The cyber security landscape is changing drastically. The growth of new technologies such as drones and the Internet of Things is creating a host of new access points for hackers to target, thereby weakening companies' defences.
We recently spoke to Duncan Hughes, systems engineering director at security specialist A10 Networks, to discuss how the likes of IoT is changing the cyber security landscape for businesses.
- How do you see the current cyber security landscape?
Cyber attacks in 2016 are much more finely targeted than we’ve seen previously. Two styles of attack in particular are being employed with the aim of extracting valuable sensitive data.
First, multi-vector attacks are being used to bypass ‘front-door’ defences. For example, hackers will launch a highly visible ‘smokescreen’ attack on frontline services, bringing customer-facing websites or apps down and diverting attention away from confidential data stores. A targeted piece of malware then retrieves those files while resources are focused elsewhere.
Second, we’re seeing a rapid growth in the number of attacks hiding in SSL traffic. As encryption becomes the norm, the inability of many legacy security tools to detect malware hidden in encrypted packets is leaving an open door for hackers. SSL inspection tools which can decrypt and inspect incoming traffic are becoming increasingly essential amid the wash of encrypted activity.
Attacks are also frequently directed at individual employees, who are seen as a weak link in the chain. These attacks come in the form of emails or attachments masquerading as genuine communications. They can even be something as simple as an invoice email sent to the finance department, which then diverts funds into the sender’s bank account. As a result of this increasingly subtle approach, education needs to go hand-in-hand with technology – hackers are as likely to target employees as they are services as a first point of entry.
- Where are companies still going wrong when trying to defend against hackers and cyber threats?
Many companies are still burying their heads in the sand and denying the dangers. You don’t have to be visible or well-known to be the victim of a cyber-attack. History has shown that invasive attacks are close to inevitable – every company should expect to be compromised. Organisations should view security solutions as much more than just insurance policies.
The mistake is to avoid preparing proactively. Take defence against distributed denial of service (DDoS) attacks as an example. In our experience, some companies are completely unprepared, and many have only partial defences. The best option is to employ a hybrid solution, comprising on-site mitigation which can respond immediately to a sudden spike in activity, supported by in-cloud traffic scrubbing, which can scale to meet demand. Organisations need to invest in tools which have both the flexibility and the speed necessary to fend off a prolonged DDoS attack – sticking with legacy systems is a dangerous gamble.
- How big of an impact are new technologies such as IoT and drones having on security?
Like BYOD before it, IoT technology is pushing company data further beyond corporate systems and defences. Each device connected to the network is a potential attack site, and many companies will employ hundreds of devices across a wide area. As a result, potential hackers are presented with a large and varied attack vector.
The major issue for security teams is that they cannot have complete control over these devices’ specifications. Operating systems, on-board security systems and virus definitions will vary wildly from device to device, which makes it extremely difficult to defend every endpoint effectively.
- What advice can you offer to companies struggling to defend against these new access points for hackers?
The challenge for IT security teams is to protect the network from the endpoints themselves. The key to this is visibility: it’s essential to be able to analyse incoming traffic from IoT devices like smartwatches, sensors and cameras and spot malware before it is too late. With SSL inspection tools in place, organisations will be better equipped to see what data is being transported around the network and determine any unusual activity or incoming threats.
When dealing with multiple connections to a variety of devices, it’s also important to implement converged solutions capable of protecting every element of the wider network and scaling to incorporate new devices as they are added. In addition to this, converged firewalls can detect and reject threats hidden in a variety of data streams, such as video, images and communications, as well as basic text – an important function as live video streaming becomes more prevalent.
- How can companies implement technologies such as IoT and drones without sacrificing security?
The key to a strong defence is twofold. First, to consider in advance where threats could come into the network and ensure you prepare to meet those threats. Second, to have visibility into traffic as it leaves the network in order to detect leaks taking place through compromised devices.
Only when companies face up to the reality of an increasingly targeted and powerful threat landscape will they be able to provide the necessary defences to keep their valuable data safe.
As the IoT becomes a common component of the corporate network, converged security and SSL inspection are the keys to staying one step ahead of the game.
Image Credit: Shutterstock / LeoWolfert