Prominent changes in the trajectory of the Cyber-security space Part 2
Click below if you prefer to listen.
Season 2 Episode #3
In the previous episode we have covered six of the twelve prominent changes in the trajectory of the cyber-security space. Today we will continue with the remaining six because those changes are your compass for the right approach to your personal, professional and national protection.
Change #7: Shift on the attack surface ground
For the majority of people cyber-attacks were only taking place at the software level realm, yet the last two years have proven without any doubt that today’s attacks have expanded to the hardware level with backdoors, attacks have become more unpredictable with zero days and way more deceptive in combination with social engineering. Furthermore, with the plethora of devices owned by individuals and organizations the attack surface ground is constantly growing from your computer, tablet and phone to your TV, vacuum, laundry machine, kettle and even baby monitors.
Change #8: Shift on skillset for the perpetrator & the protector
In the past it was a matter of skillset in terms of performing an attack. The cyber-criminal needed technical skills to perform an attack. However today due to the leaked CIA and NSA tools and the plug and play tools elite hackers have set up on the web using illegal marketplaces the only skills perpetrators need is an ability to access the dark web, a fairly low dollar credit and the IQ necessary to follow basic instruction like click here and connect there. Everyone has the ability to hack systems. The focus of protection in the past was on systems meaning that one of the most important technical skills were network and internet security, setting up firewalls, installing and updating antiviruses and monitoring through network monitor systems.
Today as we are facing sophisticated undetectable and highly deceptive cyber-attacks the skills required by cyber-attackers and protectors have to do with the ability to value data, the impact of an attack on that data, how to gain or restrain the access to that data and how to prevent or enable a supply chain of impact. The sophistication of an attack is calculated based on the design and strategic plan behind a successful attack and the duration of impact and profit. At the end of the day it all comes down into how good both sides are in seduction, illusion and deception.
Change #9: Shift in protective measures, controls & tools
I have talked to you about leaked sophisticated tools, ready for anyone to use, undetectable attacks and so many other situation enabling factors of a new approach and methodology of attacks. That means that the tools that we have in our current arsenal of protection are not enough to help us defend against the new challenges of time. In the past you needed an antivirus and a firewall. Now, those are only good for known attacks. Zero days, backdoors and today’s most common attacks require skills which can be obtained only through specific training and strategic planning.
Want a little help?
Change #10: Change in focus
In the past cyber-criminals were focusing on how to penetrate systems and they had to discover vulnerabilities in them. Today all these are available at any time. The only thing they need is an opportunity to get the victim to trigger it and that is all achieved by examining and exploring human behavior and psychology. Again, it all comes down to seduction, illusion and deception thus security is human-centric, and we have moved from vulnerable systems to vulnerable behavior.
Change #11: Impact of attacks expansion
The last two years have definitely demonstrated the expansion of cyber-attacks to all areas of our lives. From our personal privacy and physical protection, to our career and businesses survival to even our nations protection and function. We have seen from attacks against hospitals and organizations, mass attacks regarding identity theft, to shutting down the power grids of a country, to hijacking airplanes and to controlling the nuclear reactors of a country like Ukraine. Just look around you. Every day we hear about politicians exposed online and confidential documents in the wild. Security has become the common denominator of all infrastructures of life.
Change #12: shift of mentality approach
In the past the mentality was about detection and correction. As soon as they discovered an attack they would do as much as possible to detect it, avoid its penetration and damage and to recover. Preparation was much less of their focus. Yet what recent history has demonstrated it that this mentality is causing security to fall apart. That is why we are moving from the era of reaction to the era of anticipation. Anticipation is all about knowing from before and being prepared on how to avoid an attack, how to prevent not only known but undetectable attacks and how to detach the impact an attack can have on your data.
Let’s finish this episode with a tweetable.
That concludes the twelve prominent changes in the trajectory of the Cyber-security space. In am really interested in hearing your comments about this subject.
Apply what you learn immediately. Download “Master your protection” free quick start guide.
8 ways to feel and be safe on the go Click below if you prefer to listen. Free Security Action Sheet: Ways to be safe at home #1 Change your default Wi-Fi password When you purchase a Wi-Fi subscription you receive a router which allows you to connect to the internet...
8 ways to feel and be safe on the go Click below if you prefer to listen. Free Security Action Sheet: Ways to be safe on the go All of us move around all the time. Life has become so busy that we interact and communicate in so many ways both online and offline. That...
What chance do I have to protect my valuable assets when the hacker is smarter than me? Click below if you prefer to listen. Free Security Action Sheet: Two components for Protection I get to hear this question all the time at the Security Awareness” seminars I...
and get the latest updates