Doesn’t it seem like there are new kinds of risks and attacks on information security from government entities all the way down to security companies? Today, the new trending threats extend to connected cars, refrigerators, TVs, and homes. The scary part… it is only on the rise!
The growing risk of cyberattacks combined with the proliferation of new malware technology is astronomical. The rise of ransomware is coming and here to stay until technology professionals figure out the cure. An IBM Report was conducted and recorded an estimated 4,000 attacks a day in 2016. The velocity and variety of threats has introduced many new problems for enterprise security in areas that could have never been imagined as little as a year ago. The "Internet of Things” was thrusted into our homes, offices, and cars with such velocity that little thought for security was in mind. This big change resulted in massive DDoS attacks credited to Mirai.
But let’s not forget how fast technology is evolving in sensitive infrastructures such as, power plants, grid and transmission-distribution systems. While we all would expect more care when modernizing critical infrastructure, many industry professional, including DHS and CERT, are becoming more prone to cyber-attacks because most of the systems are now monitored and maintained by connected computerized technologies.
With all of our advancements in technology, it still feels like security is the after thought when new technology is launched. If you were a conspiracy theorist, you could conclude this was a business tactic to keep the security machine relevant.
Today it’s more than a lone hacker. We are going to reference a movie to make a point. In1983, the movie War Games proved anything can happen. Matthew Brodderick was scanning phone numbers and stumbled onto a secret military war simulator. Now a days, hackers consist of the lone wolf, organized crime groups, and state-sponsored attackers. State sponsored hackers are in the business of intellectual property theft, intelligence gathering, and disruption of services. These hacks have grown to an all-time high over the last few years. You don’t hear about an attack from “the disgruntled student, or "ex-employee” knocking out your business.
To make matters worse, it’s getting harder to find people who can fix the situation, forcing teams to do more with less. This then turns into new vendors seeing an opportunity and come at you from every direction with hundreds of tools that claim to solve and simplify the problem. Unfortunately, many soon find it's more of the same stuff with different names and the “flavor” of the attack
changes slightly and your “security device” is not quite there.
It's hard to understand why there is a shortage with all the security news in businesses and politics, today. With how popular cybercrime has become, you would think there would be more classes and studies in schools on the art of cyber security. It would be understandable for people to try and create the next “best app” for a quick payout given the early success of Facebook, Google, SnapChat, Twitter, and many others. Take PacketViper for instance. I started as a private Microsoft consultant in the early 1990’s, found a drive with networking and grew into the networking side of Cisco products and only within the last decade found security as my passion. PacketViper's inception wasn’t built to serve the consumer in the beginning, rather to solve a problem that close peers and I personally experienced.
When you add the items up of velocity and variety of threats to poor staffing, it almost seems that security is an afterthought. We all know there is no silver bullet. The volume, velocity, and variety of traffic is growing to unprecedented levels in which we have to do more with less. We need to slow down the volume by pinching the spigot. If we do not curtail the volume of traffic entering, you will simply be chasing your tail.