Cyber Security: The Nuclear Race To Solving Issues We Still Need To Comprehend.
By Kris Seeburn
It is the year 1991, the world faces a new tendency: Interconnection and a whole world library opens up. Access to nearly everyone. But we had forgotten the realities of phone hacking in the old days. Actually, we did not, we had only watched them in movies. But in the older days it was government related hacks and a cat and mouse game between the bigger states in the world. We were still closer to the cold war. But the sudden revolution and W3C protocols and new insights. We were taken aback as everyone wanted a piece of it and a growing new challenge was also sitting together. Actually, we had opened Pandora’s box. But then again with it’s new coming of age the Internet was no longer a university or government project anymore. We have the real fathers of the internet to thank for that. In comparison and the need for data has grown and the global economy base was being built. The very foundations of how we see technology evolution today. Thanks to the internet the world really changed overnight and the new generations were just hooked as much as the old did.
In 1999, I was in an office with my ex-boss, we were sitting on a one on one basis. I was not troubled about the year 2000 bug. I was talking to one of the partners of Deloitte and I remember telling him, we were sitting at the brig of Information security which is practice was already an issue. But I remember telling him that advisory in the sense of Security from the internet interconnectivity was going to be prime. Today I look back and I can imagine only how much I was right then. It has not changed the least but actually the game continues between the cat and mouse.
2015 has gone down as a tipping point for how companies approach data security for years to come. Some of the biggest companies in nearly every major industry were breached during those last 12 months, including TalkTalk, Ashley Madison and Moonpig.
In fact, the latest Breach Level Index report had shown there were 888 data breaches in the first half of the year, compromising 246 million data records of customers’ personal and financial information worldwide.
In many cases, breaches resulted from security strategies dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring.
Ahead of the EU General Data Protection Regulation (GDPR) – which has created an obligation for European companies to adopt preventative security measures that lower the risks of data breaches and mitigate the consequences after an incident occurs- it was time to usher in a new era where businesses take a new approach to security that keeps valuable assets secure even when hostile intruders have penetrated the perimeter.
The first step for protecting sensitive information was keeping an eye on the latest developments in the cyber security space. The following are the five key trends that businesses had to look out for in 2016 but seems has not changed that much either in 2018.
Protected health information, personally identifiable information, and intellectual property data were to become the new oil: During the 19th century, there wasn’t a high level of demand for “rock oil.” However, as more uses were identified for various refinery by-products – including kerosene for lamps and gasoline for the budding automobile industry – demand grew and the economy around oil grew with it. Today, hackers are in a similar “Wild West” environment. They are collecting massive amounts of data – from Social Security and credit card numbers to healthcare records – with the intent of figuring out its best uses at a later date. They’re no longer just targeting data for its immediate value, but instead are intent with its eventual value that will come from repurposing stolen data for future attacks.
Data integrity attacks was to be the new treasure trove for hackers: Today’s connected world constantly generates mounds of data that businesses, industry professionals and analysts use to drive decisions, make projections, issue forecasts and more. Experienced attackers can take seemingly invisible actions to turn “good data” into “bad data” which, over time, can lower or raise the prices of stocks, enabling hackers to earn high dividends. When it comes to entire industries – agriculture, for example – yield projections can be manipulated and hackers can seize investment opportunities based on erroneous data. What’s more, corrupt data can force poor corporate decision-making and take down a company.
Companies were to continue to struggle with cyber security: Organisations worldwide are still and continuing to try to understand their legal and insurance needs due to seemingly ongoing data breaches and will continue to struggle with misaligned or missing technical expertise around their security strategies. Simply put, many businesses will still have trouble understanding the data that they should be protecting, where it is, and how to defend it.
Two-factor authentication were to become the new normal: Due to the ongoing trend of password insecurity. More and more businesses will come to the realisation that passwords are not secure, no matter how complicated or clever we think them to be. Making them more complex, as per the stern instructions we receive when setting up our countless personal and professional accounts, only really helps to prevent an amateur intruder from guessing the password. It does not stop a sophisticated attacker from viewing the password as you type it in, no matter how many different alphanumeric characters it contains.
APIs to become an attack vector capable of delivering the “motherlode” of stolen data to thieves: When an application programme interface (API) is breached, hackers can gain easy access to encryption keys. A compromised API – even for an encryption-protected application – would expose data from all users, throwing the doors open to sensitive information most prized by hackers at countless companies. In short, when an API is successfully targeted, all the application traffic “under it” could be available.
So what steps can businesses take to protect themselves – and their data – in 2016? Organisations need to be continually vigilant and take a multi-layered, dynamic approach to data security which will allow them to be safe in the knowledge that their sensitive information is protected, whether or not a breach occurs.
Only those that had adopted a ‘secure breach’ approach, consisting of a combination of strong authentication, data encryption and key management, were to be able to be confident that data is useless should it fall into unauthorised hands. Actually the work still being undertaken in particle physics or quantum theory are evolving but not at the speed that the internet went on with development and the number of innovations it brought about for each and every vertical in the industry.
However, It can be easy to lose sight of the innovation in the cybersecurity industry amid frequent news about breaches and increasingly sophisticated hackers. The reality is that many promising innovations are gaining traction and is really changing the way enterprises conduct business. And people believe me keep an eye and an even closer look as to how these technologies, will keep challenging us all the way through. But I am sure there will be more coming out of these. New and inherent numbers of new techs and ideas will spring up. Whilst we were still catching up with the very essence of Secure by design, other layers are challenging the security gurus’. Actually not quite because the business and many organisations are the ones challenged. It is actually an interesting watch. Don’t take me wrong, The same happened a few years back, when I created my original Master’s Programme in Computer Security and Forensics. I had seen far more further and I had AI amongst the modules. This had proven me right again and again. I had Information warfare and so many revolutionary modules. They seemed new concepts when they were already old stuff to my personal knowledge. Anyway so let us look at some key techs that will keep us on our toes.
Blockchain
Many people have heard of bitcoin, a digital cryptocurrency that creates new options for payments and transactions. Fewer people, however, know about its underlying technology: blockchain. Blockchains are shared, tamperproof, peer-to-peer digital ledgers that enable a single, global version of transaction truth.-
Some of the biggest banks, along with technology companies and other firms—including PwC, are making significant investments in research and development to see how they can harness blockchain. These efforts could transform many aspects of business, including how people implement security. Historically, the mainstream cybersecurity philosophy was to build a perimeter wall to keep out intruders. Blockchains could make the perimeter irrelevant by ensuring the integrity of a given network. The use of blockchains is akin to securing the metaphorical veins and arteries of the digital world to ensure the health of the body that is the network.
Blockchains, once developed, have the potential to solve many of the security problems that financial institutions face. The transaction-level cryptographic control associated with blockchains could also extend to manufacturing, pharmaceuticals, the transportation industry, or any sector that makes important products that need to be secure. Blockchains could be particularly valuable for supply-chain security, which is a key priority for manufacturers and the U.S. Defense Department. Blockchain-based technologies could eventually become the backbone for all collaboration and communication that must occur in these industries.
Cloud security
Another significant shift is businesses moving their data, applications, and infrastructure to the cloud for enhanced security. Hackers prove again and again that the on-premises data infrastructures used by many businesses are difficult to secure. The most recent high-profile examples are the string of cyberattacks on hospitals across the United States. By moving their digital operations off the premises to be managed by companies that are experts in cloud infrastructure and security, businesses can greatly improve the safety of their data and gain many other benefits, including insight about customers.
This shift will be a genuine one in thinking about how businesses operate and keep data safe, since most people consider company data to be most secure when stored in a physical building owned or operated by the business.
Machine learning
Artificial intelligence previously occupied the realm of science fiction, but is now a mainstay in helping businesses better secure themselves. As computing power increases and machine learning becomes more advanced, ever more powerful analytics tools can help forecast where hackers might strike next.
If a company can predict where an attack might focus in the future, it can better prepare for a possible cyberattack and ideally deflect it. When used in concert with advanced authentication and encryption techniques, analytics can provide businesses with formidable tools to help keep their data safe.
Advanced authentication
Passwords have passed their sell-by date. Increasingly, organizations are adopting multifactor authentication across a range of transactions, not just highly sensitive ones. The concept is simple: After entering a username and password, or the first factor of identification, the user would receive a text message on their mobile device with a code to enter (the second factor) to confirm that they are in fact logging in. This approach serves the dual purpose of making an individual’s account more secure and providing a way to notify someone of unauthorized use of their credentials.
Other kinds of second-factor identification include a pattern that a user must enter, an access card or fob, or biometric information such as a fingerprint or an iris scan. Additionally, having systems automatically reset themselves after failed login attempts can go a long way toward improving the safety of a company’s systems.
While not perfect, advanced authentication significantly helps bolster data security. This type of technology largely was the province of government systems, and then financial institutions adopted it. Now multifactor authentication has extended to social media accounts, and broader adoption can be expected in the future.
Built-in encryption
Encryption, the process of encoding messages or information, is not a new technology, but it hasn’t been widely used beyond military operations and government agencies until recent years.
In the past year, encryption has become almost standard in many communications platforms, such as Gmail, messaging applications like WhatsApp, and—most famously—iPhone devices. Widespread use of encryption will make life harder for hackers; even if information is stolen, it can be worthless to a cybercriminal if it is inaccessible.
Last year, for example, messaging company WhatsApp encrypted all messages for its 1 billion users such that only the sender and recipient can view the content. If all businesses did the same for the data on their servers, the added difficulty of decrypting the information could dissuade cybercriminals from taking it in the first place, particularly if a hacker must crack a system that has advanced authentication practices in place.
So, rather than waiting with the lights turned off and hoping for the best, organizations are increasingly recognizing and should continue to recognize inherently, the value of taking proactive steps toward building a more secure network and identifying cyber threats, building security operations centers, purchasing threat detection technologies, and creating cyber threat intelligence programs that incorporate threat data feeds and help to identify and prevent attacks before they happen. Recent research produced by ESG, a technology consulting group, shows that although about 38 percent of organizations have now had a cyber threat intelligence program in place for between two and five years, many of those organizations still struggle to act upon threat intelligence quickly and consistently.
In fact, among the cybersecurity professionals that ESG surveyed, nearly three quarters said that their work had become more difficult over the past two years. Even in an ideal scenario, the work of a security analyst demands focus and expertise, as well as comfort with ambiguity and incomplete information. But as the need for knowledgeable cybersecurity professionals rapidly grows in a world that increasingly relies on digital systems to function, one thing has become clear: the work simply does not scale.
Why the Work Is Harder
The dangerous threat landscape. Many of the largest and most damaging cyberattacks in the past few years have been state sponsored — attacks being carried out by teams that literally have the resources and training of an entire government at their disposal. But even attacks that come from private sources have grown in sophistication in recent times. Threat actors rely not only on new exploits, but also social engineering attacks, which presents a growing concern in an era where we happily share significant parts of our lives on the internet without a degree of caution about what personal information can be taken advantage of by those who can do us harm.
The growing volume of security alerts. Many organizations build their cyber threat intelligence programs on top of various other tools and continue to rely on manual processes to capture and interpret data. As the amount of data grows, tasks like these can become exhausting and overwhelming for security analysts — so much so that less than half of threat responders say they even relied on threat data when taking action, and only about a quarter said they used that data effectively. Too many alerts without context leads to problems like false positives and missed alerts. As an organization grows, the number of alerts should, reasonably, also be expected to grow, but it happens at a scale too great for humans to handle on their own.
The cybersecurity skills shortage. Perhaps the largest issue for organizations that are scaling up but still rely heavily on manual processes for their cybersecurity programs is a lack of manpower. ESG’s research indicates that over half of organizations believe they have a “problematic shortage” of skilled professionals, leading to an increasing workload for the current staff, junior employees being hired for positions that demand experience, and too much time spent on crisis remediation rather than training (some two thirds of professionals say they are too busy to keep up with skills development and training). This has created such a large demand for skilled professionals that one study found nearly half of all cybersecurity professionals were solicited to consider a new job at least once a week. In some industries, like healthcare, the proportion is closer to two thirds.
Smart Solutions
Of those three problems, one cannot be directly solved by any one organization: as long as it is profitable for threat actors to carry out attacks, the threat landscape will continue to grow increasingly dangerous. But the problem of a shortage of skills in the industry, as well as the growing number of alerts, can both be mitigated through the use of automated threat intelligence solutions.
As long as they continue to process and analyze threat feeds manually, there will never be enough trained professionals to deal with the volume of data that analysts must deal with today.
Many threat data feeds are free and publicly available — but they also only draw on publicly available sources themselves. Public data provides only a limited perspective. Threat intelligence solutions should also source from commercial and industry threat feeds, other closed sources like forums on the dark web, reports, and more. It is also important that they seamlessly integrate this data with your organization’s internal data and intelligence.
A threat intelligence solution should turn this data into something applicable for multiple use cases within your organization — something that not only security analysts but threat hunters, incident responders, risk managers, and so on, can quickly apply to their needs. That takes technology that can take raw data and provide context through comparison to previous sets of data and keep it all in one place so that the different teams in your organization can communicate more easily.
When each organization’s needs are different and use cases within an organization can vary, it becomes important to be able to filter, sort, share, and add custom notes to the same threat intelligence. A threat intelligence solution should be able to have things like whitelists, blacklists, and risk scores that are relevant to the work your organization does, rather than derived from a more general list of threats.
Threat intelligence solutions should automate processes that are scaling faster than humans can keep up with — namely, the collection and filtering of data. Advanced solutions rely on natural language processing and vertical search algorithms to get the right data and present it in a way that cuts down the number of false positives and prioritizes the alerts that actually matter.
One of the reasons that security analysts continue to be overworked is because their cybersecurity platforms are built piecemeal from technologies that do not always work well together. Threat intelligence solutions should integrate with security information and event management (SIEM) tools, incident response platforms, trouble ticketing systems, and the other aspects of a network’s security infrastructure, like firewalls, web threat gateways, and so on.
Ultimately, threat intelligence analysis is a skill that demands a level of expertise beyond what many organizations have, or else skilled professionals would not be in such high demand. Many threat intelligence vendors provide not only automated solutions, but also skilled support staff that are able to provide expert human analysis as well.
Automation is not a panacea. The future of threat intelligence is not one of man versus machine — rather, the most effective team is one that pairs humans with machines, playing on the strengths of both.
This truth has already been realized in many fields — for example, the strongest chess “player” is not a machine (and since 1997, when IBM’s Deep Blue supercomputer defeated world champion Garry Kasparov, it hasn’t been a human), but a man-machine combination. Chess experts have found that this pairing, which combines a human’s intuition, ability to read an opponent, and creative inspiration, with a computer’s brute-force ability to memorize and predict moves countless turns in advance, produces the strongest results. This format, called “freestyle” or sometimes “centaur chess,” allows even amateur players — assisted by computers — to compete with chess grandmasters. But it also makes a professional into an even more formidable opponent. In fact, Garry Kasparov was among the first to advocate for this new style of play.
The lessons from freestyle chess are broadly applicable to any field where artificial intelligence is useful. Automated data collection, filtering, and sorting allows less experienced cybersecurity professionals to spend more time building their skills instead of exhausting themselves working on laborious processes, and the extra information they are provided will reduce the amount of guesswork they have to do. And for members of your organization with more experience, automation will give them the freedom to focus on more skill-intensive pursuits like threat hunting and deeper analysis.
A well-functioning threat intelligence solution will give cybersecurity professionals the ability to see countless moves ahead; the organizations without such a solution, by contrast, are playing blindfolded.
Let us just recognize that, Cybercrime has now become a business which exceeds a trillion dollars a year in online fraud, identity theft, and lost intellectual property, affecting millions of people around the world, as well as countless businesses and the Governments of every nation.
The role of economic disparities between nations and the fact that developing countries do not have sufficient capacity to combat cyber attacks and cybercrime, and its global threat to cyberpeace. The lack of partnership between developed and developing countries could generate “safe havens”, where cyber criminals can make use of the legal loopholes, and the lack of strong security measures present sometimes in developing countries to perpetrate cybercrimes. And it is happening beyond any doubts and will continue to be same for quite some time. The reason is that there is no concerted effort and everyone wants to prove their power and ability that we are really losing the picture. Anyone with a good enough knowledge and sitting under the internet top layer, which we call the Darkweb is really an underground but accessible space. But this is something you need to be good at.
We must arm our kids with the tools, when they take their first step and click in the cyberworld… Peer to peer and teaching is the best form of advocacy. UN is proposing the need for a future global convention to develop strategies including the possibility of building upon the Budapest Convention, an international treaty seeking to harmonize national criminal laws of computer crimes such as copyright infringement, fraud, child pornography, hate crimes and breaches of network security.
We have to agree that cybersecurity is a global issue that can only be solved through global partnership. It affects all of our organizations and also our families and honestly I would want to see how nations bring its strategic and analytic capabilities to address these issues. But, again I would say hats off to EU for a bold move into GDPR. It was long time past. Perhaps being all Naïve to the reality is what brought us here. Let’s watch and see how things goes. We are yet to see the reality of everything. The training we have today is to my knowledge good but not enough to get the right awareness and a set the certifieds in on the right track. Security as a whole demands an updated and innovative mind. Be aware before it happens. When you build your infrastructure not only do you need to ensure you have the assets right but understand the related risks that stands in your way. The problem with academia and business and or training is that we have a communications issue. We certainly need to ensure those professionals we are looking for know how to communicate and talk the same language. But that is only part of the problem. There is more to it, than what we can only see.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official position of the African Academic Network on Internet Policy.
