The cyber security is one of the major challenges in the present world. Companies are under constant threat and it can turn out to be the worst of the nightmares for system administrators and security professionals. Hackers gain access to system and data, this can be due to multiple holes in the security system or mishandling of the data.
Hackers intend to have undue benefits by stealing mission critical information, locking access to systems or files, or leaking proprietary information.
Cyber security attacks have high impact on the organizations of all sizes. It can destroy the entire organization by damaged reputation, legal suits and government compliance variance.
Hackers utilize different methods to attain access to the systems and data, these need prevention strategies and techniques.
Different types of cyber-attacks:
- Social engineering and Phishing: This is one of the oldest and simplest way of hacking by posing as legitimate page/email etc. to trick people onto into entering sensitive information.
- Cracking: Hackers use high-powered computer programs to automate the systematic cracking of passwords by trying different potential permutations and combinations
- Crypto-Jacking: the victim unknowingly installing a program that secretly mines cryptocurrency.
- Crypto Currency: The hackers attack the crypto currency by targeting the Blockchain and taking control of Bitcoins. With the advancement on of the technology, and Blockchain are broken and taken control of currency.
Internet of Things:
Ubiquitous connected devices are subject to hacking and hackers take
advantage of these internet connected devices in two ways.
- Attack on the fleet of devices to destroy or control them.
- Use the fleet of devices to attack by using enormous compute power of millions connected devices.
- Man in the Middle Attack: An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
- Software Sub-Versioning Flaws: The attacker takes advantage of the flaws in the system and creates a back door in the software and attacks the system.
- Ransomware: Hackers attack by locking specific, highly sensitive files on the user’s computer or servers and ask for ransom stating that their files have been locked, and that they will only receive the encryption key if they pay a specified amount to the hacker, usually through crypto currency.
Biggest data breaches of 2018
Careem — 14 million
– User names, email addresses, phone numbers, and trip
MyFitnessPal — 150
Users’ usernames, email addresses, and encrypted
Source: Business Insider
Airways — 9.4 million
– Approx 860,000 Flyers’ passport numbers; 245,000 Hong Kong
identity card numbers; 403 expired credit card numbers; and 27
credit card numbers without the card verification value
Chegg — 40 million
personal data including names, email addresses, shipping
addresses, and account usernames and passwords.|
Ticketfly — 27
million users’ personal
information including names, addresses, email addresses, and phone
Source: The Verge
SheIn.com — 6.42
email addresses and encrypted passwords for customers’ online
SingHealth — 1.5
citizens’ names and addresses in the Singapore government’s
health database, and some patients’ history of dispensed
T-Mobile — Approx.
2 million users’
encrypted passwords and personal data, including account numbers,
billing information, and email addresses.|
British Airways —
Approx. 380,000 users’ Card
payments were exposed by “criminal” hack affecting
bookings made on the airline’s website and app.|
Source: Business Insider
MyHeritage — 92
million – Users’s
email addresses and encrypted passwords of users who have signed
up for the service.|
Source: Business Insider
Quora — 100
info including names, email addresses, encrypted passwords, data
from user accounts linked to Quora, and users’ public questions
Saks and Lord &
Taylor — 5 million –
What was affected: Payment card numbers put up for sale more than
5 million stolen credit and debit cards. |
Source: Associated Press
The above timeline clearly indicates that at least one major cyber-attack was impacting millions of internet users every month. There were other major cyber-attacks reported in 2018 by some of the most tech savvy companies like Google, Facebook etc. This clearly indicates that all big / small companies are under continuous threat and impacts are disruptive.
What has changed in last 2 years?
- IOT devices: The IOT devices are ubiquitous and increasing at a great pace. The cyber security for the IOT is still at low maturity and the surface area for of cyber-attack is very high. This makes it a big challenge for the security professional to build strong prevention and protection mechanism.
- Authentication through the mobile devices: The access management and authorization through mobile devices is growing at a rapid pace. This makes the credential and key management a big challenge.
- Identity solution moving to the cloud: The enterprises used to have unified way to manage the identity through LDAP and AD based systems. This changed with identity management shifting to cloud through IAM and similar technologies. The identity federation has also evolved and now spread over the different environments.
- Rise in AI/ML technology accessibility and ubiquitous cloud resources. The AI/ML based security systems are evolving and updating to build prevention and protection systems. At the same time hacking community is using these technologies to build very sophisticated cyber-attacks.
Cyber Market Trends:
The traditional security systems are not going to be sufficient in the new age of technology. Cloud systems are rapidly replacing the traditional systems. With IOT and mobile ecosystems, the surface area is wide and difficult to control. The users want the higher freedom and ease of access, which further increases the risk.
The compliance and governance are evolving, but the question is, are these compliances effective and how can you measure that effectiveness of the controls. A new set security tools are taking birth to handle the new security needs. These tools are based on measuring the effectiveness of the security systems by modeling the threat pattern. These tools use the MITRE ATT@CK security framework. Tools such as Verodin which are based on ATT@CK are measuring the effectiveness of the security systems and helping you define the security layers and prevention tools and techniques specific to your environment.
New security tools are built keeping effective measurement at the center. Cloudlytics is such a tool which provides effective measurement of controls put on the cloud environment (AWS) as per the specific requirement of your organization. This also gives you real-time measurement of the controls on simple granular dashboards and alerting system.