Cyberattack Complexity Requires Better Security
Cyber security professionals continue to face more challenges than ever before. Businesses and organizations now rely on complex networks of devices, and hackers are utilizing emerging technologies to launch subtle attacks. In light of these changes, predictions for the coming years suggest an aggressive and proactive approach to security is necessary to manage network access.
Increasing Cyberattack Complexity Should Prompt Better Security
News of major companies like Facebook falling victim to cybercrimes points to the need for improved security across industries. Data breaches continue to be a significant problem for companies and organizations of all sizes, and preventing incidents is becoming more complicated as hackers up the ante with newer, faster attack methods.
Threats are no longer limited to a handful of known viruses or malware programs. Proper security requires more than installing protective software and downloading updates as they become available. Modern attacks can happen rapidly and almost continually with automated processes designed to circumvent or breach existing security measures.
It’s becoming increasingly necessary to develop strategic responses in the face of this evolving threat landscape. Improved detection and faster responses are needed to protect critical assets and sensitive data from loss or theft, which requires businesses to make security a top priority.
Gartner Warns of Prevalence of Preventable Cyberattacks
Successful security begins with the management of known issues. According to Gartner, 99% of threats stem from vulnerabilities of which security and IT professionals are already aware. Fixing these vulnerabilities would remove the majority of targets for hackers, but many are ignored or left unmanaged for a year or more. During this time, networks remain open to attacks.
Shadow IT represents another ongoing problem. About 40% of all IT spending goes toward applications and tools not managed directly by IT departments. Without proper security coverage and management, shadow IT puts networks and data at risk. However, such applications can also improve efficiency and increase productivity, so companies may be better off developing policies to allow for flexibility and innovation while preserving security rather than attempting to ban shadow IT outright.
Companies are also dealing with constant changes and updates to internet of things (IoT) infrastructure. The number IoT devices continues to rise and already there is 24 billion connected devices requiring monitoring and management. Improved security is required to protect against the 25% of enterprise attacks which are expected to arise from IoT through the end of the coming year, and businesses would do well to put more of their security budgets toward improving access control.
IoT Threatens Healthcare Security
Healthcare organizations face similar problems with IoT, but threats have the potential to be much more devastating due to the nature of the connected devices and the information on which they rely. Over 90% of healthcare networks use medical IoT devices, and 76% of IT decision makers express confidence in device security.
However, there appears to be a lack of understanding regarding the true nature of the IoT landscape and related threats. Many medical devices weren’t originally designed to connect to or interact across vast, complex networks and remain vulnerable despite current security measures. Healthcare organizations need to gain better visibility across their networks and update security to address potential threats. Stronger identity management protocols are necessary to protect EHRs from unauthorized access and tampering. Without proper regulation of access, hackers using AI could conceivably change medical records without the knowledge of healthcare professionals, thus putting patients’ lives at risk by threatening the integrity of healthcare systems.
Google Points the Finger at Apple’s Security Flaw
The importance of tightening security was clearly displayed in a recent announcement by Google of vulnerabilities its Project Zero team discovered in versions 10 through 12 of Apple iOS. According to a series of blog posts, 14 total vulnerabilities gave hackers the ability to access stored credentials and certificates, monitor iPhone use, and bypass encryption to read messages. Photos and contacts could also be compromised and copied.
Although the Google team discovered these issues in February 2019, the information wasn’t revealed until August. Apple released patches and denied claims of widespread, general attacks, but Google asserted the vulnerabilities could allow hackers to breach nearly any iPhone via compromised websites. Although performing a factory reset on an infected phone would remove malicious software implants, hackers could still hold onto any data obtained before the implant was wiped.
It’s time for businesses and organizations to take a closer look at threats from both inside and outside their networks to identify, evaluate and address vulnerabilities using the latest security technologies. Education is a key part of the process, which makes close partnerships between business executives and IT professionals essential to the proper management and execution of the robust security programs required to thwart hackers’ techniques and protect against ongoing attacks.