The rise and rise of connected things drags with it discussions about security. Beyond the obvious recent discussion about 5G vendor security, there is still a real battle taking place around devices as well as networks.
What is worrying is how far ahead the bad guys seem to be. Playing catch up is becoming a huge drain on resources, both financial and physical.
What is also worrying is how many fronts and how many different attack vectors there are. We hear about data breaches on a daily basis and most are not that significant.
Some, however, are massively serious, such as the recent attack on the major political parties in Australia ahead of the elections last May. The full extent of that incident is still being analysed. The Government believes it to be state sponsored and without actually naming names the finger is pointing at China.
That said, Russian hackers are now so sophisticated that they can hack pretty much anything – and make it look as if it was the Chinese.
How much fun is that?
More and more attacks are being identified as ‘state sponsored’ which simply increases hackers’ resources. Exponentially.
On a different level but perhaps more damaging on a day-to-day basis is the number of attacks that are still happening to ordinary companies, with (sadly) ordinary networks.
A report by IBM has revealed the fact that less and less attacks are being mounted using malware and instead are using Microsoft’s powerful scripting language PowerShell to inject malicious commands directly into memory. This allows miscreants to grab passwords or mine cryptocurrencies with far greater confidence because security controls tend to be looking for Trojans and executable files rather than PowerShell code.
The list of threats is long and sadly the list of counter measures is pretty short.
AI, we are told, will be instrumental in keeping up with the bad guys and keeping them out of our devices and networks. Advances are being made to make passwords redundant (thankfully) and this may soon come to pass. Yet, given what AI is being used for by CIOs from some of the world’s leading companies, it is perhaps a bit early to celebrate.
More importantly still, with the IoT on the up and up and with home and office smart devices also on the rise, the focus on security must be increased. Constantly.