Does security have a chance against the new, new technology?

A new security threat report highlights how the latest defences against cyberattack are themselves under threat. The report, from Sophos, puts a spotlight on several areas of vulnerability.

Android was singled out and noted for the range of ‘fleeceware’ that this year brought with it. Malware within apps, or even apps that are essentially malware, are high up the list of alarming news that the report brings. They even have a name – potentially unwanted apps (PUAs, obviously) – and along with browser plug ins are to be watched.

As we have mentioned previously, one area that Sophos has been looking at is the defenders of cybersecurity themselves being targeted. Machine learning tools that are developed to identify and pull down attacks are being mislead. The previous example was at the global level where international defence systems can be fooled and mislead.

The tools that bring us fake news and now deep fake news and content are being brought to bear on the innocent. This and the vulnerabilities of machine learning must be alarming to the security community. They are always going to be playing catch up and, by definition will never truly get ahead of the bad guys.

On the enterprise front, the report highlights the cloud as vulnerable but points out that the main reason for the cloud environment being vulnerable is from misconfiguration by operators as the environment becomes more complex and sophisticated.

The other area which we should be aware of the one where cyberattackers use our trusted workflow environments against us and these attacks are already well documented and can cause huge damage.

Security is becoming an ever more important and urgent issue. As cool technologies are developed for our education, efficiency and pleasure, they are constantly being examined as weapons and channels for cyberattacks. It will be tough on the enterprises who are being brought to task, with ever heavier regulation and ever tougher fines, as they will be the entities that will be the guardians of our data and will have to take the blame for breaches.