Some industry experts highlight the unique cybersecurity needs of cloud-based operations, noting that protecting sensitive data differs from traditional on-premises networks. While emerging technologies haven’t changed the ongoing battle between cybersecurity professionals and criminals, they have raised the stakes, making the fight more complex.
Today, we face sophisticated, well-funded cybercriminals with advanced tools far beyond the low-level hackers of the past. To continue growing businesses and creating opportunities, we must keep up with new technologies to avoid these threats.
The Race to Integrate Cutting Edge Technologies
Business professionals must remember that emerging technologies are not for honest use alone. Savvy cybercriminals are also looking for ways to manipulate emerging technologies to steal your digital assets. From dropping strands of malware into a software company’s update to social engineering, miscreants tapping away at a keyboard in a foreign land also find ways to wield the latest innovations. The question is whether we can beat them to the punch with the following.
Quantum Computers Threaten Encryption
A group of Chinese researchers demonstrated that quantum computers could have systems in January 2023, and this emerging technology continues to progress. Although some experts believe it will take a few more years before quantum computers can unravel advanced algorithms quickly and efficiently, the handwriting is now on the proverbial wall.
Like any innovation, it should become increasingly easy to access, and bad actors will exploit it for ill-gotten gains. Some anticipate advanced persistent threats will use quantum computers to slice through Rivest-Shamir-Adleman (RSA) Elliptic Curve Cryptography (ECC) algorithms used in financial transactions.
To offset this threat, organizations should start investing in quantum-resistant encryption solutions. The National Institute of Standards and Technology (NIST) recently released a final set of encryption tools designed to withstand the attack of a quantum computer, and companies should start using them.
Closing the Human Error Factor in Two-Factor Authentication
The MGM Resorts cyberattack did not gain the national media attention it deserved, despite $100 million in losses and a group of disruptive Gen Z individuals bringing the Las Vegas casino to its analog knees. The incident has become a teachable moment in cybersecurity circles because a hacking gang called Scattered Spiders reportedly managed to override the two-factor authentication defense.
These criminals employed various techniques, including social engineering. A help desk employee was tricked into providing login information for someone the employee thought was part of the leadership team. The fail-safe mechanism was supposed to be two-factor authentication. But Scattered Spiders flooded the legitimate user with messages, prompting the actual employee to click approve. Under a relentless barrage of approval requests, human error cost the organization millions.
In the wake of this disaster, additional cybersecurity awareness training is mission-critical. Some decision-makers now outsource tasks to managed IT firms with cybersecurity expertise. Others are adding regular training and upgrading two-factor authentication to multi-factor authentication. One of the critical defenses involves adding biometric authentication.
Advancements in Zero Trust Architecture
According to a Gartner report, 62% of the world’s organizations have already implemented some form of zero-trust cybersecurity. Over three-quarters of those polled about the forward-facing cybersecurity measure indicated it only totaled about 25 percent of their overall cybersecurity budget. Given that zero trust continues to deliver among the most innovative thinking around data protection, company leaders would be well-served to consider transitioning. These rank among the reasons and advancements in zero trust digital security.
- AI and Machine Learning: These technologies play a definitive role in detecting subtle anomalies. They can be programmed to notice even the slightest variations in how legitimate network users navigate a system. This facet helps detect external and internal threats in real-time.
- Micro-Segmentation: Cloud micro-segmentation allows outfits to compartmentalize data based on type, value, and sensitive nature. Advancements in tools such as segmentation firewalls, among others, are enhancing an already comprehensive approach to data security.
- Endpoint Security: Along with being able to vet and allow only approved devices to log into a corporate network, geolocation tools are now available. Geolocation identifies where any internet-connected device is situated. Thought leaders are installing this defense now to stave off clever cybercriminals who mask their laptops as approved ones.
The proactive thinking behind zero trust architecture accounts for conceivable next steps taken by digital thieves. This approach stands in stark contrast to the outdated thinking behind break-and-fix models.
Strides in IoT Cybersecurity
The use of handy sensors and other IoT devices continues to skyrocket, and hackers are fully aware of the trend. Nefarious individuals have crafted botnets to infiltrate IoT devices viewed as weak links. Along with sunsetting outdated devices that cannot provide adequate defenses, cybersecurity professionals advocate for measures such as the following.
- Integrate voice command technology
- Attach multi-factor authentication
- Install the latest enterprise-level antivirus software and firewalls
- Add lock screen measures
One reason even garden-variety hackers exploit IoT vulnerabilities is lackluster device management. There’s a perception that IoT products are helpful and not necessarily connected to other areas of a system. Nothing could be further from the truth. These useful items must be recognized as part of the overall attack surface.
Continuous Monitoring Tools
Although you may be fast asleep and believe the company network has been put to bed, there are hackers halfway around the world who are wide awake. They target organizations with weak cybersecurity defenses, following the path of least resistance to pull off a heist. If no one minds the store, business owners and key stakeholders may be rudely awakened in the morning.
That’s why more CSOs advocate for ongoing cybersecurity monitoring and detection. Advancements in AI and machine learning technologies have greatly enhanced the ability to detect and expel threats. Alerts are triggered when a foreign or insider threat attempts to breach an area that houses intellectual property, financial records, or personal identity information. It’s not unusual for an enterprise to work with a 24-hour cybersecurity provider to ensure any threat is contained and purged promptly. Machine learning and AI threat detection serve as an ever-present guardian.
The Future of Cybersecurity is Now
Owners and upper management teams must understand that reacting to cyberattacks after the fact can result in millions in losses and a badly tarnished reputation. For all intents and purposes, you are responsible for the sensitive and confidential information of employees and industry partners. When a cybercriminal breaches your network, a wide circle of people and organizations also suffer losses. By working with a cybersecurity firm focusing on emerging technologies and how to deploy them now, you can be prepared when hackers figure out a workaround for commonly used defenses.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.