We’ve entered an exciting yet cautious new era. The fourth industrial revolution is a time of great wonder, possibility and yes, mistrust. Today’s reality includes fake news and AI-fueled deepfakes, along with devastating security breaches that are too numerous to count. Each of us as business leaders, entrepreneurs, employees and consumers needs to be vigilant.
To be safe in this day of AI and other growing technologies, we need to work together like never before. Employees need to be diligent to protect company assets, and employers need to encourage their workforce to practice smart security measures.
Although the list is ever growing, here are five current security trends that organizations and workforces need to consider.
Rethink the Username and Password Tradition
Usernames and passwords have seemed like our trusty companions since the dawn of the internet age. But the prevalence of successful phishing schemes proves that the password model is no longer a safe security method (if it ever was truly safe.)
One of its biggest flaws is that users are often negligent with the strength of their passwords. But even when a stronger password is created, it’s often no match for the latest password-cracking technology. Further, the re-using of passwords across different accounts and keeping the same password for long periods of time makes things all the easier for hackers.
A better method is multi-factor authentication, such as Yubico FIDO U2F Security Keys. These keys are similar in appearance to traditional USB flash drives. Rather than storing data, each key contains a unique chip that can’t be duplicated. This means only the user who possesses the U2F key can access an online account that’s associated with that particular key and the user’s particular password.
After the user enters their password to log in to an online account, they next insert their FIDO U2F Security Key into their USB port and press the security key’s button. Pressing the button serves as the secure second-factor for authentication.
Besides reducing data breaches from phishing schemes, FIDO U2F Security Keys also reduce IT support costs.
Leverage Real-Time Security
In the fourth industrial revolution, security dangers are present on a moment-by-moment basis. Business and IT leaders should adopt the mindset that at any given second, someone is trying to breach their company’s systems. Leaders should also understand that there’s no room for legacy IT-management platforms that can’t keep up with the volume of threats.
One major shortcoming of outdated IT-management platforms is their inability to capture relevant, timely data. Many systems still collect data on a scan frequency, meaning data is hours, days or even a week old the minute it’s collected. When data is this far out of date, hackers have a green light to come and go as they please.
As technology is getting faster, smarter and cheaper, hackers are becoming greedier and more resolved. But it’s not only technological advancements that are driving the rise of daily cyber-attacks. New regulations, such as the GDPR, are inadvertently creating incentives for cybercriminals to breach security systems, steal customer data and use that data to extort the companies they victimize.
The bottom line is that security dangers are everywhere, and they don’t ease up. No organization should operate without real-time security that can detect and stop breaches the moment they’re attempted. Cloud Management Suite is an example of a trusted platform that offers real-time security and manages the entire IT environment from the cloud.
Be Proactive About Preventing Man-In-The-Middle Attacks
While there are many forms of the man-in-the-middle (MITM) attack, the concept is the same: The hacker stands in the middle of two parties, reads the sender’s communications, then altars the information before the recipient receives it. The hacker could even delete the communication altogether so the recipient never receives it.
A particularly devastating example of a MITM attack is the case of a hacker gaining access to a financial institution’s emails. When the bad actor stands between the bank and its customers, the hacker can monitor the communications. They can also spoof the institution’s email address, send altered email messages to the recipients, and convince recipients to divulge financial information directly to the hacker rather than the bank.
The TLS encryption protocol is a solid way to deter or prevent MITM attacks before they happen, as well as SSH protocol and Google’s QUIC. The use of multi-factor authentication (discussed above) is also advisable for the prevention of these threats, as well as the company-wide use of a VPN.
Another technology to keep an eye on is quantum cryptography, which isn’t commercially viable at the moment. But once it’s ready, this breakthrough cryptography method will potentially put a permanent damper on criminal activities like MITM attacks. Part of its promise stems from the fact that it’s theoretically impossible to copy data at the quantum level. Further, photons can’t be observed without changing their state – which means indicators of tampering will immediately be made known.
Know the Risks of Biometrics
We’ve all come to love biometrics – the ease of facial recognition, voice recognition and the simple swipes of our thumbs. Biometrics technology, which is made available by Crossmatch and other innovators, is rapidly improving. Since these identifier methods provide a relatively high degree of confidence in authenticating a user, and they greatly reduce human effort, their implementation and usage is likely to continue growing.
Although the technology is improving, companies need to be smart about their use of biometrics. Fingerprint data and voice-recognition recordings can leak from a company’s servers, causing security catastrophes and public outcries.
False negatives and positives are also still possible, mostly because of natural variations occurring with human voices and appearances. Voices usually sound different upon first waking up, or when the user is rushed or in an angry mood. Facial recognition can also be thrown off by a user’s glasses, makeup variations, or changes in appearance that occur during an illness.
Also, biometrics can be fooled. Facial recognition can be accessed by an unauthorized person who possesses a photo or mask of the legitimate user. And voice recognition can be access via recordings of the user’s voice.
Most experts advise that companies should use multiple recognition methods to increase accuracy. The key is to be aware of the limitations and plan ahead.
Reduce the Risks of Cryptojacking
Cryptojacking is the recent and unauthorized trend of installing code on other people’s computers to use their computing power for the mining of cryptocurrency.
To pull this off, hackers often gain access via phishing-like methods such as getting victims to click malicious email links to load crypto-mining code onto their computers. Another popular method is to infect an online ad or website with the crypto-mining code.
For several reasons, this cybercrime is bad for business. First, it forces companies to pay higher utility bills as their computers work harder and use more electricity. Cryptojacking also creates a steep increase on computer wear and tear, which means more costs for replacement. Further, because infected computers are significantly slower, a company’s overall productivity declines. And as if these problems weren’t detrimental enough, there’s also the security risks of unwanted code running on a company’s machines.
Cryptojacking is increasing in popularity because it’s easy to do, it pays off, and it’s hard to catch the hackers who are doing it. Besides educating employees about phishing schemes, it’s also advisable for companies to install extensions that block cryptomining scripts, such as No Coin and MinerBlock.
Vigilance is Key
While the above threats are prominent ones that need to be addressed by all organizations, the most important point is that new threats crop up almost every day. By the time an organization has established safeguards for one set of risks, new attacks have likely already begun. Be vigilant and never make the mistake of believing your security is impenetrable. And most importantly, be more vigilant and innovative than the hackers.
Irfan Shakeel
Irfan Shakeel is a distinguished cybersecurity professional, thought leader, and trainer. As a director at CIP Cyber, he contributes valuable insights and opinions on the industrial cybersecurity domain. In addition to his written expertise, Irfan hosts the popular CIP Cybersecurity webinar, further showcasing his extensive knowledge and commitment to enhancing critical infrastructure protection.
As with any technological component, security must be a primary consideration when managing a Kubernetes environment. Applications are constantly at the risk of compromising with
January 26, 2022
Want always be up to date?
Don't miss the latest news
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
CIP Training & Certifications
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings