With the costs of password protection—in time, risk, and dollars—mounting, enterprises are looking to implement flexible risk-based approaches: requiring user authentication at a strength that is commensurate with the value of the transaction being requested. Fortunately, as shown in figure 3, various technologies are emerging that can be combined in a way that satisfies enterprise risk tolerance and user flexibility at the same time. Emerging technologies such as blockchain17 are positioned to replace the vulnerability of the single password with multiple factors. Having multiple, cascaded gatekeepers fortifies security by requiring additional checkpoints. The more different proofs of identity required through separate routes, the more difficult it is for a thief to steal your identity or to impersonate you.
One trend that is appearing is the emergence of memory-resident malware. These ephemeral infections will not survive a reboot and be particularly difficult to forensically detect, but as more people leave their computers continuously running, this may be a successful attack technique. As malware defenses on enterprise and personal laptop computers becomes more prolific, the attackers will again shift their techniques. It is not difficult to predict that more attackers will shift to mobile malware. ... The IoT world has the problem of having a wide variety of protocols and standards, enterprises that lack skills with IoT systems, overly complex architectures, products with weak security features, weak security measures and operational immaturity. All of that leads to more security issues. We have already seen immense DDoS attacks sourced from vulnerable IoT devices, and it wouldn’t be going out on a limb to predict even more in 2017.
Service-oriented architectures are nothing new. Service-based applications allow large, complex applications to be owned and managed by a distributed development and operations teams, often used hand-in-hand with DevOps organisational models. However, two questions that have long plagued service oriented architectures are: how large should your services be, and how many should your application use? If you make your services too large, you miss out on many of the advantages of these scalable distributed architectures. Too small, and your inter-service architecture becomes unwieldy. What this means is that, in recent years, there has been a trend to build applications using microservices. The idea being the smaller the service, the easier it is to maintain, and the more distributed development teams can be.
"Today's generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities from a young age, unaware of the consequences that such crimes carry," says Steven Wilson, head of Europol's European Cybercrime Centre. "One of the key priorities of law enforcement should be to engage with these young people, to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose." The operation took place from 5 December to 9 December 2016 and involved Europol working alongside law enforcement from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the United States.
A city's traffic management system, perhaps years old, could be matched, sliced and diced with air pollution readings running in a separate silo, for example. Such a system could be set to permit the most congested traffic artery associated with the worst pollution to be freed up by giving green lights to the cars that are waiting the longest and are pumping out the most carbon dioxide pollutants. However, the state of the art with city brain technology is not yet that advanced. Most city officials would be happy simply to be able to monitor what's going on in disparate areas of a big metropolis more or less in real time, instead of waiting days or weeks to hear about conditions from various public works department heads.
You have to understand there’s a tipping point where at a certain scale it might be cheaper to run on premise than in the cloud. Offsetting that risk may require new skill sets in IT. For us, one has always been around vendor management. With cloud computing, you have to be really careful with those monthly bills and acknowledge and invest in the skills necessary to review the monthly bills and keep your usage charges appropriate. So there’s an investment of time and effort there. ... We’ve been saying for years that IT is moving from an organization that used to build things to an organization that now integrates things. If you’re in the business of integration, that implies you have some piece of middleware or piece of technology that stitches all of this together and delivers it seamlessly to the end users. That skill set and technology is the center point of our solution and our approach.
On the internet, famously, no one knows if you're a dog, and on the internet of things, identity can be similarly difficult to pin down. That's not great if you're trying to securely identify the devices that connect to your network, and it's what prompted the U.S. Department of Homeland Security to fund a project by Factom to create a timestamped log of such devices in a blockchain, recording their identification number, manufacturer, available device updates, known security issues, and granted permissions. That could all go in a regular device-management database, but the DHS hopes that the immutability of the blockchain will make it harder for hackers to spoof known devices by preventing them from altering the records.
The path of least resistance for black hats are non-technical hacks that rely on tricking humans into revealing their login credentials and passwords. With that in hand, cyber thieves proceed to steal personal identities and money. How many humans are we talking about? Microsoft estimates that by 2020 4 billion people will be online — twice the number that are online now. The 500 largest U.S. corporations by revenues which appear on the Fortune 500 employed 27 million people in total last year - about 17 percent of the nation's workforce. The world's 2,000 largest publicly traded companies which appear on the Forbes Global 2000 account for approximately 87 million employees. Employees at large corporations are especially attractive to hackers who are after personal identities, which can be sold in black markets on the dark web.
Advances in technology also advance the methods security teams use to uncover hidden issues. Such efforts have lead Qualcomm and HackerOne to collaborate on bounty program, which will employ white hat hackers and award up to $15,000 to those who can penetrate systems run by Qualcomm-based chipsets and modems to uncover vulnerabilities and report their findings. With several headsets now on the market, virtual reality and augmented reality are expected to be among the top trends of 2017, and as a result could also represent the next frontier in cyber vulnerabilities. ... “We can say with certainty that there will be vulnerabilities that people haven't thought of yet,” Rice said. “It's important to continually approach it with that mindset of ‘there's something here that we've overlooked, let's be vigilant, let's be ready for it.’”
Remember when mega-breaches of hundreds of millions of people's credit card numbers seemed to be the worst attackers could throw at enterprises. What a quaint time that was. This last year has seen a drastic drop in those kinds of wholesale breaches. Nowadays the numbers don't look nearly as dramatic, but the implications of breaches are actually much more serious. In 2016 the most impactful hacks and exposures directly lead to tens of millions in fraudulent money transfers, potentially impacted national elections, and got enterprise executives sacked from their jobs. Ericka Chickowski specializes in coverage of information technology and business innovation.
Quote for the day:
"Life isn't about finding yourself. Life is about creating yourself." -- George Bernhard Shaw