17 Mar Nine Network Security Topics Grabbing Headlines in Q1 2020
The security landscape is getting more complex as threats like IoT device attacks, fileless malware, and non-email phishing attacks continue to rise. The cost of failing to protect against these attacks has never been higher. In fact, Ponemon’s recent Data Breach Report found that the average cost of a data breach is now a staggering $3.92 million per incident. As threat actors change their methods, experiment with new technologies, and try out new attack vectors, it can be difficult for organizations to keep up with the rapid pace of change. With that in mind, here are 9 security topics grabbing headlines that you should know about:
Zero Trust / Software-Defined Perimeter
The exact definition of these buzzwords changes depending on who you ask, but in general, they refer to a framework (and sometimes the set of products used to implement that framework) where users and devices are not trusted by default, even if they are inside the network perimeter. Instead of authenticating a user once and then giving them blanket access, in a zero-trust model users must authenticate every time they access a network service.
Many enterprises are interested in moving towards this model (thanks to the increase in remote workers and BYOD), but a lack of knowledge and mature products that offer the necessary capabilities are slowing them down. Read more about zero trust in BizTech Magazine, Dark Reading or check out the new NIST zero trust guidelines from March 2020.
Increased Government Spending for Network Security
The current administration’s budget proposal for 2021 includes $18.8 billion allocated for cybersecurity, with approximately $9 billion dedicated to civilian agencies for network security, protecting critical infrastructure and boosting the cybersecurity workforce. Read more about how this budget will be used in FCW.
Business IoT Security
IoT devices are used heavily in many types of businesses, from industrial IoT in factories and warehouses to smart lights and thermostats in offices. According to cybersecurity firm Kaspersky Labs, nearly a third of businesses with IoT devices suffered an attack on those devices in 2019. Keeping devices up to date, only using ones designed with security in mind, and analyzing network traffic to and from IoT devices can help keep businesses safe. Read more about IoT security in Tech Republic and Bruce Schneier’s blog, and check out the original Kaspersky Labs IoT report here.
Improving Cloud Security
The US National Security Agency updated its cloud security guidelines in March 2020. The revised document splits cloud vulnerabilities into four categories: misconfiguration of cloud resources, poor access controls (which can be improved by restricting access and implementing multi-factor authentication), supply chain vulnerabilities, and shared tenancy vulnerabilities (for example, when multiple containers sharing the same kernel are vulnerable to the same attack). The NSA divides responsibility for securing these vulnerabilities between cloud service providers and their customers. For example, it’s not AWS or Azure’s job to prevent misconfiguration of cloud resources – that falls on the cloud administrator at each customer.
Read the full NSA guidelines here, review a summary in Infosecurity Magazine, or dig into more cloud security guides from the Cloud Security Alliance (CSA) here to ensure you’re doing your part to keep your cloud deployments secure.
5G Security Concerns
The rollout of 5G cellular networks in the USA has security experts worried that it will cause an increase in the number of insecure connected devices. This increases the attack surface for individual customers as well as businesses, as well as providing more fuel for botnets. Unfortunately, the 5G rollout has so much momentum that there isn’t much to be done about this on a macro level, according to most experts. Read more about 5G security concerns, and possible government responses in Protocol.
Industrial Control System Security
Heightened tensions between the U.S. and Iran raised concerns that Iran will target U.S. infrastructure with cyberattacks in retaliation. A string of ransomware attacks targeting U.S. ICS systems throughout 2019 showed that these systems are vulnerable. Improving them should continue to be a major focus in 2020. Learn more about ICS malware strains like Ryuk and EKANS in Dark Reading and Infosecurity Magazine, and read some expert opinions on the US-Iran cyber standoff in IoT World Today.
Security Alert Fatigue
Security Operation Centers in major enterprises get hundreds or thousands of security alerts per day, increasing the risk that a crucial alert could be missed in the noise. Stories from Q1 showed that companies are paying more attention to this problem and how to solve it. Possible solutions include reducing the number of vendors used at a company, increasing collaboration between the security and networking teams, and even using centralized AI-based tools to cut down the number of security alerts. Read more about security alert fatigue and how to reduce it in Dark Reading and SDxCentral.
The growth of threats that won’t be caught by a traditional firewall (such as mobile device phishing or use of stolen credentials) plus research showing malware often remains undetected on networks for months has made more companies implement and improve threat hunting programs. Threat hunting is the process of proactively searching through networks to hunt for attacks that evade other security measures. Companies doing it regularly tend to have mature and well-resourced security organizations. Much of the current news is about how competent threat hunting programs can take their game to the next level, but it also includes useful insights for organizations starting to threat hunt for the first time.
Read about how Target reworked its threat hunting program by focusing on planning, setting strategy, and recording the findings from hunts in CSO Online, and about how the old “red team versus blue team” model is changing in Dark Reading.
Artificial Intelligence and Machine Learning
VentureBeat wrote a special issue dedicated to AI and security that covers everything from how security companies use AI to filter threats, to how attackers use it to automate malware delivery and evasion as much as possible, and even the possible security ramifications of deepfakes and synthetic media. Check it out on VentureBeat. Read more about how machine learning is changing application fuzzing on The Security Ledger, and the best use cases for AI in cybersecurity in MSSP Alert.
2020 is already seeing many advances on both the offensive and defensive sides of the security industry. Staying informed about the latest attacks, trends, and technologies – and having the right security strategy and toolset in place – is critical to understanding the security landscape. To learn more about Bricata can help your team increase network visibility and security, click here.