2019: New Vulnerabilities Increase Threat Levels
The security industry is always trying to anticipate all that the threat landscape may bring and the beginning of a new year is an opportune time to take inventory of what’s out there, what’s coming, and what we can do about it. Try as we may, it’s probably best to stick to the principle of “expect the unexpected”, which means that a spectrum of flexible security options and tools are realities of the model security practice.
Due to resource constraints, lack of experience, and a variety of other factors, not every tool out there is a viable option. Organizations are often forced to pick and choose according to their own needs, resources, and capabilities. That’s why security predictions, based on ongoing events and evolving threats are so important. Draw your own conclusions, measure your own risk, and follow along as we explore some of the security threats and vulnerabilities that are potentially coming our way.
1. Software deaths and flaws
Along with major operating and software systems destined for sunset in 2019, the widely utilized nearly-ubiquitous enterprise database system by Microsoft known as SQL Server 2008 will go into End of Support in July. Despite long periods of warning and industry news, reports indicate that many organizations are unable to migrate or upgrade due to resource constraints, timing, and more. In the course of systems inventory and assessments, it isn’t uncommon to discover that over a decade’s worth of production usage, instances and deployments on this platform may be unknown to the organization and even worse, the deployments are often inextricably tied to critical processes throughout the environment.
Without support and ongoing patching, these systems will require enhanced monitoring, vigilance, and incident response – capacities that are commonly only available to organizations that would have probably migrated to the next platform at this point. This is only one example of an ongoing list of vulnerable and outdated systems, soon-to-be obsolete platforms that are susceptible to code exploitation, serving as backdoor channels into target networks.
2. Rise of State Sponsored Threats in Elections
2019 is a prelude to a major national election and a harbinger of potential breach attempts against political parties, affiliated organizations, and even voters themselves. Expect heightened efforts to secure and educate the public and organizations on the potential of influence-seeking attacks. Data is the key factor, and threats may emerge from social networks, applications, and communications systems.
As 2016 controversially proved, cyber threat and information campaigns are tempting and subversive realities that must be accounted for and protected against in our election process.
3. Enhanced Threat Emulation
The year ahead is destined to see widespread adoption of methodologies that emulate attacks and infiltration. Powered by disposable and constructible cloud and virtual-based environments, research and simulations will provide insight into vulnerabilities using known and potential threat tactics against similar constructs found in the production states of participating organizations. This cutting-edge frontier of threat prevention utilizes forensic details in combination with threat intelligence to compose a specialized threat prevention program. Initial participants in this field include financial institutions, government applications, and SaaS software providers.
4. Identity solutions in the Cloud
Corporate identities – thou art loosed! Identity tools and services have historically been hosted onsite at organizations due to the desire to control sensitive access and privilege. As cloud technologies have evolved into a multi-cloud and hybrid cloud status, the need for cloud-integration created hybrid and replication scenarios to address account needs.
Today, trends suggest that the dawn of a hyper-connected Identity Access Management (IAM) standard is upon us. Capabilities in the application landscape both in the cloud and on-premise call for integrations throughout and across cloud platforms.
5. Mobile Authentication Boom
Authentication has always been built around the tenets of something you can identify, something you know, something you have and something you are. Translated into human constructs, those are, in no particular order, account, password, token, and biometrics. With mobile smartphones throughout the enterprise, mobile access is higher than ever before and the need for enhanced security increased dramatically. Mobile devices are capable of integrating PIN numbers, MFA, thumbprint identification, iris identification, token applications, facial recognition, and endpoint configuration. Smartphones are increasingly becoming a passport to the enterprise world.
Combine the leverage of scale with an unwitting army of vulnerable systems and you have a formula that is fit for exploitation. Despite the ongoing woes of an uncertain cryptocurrency market, cryptocurrency is an attractive target for malware and those with bad intent. Cryptojacking is a method of silently controlling widespread numbers of target systems in order to use system resource to mine cryptocurrency. While the effect is not directly malicious, the actions of cryptojacking are unpredictable and cause resource waste. Expect cryptojacking in IoT systems, as the scale and low security make this an appealing target.
7. Threat Intelligence
We wouldn’t be great content producers if we didn’t offer an honest and simultaneously humble pop for our arena of security product. We feel the industry is filled with far too much FUD (Fear, Uncertainty, and Doubt) but our product stands out from that construct. The industry knows that threats are on the rise and they also know they need tools that can uncover suspicious activity and threat research relative to their own technological landscapes.
Threat Intelligence Platform predicts organizations will improve on their threat intelligence programs and in doing so, will require the ability to perform in-depth, accurate information gathering that is accessible to the key personnel throughout the organization.Read the other articles