With the presence of cloud infrastructure, and recently, artificial intelligence systems (AI) have become major targets for the attackers, security leaders focus on the laser to defend these prominent areas. They are also right to do so, as Internet criminals resort to new and destroyed technologies to launch and expand more sophisticated attacks.
However, this increasing interest in emerging threats makes it easy to overlook traditional attack tankers, such as human -based social engineering and weaknesses in physical security.
Since the opponents are taking advantage of a wide range of possible entry points-both new and old-security leaders must achieve a balance to ensure their ability to address all risks effectively.
Electronic crime is still a humanitarian problem
Despite the overwhelming noise, technology is not a drug. It cannot be replaced by human experience in every field, and AI alone cannot coincide with the innate human traits of intuition and creative thinking. This is also known as the opponents, which is why the smartest- the most dangerous- use a mixture of technology and technology tactics.
While the main technical weaknesses tend to make headlines, the reality is that the weakest link is always the human element. Almost all attacks include a social engineering component, and despite the durability about artificial intelligence and precise clearance that helps in expanding the scope of such attacks, the interaction between man to humans is where the greatest risk is.
Artificial content is now everywhere around us, and people are improving to differentiate. Whether we reach the point when this is no longer the subject of another discussion. But at the present time, the most dangerous and effective social engineering attacks still depend mainly on humanitarian conversations, whether by phone, email or even personal. After all, the experienced attacker can build confidence and establish Sham's relationships in a way that Amnest International or Deepfake.
Cyber ​​espionage is still a serious threat
Take the state spy sponsored by the state, for example. Social engineers trained highly training are far from the typical cakes of independent electronic crime vehicles that work on the dark network network, which tend to rely on size more than targeting specified companies and individuals. These attackers may target data systems, but when it comes to their own arsenals, their talents in manipulation and deception are their greatest weapons.
Technology still has a long way before approaching the old tactics of Spycraft.
When facing an attacker who can actively form as an internal employee or any other reliable person, a person depends only on technology to alleviate the threat does not represent a little opportunity to protect himself. This is not technology failure. It is a failure in the process, and for this reason the human element should always be a major factor in any cybersecurity strategy.
Of course, this does not mean that technology has no vital role that you play in enhancing your electronic defenses. Certainly, it is no less than safe, because more and more routine threats are automatically or implemented by the least skilled or experienced attackers. The value of technology-especially the automation of cybersecurity that operates in Amnesty International-is primarily in its ability to liberate time for security leaders to focus on threats that technology cannot solve alone.
Explore cybersecurity services
It is not about the cloud as well
The majority of business data is now stored in the cloud, and the percentage continues to rise. Many companies, especially smaller institutions and startups, use the cloud exclusively to store data and other information technology operations. The rise of artificial intelligence, given the extent to which it demands my account, is accelerated by the cloud.
However, cloud computing is not the best option in all cases. The local option is still the preferred option for high -performance work burdens that require a very low disappearance. In some cases, local computing is also the cheapest option, and this is unlikely to change in the near future.
Although more companies migrate to the cloud, this does not mean that they do not keep sensitive data on the site. For example, edge computing, which is close to processing data closer to where needed, has become a decisive empowerment factor in some cases of use. Examples include smart energy networks and remote monitoring of industrial assets and independent vehicles. These include cases where you can not always rely on internet connection.
The smartest and best opponents are not targeted only the cloud -hosted infrastructure. They also put their scenes on local servers and cyber physical systems, such as industrial control systems and hardware supply chains. The fact that there is often the minimum cooperation between logistical services, production and cybersecurity departments makes these risks more dangerous.
Ransomware remains one of the biggest threats targeting local systems despite the decrease in small attacks over the past year. Although cloud systems are not inherently immune from ransom attacks, the vast majority target bare hypervisors and local servers. In one of the modern cases, the Akira Ransomware group has returned to the previous dual blackmail tactics, to try different symbol frameworks to target the systems that operate ESXI and Linux.
Robots are another increasing source of anxiety, as the number of Internet of Things continues to rise. These networks that have been distributed to start the attacks of the service (DDOS) that extend to thousands of devices, and these networks are targeted primarily unprecedented Internet devices, such as those that monitor and operate industrial machines and critical infrastructure. One of the recent reports has discovered that DDOS attacks against critical infrastructure have increased by 55 % in the past four years. These attacks do not directly include the process of filtering sensitive data, but given how they can cause widespread disorder, opponents may rely on them to attract attention from the most serious threats.
Why is material security still relevant
While security leaders focus on imprisoning their cloud -hosted assets, they cannot afford the cost of the risks facing their material infrastructure. Sometimes, it is the easiest way to the cloud from the inside.
Even high customers and stupid stations-which are widely used in severe security environments such as health care and financing-can grant attackers a foothold in broader systems, including cloud infrastructure and remote databases. Edward Snowden proved that while working at the National Security Agency, when he distributed 20,000 government documents stored on servers at the headquarters of the National Security Agency, 5,000 miles. He did this without using any advanced technique. Although this happened in 2013, and the National Security Agency has long updated material safety protocols, the risks are related today as they were at that time.
While most high customers are now protected by multiple layers of safety, including encryption and multi -factor authentication, these solutions alone cannot protect against material settlement. If the attacker gets the station – perhaps via social engineering – they may be able to bargain with it using unauthorized peripheral devices or by processing the fixed programs of the device directly. This can allow them to access the broader network, which may allow the injection of customized malware that is not discovered by regular security surveying operations.
The Internet of Things devices are another major cause behind the expansion of the attack surfaces. They often lack sufficient security, giving the attackers a possible entry point in the broader computing infrastructure they are associated with. The fact that these connected technologies are brought up collectively in areas such as smart cities, critical infrastructure and transportation networks, largely lead to an increase in these gaps.
Ultimately, if the attacker is able to overcome your material guarantees, these connected systems represent much easier paths of the so -called “crown jewels” from the organization instead of trying to penetrate the multi -layer cloud defenses.
Cloud data is not always the real goal
In other cases, the data hosted in the cloud may not be the ultimate goal of the attacker. Many companies, such as those subject to strict data accommodation systems or that require a high performance of applications in actual time, stores their data on local servers.
Some of these systems are covered with air, which means they are completely separate from any other networks, including the Internet itself. Although it is safer than any host servant, at least in theory, their security cannot be considered a foregone. For example, anyone with physical access to the servers may be able to bargain with them, either harmful or accidentally.
Physical security, such as CCTV and biometric security inspection points, are no less important than such cases. But it is not only a matter of protection from deliberate physical absurdity. The indirect attacks by highly skilled social engineers can disappoint those who are reassured to take desirable action – such as lending to a biometric safety card.
These are not a kind of opponents who usually work via e -mail or use Amnesty International to expand their attacks – they are more popular in deceiving someone personally, an old tactic that has provided humanity itself. In fact, the attacker can be any person, like a former, indignant employee, an infiltrator who works in the interest of a competing company or even a rogue country.
Black the gap between digital and humanitarian security
Technology alone cannot protect an institution from countless threats, and human beings cannot keep pace with the records of the widely broad system and safety information if they depend only on manual processes.
The fact is that you need both, starting with people and using technology to expand their capabilities. A seat strategy must usually start with the closure of material access to any data -holding system or system connected to another.
The next layer of defense is the human. This is deeply about security awareness training. But the fact is that many programs are ineffective, either because they lack practical application, excessively depend on general content or focus a lot on technical factors that go beyond the understanding of the target audience.
Hunting simulation is often limited in its scope, focusing on common magic such as common news topics, urgency or even explicit threats. However, the most advanced attackers tend to use thin ways to derive the response. This may be simple as sending messages about updating routine policy regarding the company's wearing materials or remote work instructions. These themes may seem trivial, but they can arouse attention, especially when it comes to changes in the daily routine, balance of work and life. The attackers can then use this to deceive the reassured victims to detect sensitive information by SHAM scanning.
Like any other security measure, material training and awareness training will not be effective unless it is tested regularly. This is the place where the Red Red team focuses. While the Red team focuses in the context of information technology on technical measures such as the penetration test, the Red Physical team is everything about trying to enter the registered regions and regulations. To do this, they may use a combination of social engineering attacks simulating and technology to penetrate material security systems. By trying to overcome physical security barriers or impersonating the personality of the employees, the red teams can reveal gaps that may pass without anyone noticing. This makes them an important part of any comprehensive information security program.
Continue reading
