Written by: Csaba Krasznay, Director of Cybersecurity Research Institute at National University of Public Service
A new chapter in the security of our world began on 24 February 2022. It's time to prepare your organization against an even stronger wave of cyberattacks.
A new chapter in the security of our world began on 24 February 2022. And the term "our world" must also include cyberspace, as the Ukraine-Russia war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the war news has so far focused on classic armed conflict, more and more is being learned about the activities and tools of individual, state and non-state hacker groups. The Cybersecurity and Infrastructure Security Agency (CISA), for example, is constantly raising awareness of both newly discovered codes attacking industrial systems and well-known yet routinely exploited vulnerabilities. Companies can be prepared for a renewed focus on cyber operations as the battle for physical space subsides, with potentially less emphasis on financial gain and more on destruction.
All this has occurred shortly after COVID led most companies to make a decade-long leap in digital transformation. Much of enterprise IT has moved to the cloud, and solutions that exchange data via APIs have become common. However, the rapid digital transition has by definition been driven by a focus on efficiency rather than cybersecurity. It is no coincidence that Gartner predicts that APIs will be the most attacked interfaces in 2022.
So even in a disrupted global security environment, the predictions of experts suggest that Western companies and critical infrastructure operators could have months to prepare for increased cyberattacks. Of course, years of work cannot be completed in this timeframe, but significant results can be achieved in the short term by adopting Zero Trust planning principles. CISA's recommendation, for example, highlights the importance of network micro-segmentation, increased control of privileged users and detection of signs of unusual behavior, and an overall reduction in the attack surface. In practice, these tasks are challenging enough individually, but meeting the full CISA list is almost an impossible task for most companies, while the likelihood of experiencing a cyber attack is higher than ever.
New types of challenges therefore require new types of solutions. Of course, you can't jump years ahead in product development, but re-tuning, integrating and re-designing existing solutions to a Zero Trust approach can provide a quick and cost-effective way to strengthen your cybersecurity. This is why Balasys has come up with an innovation that can provide an effective solution to current challenges such as API interface management and security support, filtering of traffic from the web with web application firewall (WAF) and micro-segmentation of the network, and filtering of malicious traffic with a behavioral analysis. The solution is available as Proxedo API Lifecycle Platform (PALP).
Ez a blogposzt a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA 4.0) License feltételei mellett licencelődik.
Csaba Krasznay: Wars and Cyber Warfare in the Age of APIs
A new chapter in the security of our world opened on 24 February 2022. The term ‘our world’ must also include cyberspace, as the Ukrainian-Russian war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the news of the war is still concerned with conventional armed clashes, more and more information is available concerning the activities and tools of the various state and non-state hacker groups. Companies can prepare for the re-emphasis on cyber operations as the battles in physical space subside, with the difference that perhaps less significance will be placed on financial gain and far more on destruction. Most of enterprise IT has already migrated to the cloud and solutions that exchange data through APIs, which have have become widespread. However, the rapid transition has focused on efficiency rather than cybersecurity. It is no coincidence that, according to Gartner, APIs are expected to be the most attacked interfaces in 2022.
API security and online fraud? What is the connection?
According to Europol, online fraud is one of the major cyberthreats we face. One of the effective tools against them is a content analysis on API traffic.