Since the primitive days of the internet (IE, fifteen years ago), the cybersecurity landscape has shifted rapidly and dramatically. With those changes have come new threats and new challenges for IT security experts to address.
Recently, I spoke with Yuri Diogenes, Professor of the Master in Cybersecurity Program for the EC-Council University, to better understand the cybersecurity threats that internet users are now facing. Diogenes has been in the IT space since 1994 but began his work in the security sector in 2005.
Diogenes explained that security concerns thirteen years ago were much simpler. Business and end-user concerns were primarily focused around email security, firewalls and DMZ’s. Desktops were the primary targets for threats.
It’s true. Everything technology related was rudimentary compared to our present day. The biggest cybersecurity concern most casual internet users had back then was whether to choose Norton, AVG or McAfee.
Regardless, the IT industry today is a far, far cry from the early 2000’s. So, what are the biggest changes? Where has the focus shifted to? When asked, Diogenes stated, “the full adoption of cloud computing,” and “mobile devices.”
The Challenges of Cloud Computing and Mobile Devices
Cloud technology has become ingrained and rooted within our society. Between social media apps, games and storage services among others, it is rare to find a person who isn’t utilizing the cloud in some way — even if they don’t realize it. Similarly, smartphones have become nearly ubiquitous in our day-to-day lives. According to a study conducted by the Pew Research Center, roughly 77% of Americans owned a smartphone as of 2017.
Simply put: access to the internet (and technology in general) is more available now than ever before. However, wide technological availability means that a wide range of people are susceptible to threats.
Much of the issue centers around the technological curiosity of those people. Diogenes stated, “Most end-users are not well protected because they have that curiosity to open links sent to them. They’re easy targets for phishing emails and malware embedded in compromised apps – there are a lot of malicious, fake apps.”
Fake and malicious apps are flooding the market. Just this year, Google announced that it had removed over 700,000 apps from the Google Play store in 2017.
Most apps available are free and access to them requires little more than a press of the confirmation button. On top of that, the consumer vetting process tends not to extend beyond looking to see how many stars a product has in the store. Unfortunately, this system has been shown to be laughably easy to manipulate.
If that’s the case, what’s the solution?
According to Diogenes, it’s a matter of due diligence. He stated, “Try to research something that you’re going to install on your phone. Make sure that you have references. You do not want to install, for example, a password storing type of app without knowing if that company has a good reputation.”
Luckily, tech review sites and blogs are desperate for content — in-depth app reviews are often just a search and click away. If a security-based product isn’t trustworthy, the internet is generally very eager to tell consumers about it.
The Security Risks of Mobile Devices in the Workplace
An employee constantly interacting with apps on their personal device at work can present huge risks for their employer. As this article points out, those risks can range from communication interception by third parties to DDoS attacks and the leaking of insider data.
The best solution to the mobile-device problem would be for companies to provide employees with phones that belong to the enterprise. However, this may not be a viable solution for small and medium sized businesses that lack the funding to do so. In those instances, Diogenes stated, “I think that cloud computing helps a lot. There is a lot of investment for cloud providers to have those solutions be scalable.”
Diogenes has previously written about the benefits of embracing cloud computing and how it enhances the “secure posture” of businesses.
In theory, a scalable, SaaS-based security solution can provide smaller businesses with the same access to data that larger enterprises have. In this regard, having a solution that can query a database of threats is incredibly important. Querying allows the solution to understand if the behavior it records within its environment matches the information in the database. Better still are solutions that utilize machine learning. Artificial intelligence enables the solution to adapt to its environment and quickly identify abnormalities within the network.
Cloud computing is an excellent step in the right direction for most businesses, but it is not a magic bullet. The success of security software is largely dependent on companies and their employees following best practices.
The Bottom Line
Ultimately, there is no combination of solutions or behaviors that ensure complete security. Breaches can happen at any point in time and if there’s a hole in the network, a skilled hacker can get through it. Frankly, the only way to be completely secure on the internet is to stay off it.
Don’t let that depress you. Cybersecurity is certainly moving in a positive direction — people are thinking about it now more than they ever have before. On top of that, the availability of protective software is staggering. Casual end users now have access to cocktails of solutions that can mitigate most threats with ease.
At the end of the day, just remember that the best defense against security threats, more than any combination of solutions, is awareness. Research what you download, be aware of what you upload and constantly be on the lookout for abnormalities within your own network.
Yuri Diogenes (MsC Cybersecurity) is presently a Professor for the Master in Cybersecurity Program from EC-Council University. Yuri is also an ISSA Senior Member and a published author (20+ books). His most recently publication earned the top 5 best Network Security books from Book Authority.