sb-au logo
Story image

The guide to digital security in unstable times

It’s no secret that attack landscapes have increased for organisations across industries all around the world owing to a variety of factors relating to the COVID-19 pandemic.

Due to the great shift to remote working and learning alone, there are myriad new challenges in the realm of digital security - a surge in usage of unsecured devices in the home, increasing e-commerce transactions, the need for organisations to migrate faster to digital solutions, and more. 

Such an increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents - from the impersonation of the World Health Organisation in thousands of phishing campaigns to the state-based cyber attack on Australian governments and businesses in June.

And according to Varnish Software, one of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. 

Completing a thorough review of potential threats to sites and apps, both from an organisational and technical point of view, will almost certainly reveal that there are more threat vectors than expected.

And while it’s not possible to control employee behaviours that open the door to attack, for example, there are detection and prevention steps to help guard against threats of all stripes.
 

Understanding threat vectors and access routes

Each access route has its own unique properties and characteristics, and as such, they will each have specific weaknesses vulnerable to exploitation.

For instance, the network access route is vulnerable to DDoS and eavesdropping threat vectors. DDoS can also be used to infiltrate the DNS/routing access route, in addition to the DNS hijacking and cache poisoning threat vectors.

The well-documented authentication access route, of particular interest to credential thieves, can come under attack from phishing campaigns, data leaks, credential stuffing and session hijacking. 

As one of the more wide-ranging access routes, applications are vulnerable to exploitation from API attacks, malware, man-in-the-middle attacks, injection attacks and cross-site request forgery.

Awareness of these various threat vectors as they relate to different access routes is the first step in the process of enacting proactive and effective cybersecurity measures. Hackers and bad actors have a lot to work with if they find an organisation which is not on the defensive. 
 

Shifting threats mean a shifting edge

By 2026, the global cybersecurity industry is projected to grow from the US$173 billion it is today to a gigantic $270 billion by 2026 - courtesy, in no small way, of the surge in security incidents this year.

According to Varnish Software, most breaches (70%) originate at endpoints. It follows, then, that one of the best approaches to prevention is monitoring, detection and education - keeping employees from succumbing to phishing attacks and similar techniques. 

Security concerns are shifting as rapidly as technology in general. But with cybersecurity specifically, many of these concerns are seen at the edge - especially as demand for high-performance content delivery pushes caching nodes to the edge.

The promise of edge computing - to enhance performance and reduce latency - is currently at odds with efforts to make cloud, mobile and IoT applications more secure. Organisations that invest in real-time visibility and monitoring tools will gain a lifeline when it comes to enriching performance, uptime and privacy.
 

Vigilance and visibility - the keys to combatting modern cyber-threats

Cloud, mobile and IoT are three of the most significant theatres of combat when it comes to edge security. Here are the key points for each:

Cloud

That cloud infrastructure has innumerable benefits is well-documented. Also well-known is the mammoth challenge of securing it.

For example, the benefits of multi-cloud cloud models are many, but they also pose a challenge when security teams are charged with harmonising the security policies across multiple different platforms. Some platform vendors may also have shoddy security policies compared to others.

This could be why, according to Varnish Software, as many as half of all enterprises using cloud services have failed to implement any kind of cloud and container security. 

Mobile

Endpoint security is perhaps no more crucial in any area than it is for mobile.

Traffic and behaviour monitoring must be employed in order to detect abnormalities and to tighten access control and authentication.

The ubiquity of mobile also doesn’t help when it comes to endpoint security. Many users will grant broad and sweeping security permissions without knowing or understanding the risks involved in doing so - which can lead to widespread data leakage.

Unsecured WiFi connections are also a significant risk, opening vulnerabilities to network spoofing, while content sent over encrypted TLS connections on mobile networks (rather than WiFi) is delivered not only securely but faster than unencrypted connections.

IoT

One of the great security headaches of this age is the fact that many IoT devices are unsecured by default. 

But because mobile networks are often seen as the connectivity of choice for IoT, mobile and IoT go hand in hand. This could pose the problems outlined above - but, as 5G technology rolls out, the potential for better security and bandwidth is strengthening.

Despite this, most IoT devices are still security afterthoughts, making them highly vulnerable to attack - especially as a gateway to access internal and previously segregated networks.

For this reason, IoT devices are particularly vulnerable to data leaks, botnets and human error. This could be exacerbated further by the fact that such devices will generate a lot more data,
24/7.

There are many tools to utilise with the goal of easing edge security concerns - including securing privacy, robust authentication and authorisation policies, and more.

But the first step is being aware of the threats.

To find out more, click here.

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Link image
Gartner report: Why SD-WAN is becoming the de-facto option
Network service providers are increasingly challenged by established and new competition in the overlay SD-WAN management as well as in the underlay WAN transport, the report says.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More