Myths and Realities of Cybersecurity
One fact that seems to be bothering all those in the tech-world is how cybercriminals have continued to stay a step ahead of security experts. From a conference held recently by the association of Luxembourg Funds Industry, all the attendees came to the realization that more than 60% of the attacks recorded in the past took just a few hours to execute. To make matters worse, a whopping 62% of the incidents took several months before they could be discovered. A closer look at the statistical timeframes, implies that hackers are better positioned to execute the intended damage. Most organizations have it in their attention that the risks of cyber-attacks are always increasing and no one knows when they may end up being the victims.
Information security practitioners are the ones taking more heat due to the high expectations from the respective companies and industries that they work with. There are specific sectors such as those concerned with assets management. They fall under the category of interesting targets considering the high-net-worth associated with such firms. The strategy applied by hackers for such cases is simple; follow what is valuable. Accompanying such kind of attacks are negative repercussions which translate to undesirable positions. Ranging from the reputational risks to loss of crucial data, are just a few outcomes of successful hacking operations.
However, there are ironic aspects that come with most cases of cybersecurity. Of key interest is the fact that the vulnerabilities are more on the user end and not the software or the hardware part.[1] The human element has always been the weakest link. This justifies the moves which are being made by the organization at the moment. Businesses are looking at ways to constantly train their staff to ensure that they remain informed of the forms and types of attacks which may lead to a data breach. Having the that in mind, there are also myths and realities that have to be highlighted considering that cybersecurity is not just an issue but a concern.
Myths
Cloud security is a misnomer, is the first myth prevalent across cyberspace. The cloud concept has been around for a while just as internet security has been. It is also independent of the levels of security which is made up of both the unsecured and secure uses. The major concept which has managed to bring out better scrutiny accompanied by varying levels of security is commoditization. However, how secure they are, is dependent on the standard and security measures in place for each of the levels and not the type of cloud being utilized[2].
The second common myth is the perception that security innovation is too risky. It has always been clear that security budgets are not always in line with the amount of risk. It is also still important to take advantage of any new innovations which are likely to be beneficial. Take for example ad-hoc stacks and protocol security extensions which come with a series of benefits. This is a clear indication that most of the innovations that have emerged in the past and have gone through successful implementations have led to more secure operational environments. Another example is DNSSEC which has completely altered the authentication mechanisms of domain name systems.
The third myth is the belief that Ubiquitous high-grade encryption is the only solution. The most outstanding attribute of modern computer technology is the fact that it has reached a point where only high-grade encryption is the order of the day. Statistics show that crypto-side channel and brute-force attacks are reducing while shifting attention to opportunistic exploitation. Brute-Force is mostly automated and targeted while side-channel is executed on the basis of any data gained upon implementation and not from design flaws. The major focus now should be shifted to measures to authenticate the various encryption methods and also auditable enforcement.
Realities of Cybersecurity
Realities are also dominant and known to the public domain. The first reality is the fact that of all the attacks witnessed over the last two years, multi-vector-attacks and reflection made up a larger portion. Based on a security report released by a content network delivery provider, Akamai, close to 56% of all the DDoS attacks that have been successfully mitigated were multi-vectored. This is basically pointing to the fact that the attacks simultaneously targeted multiple vulnerability layers. The other which is a sector-based utilized either services or systems meant for testing systems’ resilience and targeted mostly those in the gaming and the financial sectors.
The second reality of cybersecurity is that perimeter complacency has been increasing consistently. The past few years has been characterized by ever-increasing multi-tenanted clouds. They all have a global footprint and companies are looking into ways with which they can put greater focus on their internal networks (DMZ Security). The main focus here is all about undermining any internal risk which may rear its ugly head. This is attributed to the recent figures that attribute most successful attacks to either unenforced security or non-comprehensive policies which are all from the inside of an organization.
The third reality in line with cybersecurity is the need for the collective defense to enhance security. DDoS attacks are becoming more prevalent and seem to be well funded, unlike conventional techniques[3]. Security measures in place have been rendered inefficient begging the need for an organization to adopt open system interconnection (OSI) approach[4]. The granular model approach to security is further complemented by other production techniques such as innovation, proactive threat intelligence and comprehensive analytics research. This is basically championing for consistent protocols cutting across both software and hardware which reinforces the existing security measures.
Overall, the myths and realities bring out a more precise picture of the current security landscape. It also further highlights how this is a high-tech endeavor with significantly high stakes. This is a realization that calls for more comprehensive approaches backed by consistent standards. Furthermore, weak links where for this case is the users should be brought on board to ensure that they are challenged to play their roles accordingly.
References
Gorman, Patrick. “Five third-party cybersecurity myths.” Risk Management 63, no. 9 (2016): 16.
Norris, Donald F., Laura Mateczun, Anupam Joshi, and Timothy Finin. “Cybersecurity Challenges to American Local Governments.” In The Proceedings of 17th European Conference on Digital Government ECDG 2017, p. 110. 2017.
Dunn, Myriam Anna. Cyber-security and threat politics: US efforts to secure the information age. Routledge, 2007.
Byres, Eric, and Justin Lowe. “The myths and facts behind cyber security risks for industrial control systems.” In Proceedings of the VDE Kongress, vol. 116, pp. 213-218. 2004.
[1] Gorman, Patrick. “Five third-party cybersecurity myths.” Risk Management 63, no. 9 (2016): 16.
[2] Norris, Donald F., Laura Mateczun, Anupam Joshi, and Timothy Finin. “Cybersecurity Challenges to American Local Governments.” In The Proceedings of 17th European Conference on Digital Government ECDG 2017, p. 110. 2017.
[3] Dunn, Myriam Anna. Cyber-security and threat politics: US efforts to secure the information age. Routledge, 2007
[4] Byres, Eric, and Justin Lowe. “The myths and facts behind cyber security risks for industrial control systems.” In Proceedings of the VDE Kongress, vol. 116, pp. 213-218. 2004.
