This year has highlighted the need for cyber security overhauls across every industry, from hospitals still running 15-year-old software, to extremely vulnerable electronic voting systems which threaten the integrity of a democracy. It’s becoming more and more apparent that the massive data breaches, spy tool leaks, and proliferating ransomware born from it are only symptoms of a more fundamental issue: the underlying security in our networks and devices is basic if nonexistent. With threats evolving across a landscape of non-upgradeable IoT devices and smartphones, many businesses and users have all but given up on the notion of true privacy and cyber security.
The true cost of “cheap” technology
One of the issues plaguing IoT device manufacturers and its users is also one of its greatest selling points: open competition and the free market. As emerging technologies evolve and develop new applications, often the devices which win out are not the most reliable or secure ones, but simply the fastest one to develop a cheap solution to the application at hand. While this may seem like a positive outcome of a free market, we’re seeing the constant hijacks caused from security oversights due to this process. Today, lawmakers are looking into solutions through regulation as this is not only causing problems with the devices themselves, but networks and other devices on the network become vulnerable to the compromised devices through distributed denial of service (DDoS), which has been used to cripple even technology giants and critical service providers like Dyn DNS.
Lack of confidence in critical systems a growing concern
Even just the lingering thoughts brought on by mistrust in electronic systems are capable of causing havoc and divide in even the sanest of societies. Seeing the televised accusations of electronic voter fraud and nation-sponsored tampering, its apparent cyber security has become not only a major a talking point but also a political scapegoat which can breed uncertainty from very real and looming cyber security issues. People everywhere are wising up to the fact that it’s time to solve these vulnerabilities before they cause more problems, not use them as a tool to
Critical enterprises and institutions must always audit their Cyber Security
Recent ransomware infestations in hospitals and even financial institutions has raised concerns in the population as a whole, mostly due to the potential ramifications such attacks could have on everyday life. One would expect these networks and systems to use state-of-the-art cyber security solutions, from next-generation firewalls, to encrypted virtual private networks (VPN) and strict security policies. Often, in reality these systems though state-of-the-art they may be, are built and managed by inadequately trained personnel which compromise the integrity and overall effectiveness of these systems.
Understanding what adequate cyber security measures entail
Another reason cyber security is in such a sorry state in this day and age is due to the expectations of the users themselves. Many simply don’t understand, or find the measures taken by secure organizations to be too cumbersome and esoteric to ever work. The fact of the matter is users are often the weakest link in the chain, which is why social engineering has been the most effective method for hackers deploying malware, collecting data and compromising systems. Not only that, they are also the last defense, where the firewall, email filter and security policies to fail.
Cyber security cannot be a simple after thought on any level (developer, manufacturer, user), it must be ingrained into our practices, from choosing good passwords and not reusing them on questionable websites, to only relying on services which employ end-to-end encryption. A set of best practices must be developed and taught, as an informed user is less likely to open attachments from unknown senders, or click on links to glaringly fake phishing sites (i.e. website logins made to look like other prominent sites).
Third party security vendors on the rise
Given the complexity in implementing such a cyber security solution, the industry has seen a shift towards third party vendors and system integrators which specialize in such endeavors. These are companies which provide active threat intelligence, auditing, provisioning, reporting, logging, email filtering and much more. The volatile and massive nature of cyber security has also birthed companies providing more focused core solutions for things like threat intelligence, monitoring and intrusion protection/prevention which can all be integrated and deployed onto standardized x86 server hardware or x86 network appliances with modular acceleration for heavier workloads.
As governments are set to potentially step in to curb the onset of vulnerable IoT devices and ensuing DDoS attacks, it’s not far-fetched to assume critical systems in hospitals, power grids, oil refineries and other critical industries will suffer from at least the same revisions and audits in order to maintain an adequate and consistent level of cyber security which we have not seen.