Mid-Year Review: Industry Perspective Part 2

From the Capital One breach that exposed 106 million customer’s data to the theft of photos, driver’s license numbers and other information from the U.S. Customs and Border Patrol to the proliferation of malware that takes over host computers for crypto currency mining, 2019 has already been an eventful year in cybersecurity.

We saw that while hackers’ technology has grown ever more sophisticated, much of the risk still comes from lower technology (such as legacy systems) and human factors—poor password hygiene, poor email procedures, and a willingness to trust outsiders.

And finally, we are beginning to see the ability to hack spreading to a wider pool of malefactors as the market for hacking-as-as-service has emerged. This is enabling individuals and malevolent organizations with no special cybercrime skills to purchase these capabilities on the web.

Just past the year’s mid-point, we take stock of major events, trends, and new products that have emerged in 2019, so far, and look at how our industry is likely to evolve in the months and years to come.

2019 So Far in Review

The most compelling cybersecurity trends from the year to date include:

Cryptojacking. It takes massive computer power to mine cryptocurrency effectively, and in 2019, we saw increasing activity by criminal organizations to steal that capacity from unsuspecting victims through malware attacks. Often these attacks are combined with ransomware. In this scenario, the criminal uses your computers now, and if you pay the ransom perhaps—not definitely—you’ll get the use of them and your data back. In some cases, criminal organizations are exploiting weaknesses in their competitors’ malware to commandeer already compromised computers to their own benefit. One U.K. survey found that nearly one-third (30%) of the 750 IT organizations they surveyed had been victims of a cryptojacking attack.

Insider threats:  A very large proportion of criminal hacks succeed because of human vulnerabilities, including social engineering, insider threats and credential, or password theft. These are hard to protect against since insiders (and criminals posing as them by stealing their credentials) have legitimate reasons to access data.

Detection based on AI and machine learning: Cybersecurity firms are increasingly using AI and machine learning to train systems to recognize anomalies that indicate data compromises. Unfortunately, cybercriminals are also employing machine learning tools in an ever-escalating technology arms race in which hacks and protections against hacks are evolving faster than ever.

The assumed breach mentality: The question is not whether you’ll be breached but when. Adapting to this mindset and structuring your cyber-defenses around how to recognize threats quickly and minimize damages is critical to cybersecurity.

The human factor in data loss: Employees continue to be the weak link in an organization’s defenses, whether by responding to phishing emails, using easily hacked passwords and failing to change them regularly, letting unauthorized people use their devices, or even just hitting the dreaded “reply all” button on sensitive emails.

The age of hacking-as-a-service: We often think of hacking as a specialized crime executed by highly skilled criminals who are experts in cybersecurity vulnerabilities, but increasingly anyone can purchase hacking capabilities on the black market. The availability of off-the-shelf Trojans or other viruses enable attackers to destroy or hijack infrastructure quickly.

Cloud-based vulnerabilities: As more workloads and applications move to the cloud, there are a lot of new technologies and micro services (AWS, GCP, Azure) that are used, each with their own individual learning curves and security controls. Maintaining a good security posture in an environment of competing platforms will be difficult.

The Year’s Biggest Attack

The Capital One breach, reported in April 2019, exposed 106 million credit card applications, compromising bank customers’ names, addresses, phone numbers, birth dates and 140,000 social security numbers. It was one of the largest attacks on a financial services firm ever, and it highlights the danger of insider threats.

The Capital One cyberevent also demonstrates how rapid movement to new cloud-based cybersecurity technologies can create unexpected vulnerabilities. Publicly accessible web applications can identify unsecured Amazon S3 buckets and misconfigured cloud services. Online services including haveibeenpwned.com can search individual email addresses to see if they have been involved in breaches. Because most people use the same password for multiple sites, hackers who obtain credentials for one site can often access others as well.

Looking Ahead to the Second Half of 2019

Many of the trends we observed in early 2019 will continue. For instance, the human element of cyber protection will remain critical as organizations seek to protect their data from accidental or intentional exposure. Educating employees about phishing, instituting strong password policies and developing mature security programs will be just as important as high-tech defense countermeasures. Companies will also continue to adapt to new technologies and platforms, developing new tactics, techniques, and procedures (TTPs) to secure their workloads in the cloud.

We are also seeing an upsurge in SQL injection attacks. These are relatively low-tech breaches, in which adversaries insert arbitrary SQL code into a database query to gain control over web applications like order forms or information requests. Fortunately, these attacks are easy to protect against by using prepared statements, parameterized queries, and stored procedures, as well as by managing privileges carefully.

And finally, the speed and frequency of attacks will continue to demand constant vigilance. In this age of social media, compromise can occur in seconds. The threat landscape is always changing, and new attack techniques emerge all the time. To stay protected in this environment, organizations need to provide regular, consistent employee security training that keeps people alert and aware of emerging threats.

Growth of the Industry

The cybersecurity industry changes constantly as new threats surface and new ways to protect data are developed. Armor evolves just as fast, seeking to stay a step ahead of our clients’ cyber-adversaries to keep their systems and data safe.

We stay on top of emerging trends and threats in part by exchanging data with clients.

We also provide the technology to react and respond quickly—whether your data is onsite, in the cloud, or in some mix of the two. Our automated threat detection and remediation can find issues more rapidly than any internal systems can, because we use sophisticated AI and machine-learning technology to spot anomalies. In a world where the question is not if but when you’ll experience a breach, fast response is essential. We help you identify and repair problems before they become an issue for your customers and your brand.

Cybersecurity works best when all parties are informed and aware of emerging threats and trends. We help our clients stay up to date on industry developments by posting blogs on a regular basis. You can also learn a lot by following industry leaders in traditional media, social media and reading trade publications. IT professionals can pursue continuing education in security issues; AWS, for instance, offers certifications in infrastructure and security.

The important thing is to extend training and awareness to all levels of your organization. Security training should be a regular, consistent part of your operations. Even with the most sophisticated technology in the world, human beings will always be a vulnerability, especially if they’re not trained properly.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals