Some industry experts highlight the unique cybersecurity needs of cloud-based operations, noting that protecting sensitive data is different from traditional on-premises networks. While emerging technologies haven’t changed the ongoing battle between cybersecurity professionals and criminals, they have raised the stakes, making the fight more complex.
Today, we are faced with sophisticated and well-funded cybercriminals who use advanced tools that go far beyond those of the average hacker in the past. To continue to grow businesses and create opportunities, we must keep up with new technologies to avoid these threats.
The race to integrate advanced technologies
Businesses need to remember that emerging technologies aren’t just for honest use. Sophisticated cybercriminals are also looking for ways to manipulate emerging technologies to steal your digital assets. From dropping malware threads into a software company’s update to social engineering, keyboard-tapping criminals in foreign lands are also finding ways to exploit the latest innovations. The question is whether we can outsmart them in the following ways.
Quantum computers threaten encryption
A team of Chinese researchers demonstrated that quantum computers could have systems in place in January 2023, and the nascent technology is still advancing. While some experts believe it will be a few more years before quantum computers can solve advanced algorithms quickly and efficiently, the writing on the wall is now symbolic.
As with any innovation, this technology is expected to become more accessible and will be exploited by criminals for illicit gain. Some predict that advanced persistent threats will use quantum computers to crack the elliptic curve cryptography (ECC) algorithms used by Rivest-Shamir-Adleman (RSA) in financial transactions.
To combat this threat, organizations need to start investing in quantum-resistant encryption solutions. The National Institute of Standards and Technology recently released a final set of encryption tools designed to withstand quantum computer attacks, and companies need to start using them.
Eliminate human error in two-factor authentication
The MGM Resorts cyberattack didn’t get the national attention it deserved, despite the $100 million in damage and the fact that a group of Gen Zers wreaked havoc on a Las Vegas casino. The incident has become a lesson in cybersecurity circles, as a hacking group called Scattered Spiders reportedly managed to bypass two-factor authentication.
These criminals used a variety of techniques, including social engineering. A help desk employee was tricked into providing login information to someone the employee believed was part of the leadership team. The security mechanism was supposed to be two-factor authentication. But the swarming spiders bombarded the legitimate user with messages, prompting the actual employee to click “OK.” Under the relentless barrage of approval requests, human error cost the organization millions of dollars.
In the wake of this disaster, additional cybersecurity awareness training has become critical. Some decision makers are now outsourcing the tasks to managed IT companies with cybersecurity expertise. Others are adding regular training and adding two-factor authentication to multi-factor authentication. One critical defense is adding biometric authentication.
Developments in Zero Trust Engineering
According to Gartner, 62% of organizations worldwide have already implemented some form of zero trust cybersecurity. More than three-quarters of those surveyed for forward-looking cybersecurity measures indicated that it did not exceed 25% of their total cybersecurity budget. Since zero trust remains one of the most innovative ideas when it comes to data protection, business leaders would do well to consider the shift. Here are some of the reasons and developments in zero trust cybersecurity.
Artificial Intelligence and Machine Learning: These technologies play a crucial role in detecting subtle anomalies. They can be programmed to notice even the slightest differences in how legitimate network users navigate the system. These aspects help in detecting external and internal threats in real-time. Micro-segmentation: Micro-segmentation in the cloud allows organizations to segment data based on type, value, and sensitivity. Advances in tools like segmentation firewalls, among others, are enhancing an already comprehensive approach to data security. Endpoint Security: Along with the ability to scan authorized devices and only allow them to log on to the corporate network, geolocation tools are now available. Geolocation identifies the location of any device connected to the internet. Thought leaders are now installing this defense to ward off savvy cybercriminals who disguise their laptops as authorized devices.
The proactive thinking behind zero trust architecture takes into account the next steps that digital thieves might take. This approach stands in stark contrast to the old thinking behind remediation models.
Big strides in cybersecurity for the Internet of Things
The use of handheld sensors and other IoT devices continues to skyrocket, and hackers are well aware of this trend. Bad guys have designed botnets to infiltrate IoT devices that are seen as weak links. In addition to decommissioning old devices that can’t provide adequate defenses, cybersecurity experts are calling for measures like the following.
Integrate voice command technology, attach multi-factor authentication, install the latest enterprise-level antivirus and firewalls, and add lock screen metrics.
One of the reasons even casual hackers exploit vulnerabilities in the IoT is poor device management. There is a perception that IoT products are useful and not necessarily connected to other areas of the system. Nothing could be further from the truth. These useful elements should be recognized as part of the overall attack surface.
Continuous monitoring tools
While you may be asleep and think your corporate network has been taken down, hackers around the world are awake. They are targeting organizations with weak cybersecurity defenses, and they are taking the path of least resistance to carry out a heist. If no one is looking after the store, business owners and key stakeholders may suddenly wake up in the morning.
That’s why more civil society organizations are calling for continuous cybersecurity monitoring and detection. Advances in AI and machine learning technologies have greatly enhanced the ability to detect and repel threats. Alerts are triggered when a foreign or internal threat attempts to breach an area containing intellectual property, financial records, or personal identity information. It’s not uncommon for an organization to work with a cybersecurity provider who is on call around the clock to ensure any threat is contained and eliminated immediately. Machine learning and AI threat detection act as an ever-present sentinel.
The future of cybersecurity is now
Business owners and senior management teams need to understand that responding to cyberattacks after they happen can result in millions of dollars in losses and significant reputational damage. For the most part, you are responsible for the sensitive and confidential information of employees and industry partners. When a cybercriminal breaches your network, a wide range of people and organizations also suffer losses. By working with a cybersecurity firm that focuses on emerging technologies and how to deploy them now, you can be prepared when hackers discover a workaround to commonly used defenses.
The views expressed in this article belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
