DailyPost 753
2018 THREAT VECTORSÂ
If something really changes at a breathtaking speed in the present day world, its Cyber Security Threat Vectors. There is no better place of knowing it than the now iconic RSA Conference every year. You get to know where to direct your energies in the current year based on the analysis of the recent past. The front runners in this game also tell you how to go about it. A timely workable advice everybody looks for and the 2018 RSA Conference again fulfilled this promise. The current trends throw up an interesting story. It’s always an revelation.
Leakage of repositories is the first of the current trends. This pertains to both the repositories of code and the repository of data. These are stored on the cloud. The reality is that today software is developed very differently, than even five years back using utilities like github, Amazon s3 or Google clouds platform storage or Microsoft Azure storage. These are often not configured securely either the data gets put into a repository not properly configured or gets into a wrong repository. Hackers mine for repositories without appropriate security notable recent examples being Verizon, Time Warner, Uber & the US Army. Unsecured Amazon s3 bucket was indeed a problem.
Asset inventory would be another major issue. By assets we understand servers, clients, mobile devices etc. Who in the company knows with clarity where the Data Assets are. If the data assets are on computer systems you don’t own & operate, there is a big problem. A Data Curator is the need of the hour, who will have the control of this, most vital asset. He will guide the developers in which manner to use these utilities, special & crypto tools. Data in the cloud has to be tracked & controlled, is the bottom line.
Other emerging threat vectors creating Open Source Intelligence out of public domain data for hacking. Synthesizing and de-anonymising together, we can have a very powerful attack. Installing crypto coin miner and using your computational power is already on. The data is not hacked. It takes a long time to detect. No public announcements are made by these hackers. Hacking of industrial systems would continue to be a critical threat vector in 2018 as well.
UNDERSTAND THE THREAT VECTORS FOR AN EFFECTIVE RESPONSE.
Sanjay Sahay