Cyber Security
Trends
Where the Industry Is Heading in an Uncertain 2021
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Cyber security notes for self study
Typology: Study notes
2023/2024
1 / 14
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Cyber security - Hacking and more Study notes Computer science in PDF only on Docsity!
Cyber Security
Trends
Where the Industry Is Heading in an Uncertain 2021
Introduction
Cyber Security in the Covid Era
Covid and Data Access
Build a Data Access Plan
Scope of Threat Vectors Is Changing
Addressing the Cyber Skills Gap
Keeping the Cloud Secure
AI and Machine Learning Come into Focus
The Importance of Privacy
Conclusion: Focus on Competencies and Planning
TABLE OF CONTENTS
2 | www.simplilearn.com
CYBER SECURITY IN
THE COVID ERA
We have all been dealt a tough hand during the Covid-19 pandemic. Cybercrime was already on the rise, but hackers and cybercriminals have taken advantage of the fear and uncertainty the pandemic brought with it, and they are targeting businesses and consumers with a vengeance. For instance, there was a 238 percent rise in cyberattacks on financial institutions and a 600 percent increase in attacks on cloud servers from January to April of 2020.
According to Interpol , two-thirds of EU member countries saw a significant increase in malicious domains registered with the keywords “Covid” or “Corona” in an attempt to exploit people searching legitimately for important information about the disease online. Ransomware has also risen against companies that serve the public in responding to the pandemic.
3 | www.simplilearn.com
COVID AND
DATA ACCESS
Covid-19 has had a dramatic impact on how employees go about their day to day, and that has increasingly been from working at home. The unfortunate side effect is that employees are prone to be careless working remotely, or companies simply have not built the right security protocol, systems, and policies to keep data safe.
According to a recent data security report , the top five security vulnerabilities identified by IT security managers included:
Limited remote work security (45%)
Limited network security (37%)
Careless employees (29%)
Unauthorized apps (28%)
Limited mobile device security (27%)
Data access is a key concern here. Allowing employees to have full access to systems and data increases the likelihood that data will be compromised in some way. According to the report, just over half (50.7 percent) of companies that reported a data breach in the last year allowed full access to all company data. Compare that to the 12.6 percent of companies that strictly limited the amount of data access for employees. That means that companies that allow full access are four times more likely to suffer a data breach.
5 | www.simplilearn.com
SCOPE OF THREAT
VECTORS IS
CHANGING
Many of the cyber threats that we’ve been dealing with for years haven’t changed in nature, but they have changed in scope. And in the Covid era where data and systems access from remote locations is the standard, companies and employees must always be on their toes.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) Security Operations Center (SOC) has reported an increase in specific types of attacks that center around healthy “cyber hygiene,” which necessitates added vigilance from employees. Among the common threats that have gotten even more dangerous in recent months.
Phishing – one of the biggest phishing threat vectors is email. Employees often drop their guard when looking at seemingly urgent emails that may in fact be social engineering-based phishing attacks. They must exercise caution, looking for telltale signs of phishing such as misspellings and suspicious requests and links. And their vigilance should expand when keying in user credentials for websites, social media, texts, or downloading attachments.
Remote Desktop Protocol (RDP) Attacks – Remote access is also contributing to an increase in RDP threats that attempt to access desktops through a specific network port, which can then be used to access a full network. Ransomware is common in these types of attacks. Companies must harden their VPN access to mitigate the risk.
6 | www.simplilearn.com
Password Risks – Multi-factor authentication is becoming more frequently used today, given the amount of remote user access to online documents, data, apps, and networks. Static passwords should similarly be carefully used and protected.
Distributed Denial of Service (DDoS) Attacks – DDoS attacks create system downtime that can destroy trust in your IT systems. And larger remote workforces can even act unintentionally as a DDoS when they all access a system at the same time. Companies should take the step to disable unused services for a time and discourage high- bandwidth activities like watching video.
6 | www.simplilearn.com
8 | www.simplilearn.com
KEEPING THE CLOUD
SECURE
ECloud-based networks and infrastructure were already a booming field, but the pandemic has accelerated cloud and software as a service (SaaS) adoption significantly as a means of enabling remote work and work from home activities. A recent Toolbox CISO Trends report cites a growth in the overall cloud computing market of 37 percent in 2020, and 35 percent of companies plan to increase workload migration to the cloud, driven by the pandemic. Cloud security is top of mind for most CISOs this year.
It’s true that many cloud applications have some type of native security functionality to protect and give visibility to data at rest, cloud hosting, and storage, according to the CISO report. But as IT security teams try to assemble security strategies for multiple disjointed cloud applications, they will increasingly become vulnerable to malware, data leakage, and other threats. Organizations will need to double down on their cloud security efforts and create systems that are not only centralized (rather than one-off policies for each cloud instance) but also are tailored to enable people to work from home without risking company assets.
9 | www.simplilearn.com
AI AND MACHINE
LEARNING COME INTO
FOCUS
AI and machine learning technologies are moving front and center in the battle against cyber threats. Particularly in organizations that do not have an adequate staffing of cyber security professionals, machine learning algorithms can analyze various types of threat data at lightning speeds ( handling tens of millions of requests at a time ) to deliver actionable solutions faster. And it can do it on its own without human intervention or additional programming.
Cyber AI has proven to be a powerful tool in the cyber security environment. Following are a few key areas where AI provides a considerable security advantage :
AI can accelerate the time it takes to evaluate the “breach-worthiness” of a vulnerability by 73 percent, and AI can speed up breach detection, response, and remediation – far faster than a human security analyst.
AI can quickly review user behavior, identify patterns, and locate anomalies in a security network, as well as sorting through massive amounts of security data and automating routine tasks.
AI systems can detect new security incidents and reduce false alarms, using intelligence and speed to analyze potential problems faster and more accurately. That allows cyber teams to focus their efforts on the smaller set of tangible threats.
AI empowers better biometric authentication such as face ID-unlocking capabilities to prevent security breaches (as we’ve all seen on our mobile phones).
11 | www.simplilearn.com
CONCLUSION: FOCUS
ON COMPETENCIES
AND PLANNING
As we look into an uncertain 2021, one thing remains clear — cyber threats will not only remain but will grow in scope. Organizations will need to remain vigilant with regard to remote work policies, data access, and upskilling, and they’ll need to rely on the tried and true technologies like AI and cloud security. The challenges are there, but so are the opportunities.