Why Can’t Network Security Get Ahead of the Bad Guys?

Finjan TeamBlog, Cybersecurity, Network Security

Finjan Why Cant Network Security Get Ahead of the Bad Guys?

Cybersecurity has always been a concern, dating back to the mid-1990s when PCs and the Internet were first widely available to enterprise users and consumers. Now, some 25+ years later cybersecurity is a huge and necessary industry. Gartner forecasts that worldwide spending on information security products and services will reach more than $124 billion in 2019. That’s an increase of nearly 9% over 2018. And with the rapid adoption of the Cloud, AI, smart technologies and IoT, data security concerns are now extended to ‘things’.

But with all this cybersecurity investment, the cost of an attack remains high. Some estimates place it at $1.7 million per incident in both hard and soft costs, which raises key questions: Why can’t we stop the bad guys? Why can’t we get ahead of the curve of the latest threats, attacks and malware? Are we no better off today than we were 25 years ago?

Indeed, there are no simple answers to these questions. Detection, protection and mitigation techniques have rapidly advanced over the years. But the attackers, and the nature of the attacks, are also more sophisticated. And, it doesn’t help when manufacturers of, for example, IoT and smart devices, especially in the consumer arena, don’t necessarily design their products with the end-user’s security or privacy in mind (i.e., convenience is what sells). Years ago, hackers were individuals with personal or financial goals. Today, nation-states play a larger role, with political influence being the main target.

With respect to the current threat landscape, computer viruses and worms are still prevalent, but a whole new generation of threats and vulnerabilities now exist, including:

Advanced Persistent Threat (APT) is a computer network attack in which the attacker obtains unauthorized access to a network and remains undetected for an extended period. The attacker uses the compromised system to steal financial, corporate or personal data because they are undetected.

Botnets are pieces of software that connect your machine or device to a botnet-controlled network, usually for some nefarious activity. Users unknowingly download malicious software from an attached file or email. Once the software is activated, the botnet will contact its master computer and your device is now controlled by the person or organization who created the botnet.

Cryptojacking is an activity where attackers breach computing environments and ‘steal’ the compute power to mine Bitcoin. This is a relatively new threat area that has gained much notoriety after researchers detected cryptojacking at Tesla Motors.

Ransomware is malicious software that infects secure database systems, typically encrypting data. The attacker then threatens the deletion or corruption of the data files unless a ransom is paid. Ransom demands have ranged from a few hundred to a few hundred thousand dollars. Payment is usually demanded in Bitcoin (or other digital currencies) so as to be untraceable.

Spear Phishing is directed at specific individuals or companies. It attempts to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an email or instant message. It usually directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.

Unfortunately, the threat landscape may be something akin to a whack-a-mole game; once we (seemingly) knock down one issue, another arises. The need for network security will likely always be with us. But there is reason for optimism. The software and hardware manufacturers who provide service provider, enterprise, consumer and IoT security solutions have finally gotten the message and are designing security “in” to products – as opposed to having security be an afterthought. Combined with rapid advances in automated and algorithmic security solutions, we are beginning to see a more level playing field.

Bill Crowell, a career professional at the National Security Agency (NSA), points out that “much of the focus of the cybersecurity industry during the remainder of this decade will be focused on bringing machine learning, artificial intelligence and big data analytics to their products…there will be more focus by the industry on integrating the various tools into consolidated platforms that require fewer people to operate and can be provided as a service requiring less capital investment by the customers.”

Conclusion

Dealing with cybersecurity threats is hard and predicting the next big thing is even harder. But there are basic best practices that should be embraced. Consider the following, whether you are thinking about your corporate security or your personal on-line exposure:

  • For desktop and mobile devices: download an app that provides security and privacy, e.g., Finjan’s InvinciBull VPN for private browsing.
  • For users of IoT devices: ensure your configuration is set for maximum privacy. Consult with your manufacturer’s user manuals and recognize that more security may impact device performance.
  • For enterprise and service provider: ensure network and application security teams are equipped with the latest training, tool and strategies. Plan for contingencies and run periodic drills to establish readiness.

Share this Post