The security leader focuses on defending these famous areas by the cloud infrastructure and recently the main target of the attacker. Cyber criminals are right, as cyber criminals look at new technology to start and expand more sophisticated attacks.
However, this greater awareness of this new threat makes it easier to overlook conventional attack vector, such as human -led social engineering and physical safety vulnerabilities.
The security leader needs to balance all risks, as the enemy is exploiting the range of the potential entry points of both old and new.
Cyber crime is still a human problem
Despite overwhelming hype, technology is not a panacea. It is not possible to replace the expertise of all domains, and AI alone cannot match the natural qualities of intuition and creative thinking. The enemy knows this. That’s why those who are smarter and much more dangerous use a blend of tactics that drive humans and technology.
The main technical vulnerability tends to create headlines, but in reality, the weakest link is almost always human elements. Almost all attacks include social engineering elements, and despite the topic of the generated AI and deep fake, the biggest risks are helpful to expand such attacks. There is an interaction between humans and humans.
Synthetic content is now around us, and people are getting better to separate them. Whether it is no longer is the topic of the discussion. But for now, the most dangerous and effective social engineering attacks rely on telephone, e -mail, and even directly human conversation. After all, veteran attackers can build trust so that AI and DeepFake do not match and build fake relationships.
Cyber spy is still a serious threat
For example, let’s consider a cyber spy of the state. Highly trained social engineers are far from the typical ragged racket of independent cyber crime rackets operated from Dark Web, which tends to depend on specific companies and individuals. 。 These attackers may target data systems, but for their weapons, their operations and deceive talents are far great weapons.
Technology still has a long way before you can get closer to the old spiked tactics.
When facing an attacker who can pose effectively as an internal employee or other reliable individual, those who rely only on technology to reduce threats are unlikely to protect themselves. 。 It is not a technology failure. Because this is a process of process, why should human elements be an important factor in cyber security strategies?
Of course, that doesn’t mean that technology does not play an important role in strengthening cyber defense. It is undoubtedly because more daily threats are being automated, or are not skilled attackers and with little experience. Technology’s value, especially cyber security automation, is mainly in the ability of a security leader to focus on threats that cannot be solved by technology alone.
Search for cyber security services
Not just cloud
Currently, most of the business data is stored in the cloud, and its percentage continues to increase. Many companies, especially small organizations and startups, use clouds exclusively for data storage and other IT operations. AI’s rise is accelerating the adoption of the cloud, given how much it is required.
Nevertheless, cloud computing is not the best option in all situations. On -premises remain the choice of high -performance workloads that require very low latency. In some cases, on -premises computing is also a cheap option, and it is unlikely that it will change in the near future.
More companies are shifting to the cloud, which does not mean they do not hold sensitive data on the site. For example, the edge computing that approaches data processing closer to the required location has become an important enabler in a specific use case. An example includes smart energy grids, remote monitoring of industrial assets, and autonomous cars. These include cases where you cannot always rely on Internet connections.
More wise and funded enemies are not just targeting cloud host infrastructure. They also set a target for local servers and cyber physical systems, such as industrial control systems and hardware supply chains. The fact that there are often minimal collaborations between logistics, production, and cyber security departments is even more serious.
Ransomware is one of the biggest threats targeting the on -premises system, despite the slight decrease in last year’s attacks. The cloud system is essentially not immunity from ransomware attacks, but the majority targets naked metal hyper visors and local servers. In one of the recent cases, the Akira Ransomwear Group has returned to the tactics of the previous double -framed TOR and targeted a system that runs ESXi and Linux using different code frameworks.
Botnet is another concern because the number of IoT devices continues to rise. It is used to start a decentralized service refusal (DDOS) attack that spans thousands of devices, but these botnets are mainly monitored and operated for industrial machines and important infrastructure. We mainly target unsecured IoT devices. Recent reports have found that DDOS attacks on important infrastructure have increased by 55 % in the past four years. These attacks are not directly related to confidential data, but given how they can cause a wide range of confusion, the enemy is to pay attention to more attention from the threats. It may depend on them.
Why is physical security related?
The security leader focuses on locking down the cloud host assets, so there is no room for the risk of physical infrastructure. Occasionally, the easiest way to the cloud is from inside.
Even thin clients and stupid terminals, which are widely used in high -security environments such as health care and finance, may provide attackers with a wider wider system, such as cloud -in -frustration and remote data centers. Edward Snowden has proved while working at the National Security Bureau when 20,000 government documents were excluded from a server at the NSA headquarters at 5,000 miles away. He did without using advanced technology. It goes back to 2013, and the NSA has been around since the physical security protocol has been done, but the risk is as relevant as then.
Currently, most thin clients are protected by multiple security, such as encryption and multi -factor authentication, but these solution alone cannot completely protect from physical compromises. If the attacker gains access to the terminal (perhaps by social engineering), it may be compromised by using an unauthorized peripheral device or directly operating a device firmware. This enables access to a wider network, enabling customized malware injection that is not detected by regular security scanning.
The IoT device is another main reason behind the expansion of the attack surface. They often lack appropriate security, and the attacker gives a potential entry point to the wider computing in frustration they are connected. The fact that these connected technologies are being developed on a large -scale development in areas such as smart city, important infrastructure, and transportation networks greatly expands such vulnerabilities.
Eventually, if the attacker can overcome your physical protection, these connected systems are the so -called “crown -jewel” of the organization, rather than trying to break through multi -layered defense. It shows a much easier route.
Cloud data is not always a true target
Other than that, the data hosted in the cloud may not be the ultimate goal of the attacker. Many companies, such as companies that are subject to strict data residency regulations and companies that require high performance of real -time applications, have saved data on on -premises servers.
Some of these systems are air gaps. In other words, it has been completely disconnected from other networks, including the Internet itself. At least theoretically, it is safer than a cloud host server, but these security are not natural. For example, anyone who can physically access the server may be able to compromise or accidentally compromise.
Physical security, such as CCTV and biometric security checkpoints, is as important as before. But it is not only to protect from intentional physical tampering. Advanced attacks, an indirect attack by highly skilled social engineers, can also take desirable actions, such as lending a bio -authentication security access card for unusual employees.
These are usually not enemies that work by email or scaling attacks using AI. They may deceive someone who is as old as humans themselves. In fact, the attacker may be a former employee who is dissatisfied, a hacker operated for the interests of a rival company, and even an unauthorized state.
Fill the gap between digital security and human security
Technology alone cannot protect the organization from countless threats. Also, if you rely only on manual processes, humans cannot catch up with system logs or security information feeds that continue to expand.
In reality, you need to use technology to expand your abilities, start with people. The hierarchical security strategy must usually start by locking down the physical access to the system or system containing another data.
The next defense layer is a human layer. This focuses on improving security awareness. However, in reality, many programs are too focused on whether they are excessively dependent on general content, lacking practical applications, or beyond the target audience. Therefore, it has no effect.
Fishing simulation focuses on general lures, such as trendy new strikes, emergency, and complete threats, and is often limited. However, more sophisticated attackers tend to use subtle methods to bring out responses. This is as easy to send messages on daily policies about company dress code or remote work guidelines. These topics may seem trivial, but you can be interested in changing daily routines and work -life balance. Attackers can use this to deceive suspicion victims and reveal sensitive information through fake surveys.
As with other security measurements, physical systems and awareness improvement training are valid only when they are regularly tested. That’s where the physical red team begins. On the other hand, the red team in the context of IT focuses on technical means such as penetration tests, but physical red teams are trying to enter the limited area and system. To do so, you may be hacked into a physical security system using a simulated social engineering attack and technology blends. By bypassing a physical security barrier or trying to become a staff, the red team can reveal a gap that you may not notice. That’s why they make them a valuable part of the comprehensive information security program.
I will continue to read
