations; the news seldom highlights failed assaults and successful threat prevention, but they are growing as significantly as the misdeeds. Going forward, organisations and individuals will have to make the commitment to get more involved in cybersecurity; it’s no longer enough to trust providers with this eternal task. Regulators are already coming to the fore helping consumers and providers alike implement necessary security strategies, and the practical among us track current trends while implementing policies that limit vulnerability. It’s time to pick a side, and those reluctant to join the fight against cybercrime are directly enhancing the position and tools of cyber-criminals.

By Jennifer Klostermann

Drew Firment
Here’s How to Make Sure Your Skills are Cloud Ready This year will be a period of meteoric growth for the cloud industry. Research from Gartner suggests that global spending on public cloud services in ...
Dana Gardner
Low-code Development Has Entered a Maturity Spurt Closing the gap between the applications and services a company needs -- and the ones they can actually produce -- has long been a missing keystone for attaining ...
Adam Cole
Mitigating Regulatory Risk Some of the great business opportunities for Unified Communications as a Service (UCaaS) integrators and Value-Added Resellers (VARs) have been the emergence of cloud, telephony and Unified Communications (UC) technologies such as ...
Gary Bernstein
Managing Your Internal IT Your company's internal IT team is responsible for keeping things running smoothly, and they deserve all the support you can give them. Here are ten ways to make their lives easier ...
Jonathan Custance
IoT –  Part of Your Essential Kit Jonathan Custance, Co-Founder of Green Custard outlines how industrial organisations can leverage IoT to dramatically reduce their carbon footprint  Technological progress and environmental sustainability have always been at ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.