Written by: Gábor Marosvári, Product marketing lead, Balasys
In the past year, COVID-19 has had a greater impact on work habits and security environments than any other health emergency in history.
In the past year, COVID-19 has had a greater impact on work habits and security environments than any other health emergency in history. The upcoming years will undoubtedly have their challenges, but organizations that are aware of these risks and take steps to mitigate their impact will be well-positioned to secure their future growth.
There will unquestionably be a reaction to the recent Solarwinds attack. But what will happen in the case of other cyber conflicts? As of now, more than 50 states have offensive cyber warfare capabilities. In the 2010s, experts said that there was a hidden war in cyberspace. In the 2020s, we predict that this war will become visible to the public, and that the superpowers positioning themselves in the cyberspace will cause negative effects for us all.
COVID-19 has caused a 15% rise in the number of social media users, with almost 5 billion people using the internet on a daily base. We can predict an additional 1 billion people to log on this decade. This is a massive number of potential victims for cybercriminals, who have already started to use automatization to reach their targets more effectively. AI-based attacks such as deep fake or chatbots will also be used widely to support health and cryptocurrency-related frauds, phishing, and ransomware, which have already skyrocketed.
Returning to Solarwinds, the hack was an indication of how vulnerable we are to supply chain attacks. But what might happen if the operational security of the attacker is not as professional as it was in this case? What if something goes wrong and starts a domino effect, including the massive outage of critical infrastructures? We predict that in parallel with the militarization of cyberspace, cyber operations will cause death in the physical space due to mistakes from hackers who have not accounted for the effects on supply chains.
Even if the pandemic ends this year, the home office will be here to stay. In addition to its unquestionable benefits, however, working from home also carries several risks. The legitimate demand for accessing company resources through the internet has dramatically increased. This has resulted in the introduction or extension of virtual private networks, remote access and cloud solutions, often in a hurry. It represents a completely new or increased threat surface for many companies, where not only the technology or the service, but also the client side can be attacked, something which is much harder to defend against.
Traditional phishing techniques, such as social engineering, will remain among the most effective attack methods. Caused by social distancing, separation from colleagues causes information validation challenges, and uncertainty always facilitates fraudulent attempts. Because a significant amount of business processes still strongly depends on email communication, sending seemingly legitimate mails is an effective method for malicious actors to acquire sensitive information or persuade someone to take unintended actions that can have serious consequences. Strong authentication and verifiably encrypted communication methods are highly recommended, at least for confirmation.
Zero Trust is the next logical step in the evolution of enterprise security. Cyber threats will not decrease in a post-COVID world, given the increased number of remote activities. Companies who have applied the Zero Trust principles will be able to react properly to the upcoming challenges. Or rather, to the challenges which are already here, inside our networks or in our trusted zones. These organizations will gain significant advantage over others, not just because attackers always go for the low-hanging fruit, but also because they will be more efficient in discovering and mitigating complex Advanced Persistent Threats (APTs).
The growing penetration of hybrid infrastructures is just the beginning. This trend will not stop here. Companies want to benefit from the cloud based operating model where possible (or at least they want this option to be available), which means in the next couple of years even one of the biggest taboos will be broken, namely the concept that an identity management system must always be located on-site. The advantages of a cloud-based IDM system are obvious from the customer’s perspective:
As more and more services are developed and made available to the public through APIs (either driven by business strategies or regulations, such as the PSD2), API security is becoming increasingly important for companies. In 2019, the OWASP Top 10 API Security Project was introduced, focusing solely on the most common, critical API security issues. Based on the statistics, including our own experiences, authentication and authorization of API clients will gain importance on the upcoming list. On the other hand, the growing popularity and severity of Server-Side Request Forgeries attacks raise concerns, as they can compromise even the strongest of authentications or firewalls.
Securing and managing privileged accounts has lately been a critical challenge for companies. The transition to working from home has sometimes been a forced effort, but companies have received a boost in confidence in terms of the effectiveness of their IAM and PAM strategies. Many of the existing PAM solutions promised that they can serve administrators and business managers even through remote operation. Now that the initial dust settled, companies are looking at what else these solutions can offer, and how a previous necessity can be turned into feasible business benefits. There are three main PAM areas, which are expected to be in focus in the upcoming period:
ICS (Industrial Control Systems) and OT (Operational technology) networks has been key targets for cyber criminals and nation states for the last decade, that is without question. We have witnessed serious incidents such as the cyber-attacks against the Ukrainian and US electricity networks. Without deep knowledge of cybersecurity and ICSs we would think that these attacks have ringed the bell for most companies using legacy OT devices and vulnerable ICS networks. However, seemingly, these incidents had a very little impact on the approach to cybersecurity of those who are the most vulnerable and affected. In the upcoming years, the cyber warfare will shift increasingly towards the cyber-physical systems, while the business need will further increase the exposure of unprotected OT and ICS systems.
Click here to learn more about how Balasys can help you mitigate the above challenges.
Ez a blogposzt a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA 4.0) License feltételei mellett licencelődik.
Szilárd Pfeiffer: API security: there is nothing new under the sun
With the incredible amount of data flowing through them, the security of APIs is becoming a growing concern in the IT industry. What are the best practices and proven solutions that organizations can follow in order to ensure the security of their APIs? There is really nothing new under the sun: APIs are secured by exactly the same precautions as anything else you publish on the internet.
Gábor Pék: Trusted Types: A world without XSS
XSS, or cross site scripting, is one of the most widespread security problems today, as confirmed by statistics from bug-hunting companies such as Hackerone. Although our defenses have been significantly strengthened in recent years, this attack vector is still with us. As we move away from server rendered pages towards SPAs (Single Page Applications), we are being forced to deal with a new type of XSS attack: the DOM XSS. Gábor shares the story of the creation of Trusted Types, a new browser-based protection mechanism, and his experience with implementing it into Avatao’s Angular code base. According to a study conducted by Google, the company "has zero DOM XSS among applications migrated to Trusted Types." A great result, to be sure! But is it worth the effort?
Csaba Krasznay: Wars and Cyber Warfare in the Age of APIs
A new chapter in the security of our world opened on 24 February 2022. The term ‘our world’ must also include cyberspace, as the Ukrainian-Russian war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the news of the war is still concerned with conventional armed clashes, more and more information is available concerning the activities and tools of the various state and non-state hacker groups. Companies can prepare for the re-emphasis on cyber operations as the battles in physical space subside, with the difference that perhaps less significance will be placed on financial gain and far more on destruction. Most of enterprise IT has already migrated to the cloud and solutions that exchange data through APIs, which have have become widespread. However, the rapid transition has focused on efficiency rather than cybersecurity. It is no coincidence that, according to Gartner, APIs are expected to be the most attacked interfaces in 2022.