Old-time marathon winner and runner Bill Rodgers once made the comment that, “Every race is totally different.” And if this is true in the relatively predictable world of marathon running, it is even more accurate in the race against cyberterrorism, where – whether we like it or not – each day brings with it unforeseen challenges that threaten the integrity of the network.
“Mr. President, the Problem is Much Worse than You Think”
Late one night in 1983, then-President Ronald Reagan – an avid movie lover – watched War Games, about a teen who hacks NORAD (the North American Aerospace Defense Command) and nearly starts a third world war. A few days later Reagan asked General John Vessey, then Chairman of the Joint Chiefs of Staff, whether this could really happen. After a week of investigation, General Vessey’s answer was, “Mr. President, the problem is much worse than you think” – a response that quickly jumpstarted new efforts to develop America’s cyber capabilities.
“I don't know where I'm going, but I'm on my way.” This remark by American writer and poet Carl Sandburg seems to capture what’s going on at the moment with the Internet of Things (IoT). It is growing at such breakneck speed that nobody can pinpoint how extensive this growth will continue to be. Take, for example, a forecast by Gartner, which anticipates 20.8 billion connected IoT devices will be in use for 2020 – and compare it to the significantly higher prediction by IHS forecasts, which anticipates no less than 30.7 billion connected devices in the same period.
While much has been written about IoT and its promise of creating real business value, what has been underestimated thus far is the associated risks – the extent of the security challenges posed by IoT, and how best to sidestep them.
IoT is already impacting the way we communicate and do business. This trend is expected to continue according to Business Insider - their forecast for IoT devices connected to the web lies currently at 34 billion by 2020. IoT is expected to enable business growth by lowering operations cost, increasing productivity and opening new markets with new offerings and developments. But at what risk? Hackers are already using IoT devices for their malicious purposes in multiple types of attacks on networks and servers. DSL and bot attacks in 2016 have proven that there is no shortage of opportunities hackers are willing to exploit.
As with everything else in life: so many network security options, so little budget. How do you know which one will best protect your network, users and devices? No need to agonize over endless hours of research, we’ve shortlisted the five critical elements of cyber security: firewalls, NAC, anti-virus software, proxy servers, and endpoint security.
Want to stay ahead of the game? The following list of cybersecurity events will help … and they are fun too..
Have you ever thought about migrating your network access control (NAC) to the Cloud? Are you apprehensive about taking this step? Traditional NAC solutions were built to address a premise-based infrastructure. A new next generation NAC approach is required to protect companies in today’s BYOD, cloud-based, IoT world.
The recent headline grabbing DDoS attacks on IoT devices that occurred at OVH, Krebs on Security, and DYN, were performed and spread by taking control of IoT devices found today in most homes and offices. These attacks reveal the true danger in our IoT devices - attacking them is child's play. Surprisingly, most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.
Compromised and stolen credentials remain the main threat to corporate data. Remote access via VPN is the most vulnerable method of access, due to compromised employee credentials. The need for flexible and extremely easy to implement two factor authentication (“2FA”) has become crucial for organizations of all sizes. Another weak link in remote access, beyond user authentication, is generated by connecting to organizational insecure and vulnerable end-points. It is not uncommon that when accessing the network using a VPN through a personal device, any vulnerability existing on that device can quickly become a security hole in the entire network’s protection. To address the heavy challenges of securing remote access, organizations should look for solutions that are cost-effective and provide a cohesive approach for all aspects of access security: compromised credentials, lost or stolen devices and access from insecure endpoints.