Evolving Cybercrime and Security Challenges: What are CISOs Thinking About?

When it comes to security, change is the norm; nobody working in cybersecurity can completely guess what challenges they’ll face across 24 hours, much less what they can expect across a year or longer

However, experts are constantly analyzing which threats seem to be on the rise and what Chief Security Offices and Chief Information Security Officers can expect for the foreseeable future. Here are some of the cybersecurity issues currently in play and some security challenges to keep an eye on going forward.

Social Engineering Attacks on the Rise

No matter how secure a computer network is, it will almost always have a vulnerability vector that can’t be engineered away: Humans. Analysis from FireEye indicates that phishing attacks during Q1 2019 rose by 17 percent, with many well-known tech companies being impersonated. Microsoft was at the top of the list, followed by OneDrive, Apple, PayPal, and Amazon, although any company can be impersonated. Furthermore, phishing attacks moved in a major way toward URL-based attacks, a shift from the more traditional attack vector of email attachments. Filtering programs can detect many of these phishing attempts, but some number will inevitably creep through. Ongoing workforce education needs to be a top priority for CSOs and CISOs for the foreseeable future.

The Cloud is Not a Panacea

Moving to a public cloud solution can simplify business operations, and it can ease some security tasks. However, research from Check Point Software Technologies indicates that companies still run into a number of potential security risks. About 40 percent of respondents expressed concern about unauthorized cloud access, insecure interfaces, misconfigurations, and account hijackings, all problems that can leave valuable data exposed to malicious actors. Fifteen percent of organizations reported experiencing a security incident in the cloud, and 25 percent were unsure if they were part of a compromise. The shift to the cloud can, eventually, lead to better overall security, as the major cloud providers have the resources to prevent a host of attacks. However, the transition period may also lead to a new array of potential threats that CSOs and CISOs need to manage.

Mobile Security Threats

Mobile devices aren’t new, but malicious actors are moving more toward compromising the increasing amount of data stored on smartphones and tablets. Social engineering is a particular threat on on mobile devices, as attacks can make it more difficult to identify malicious URLs and other signs of malicious activities. Furthermore, text messages, Facebook Messenger, and WhatsApp are common phishing vectors; users might let their guards down while using these apps. Another pressing concern is out-of-date devices, which might not receive the latest in security updates, leaving them vulnerable to a wider number of potential attacks. These threats will only grow as companies move toward a bring-your-own-device mentality, allowing employees to use their preferred devices. One of the pressing matters for CSOs and CISOs is ensuring sensitive information on these devices isn’t vulnerable to data theft.

A More Mature Cyber Market

Malicious actors have long sought to monetize security lapses in companies, and many would seek out credit card numbers and other information that’s relatively easy to sell online. However, Accenture and others have noted that the black cyber markets now provide a much wider range of illegal products for sale. Hackers that have successfully infiltrated a network may sell access to other entities looking to launch various attacks. Furthermore, the ransomware market continues to become more mature, making it more difficult to combat even as protections against these attacks improve. CSOs, CISOs, and cybersecurity experts need to keep abreast of changes affecting these illicit markets, which will dictate where future threats are likely to come from.

Disinformation

In recent years, news of coordinated online disinformation campaigns have made major headlines. However, most of this disinformation relates to politics, as state-sanctioned actors use social media and online advertising to affect elections and sway public opinion. However, private entities now need to take note as well, as disinformation can lead to a number of problems for companies as well as politicians and political parties. In particular, experts are projecting that various entities might turn their attention to global financial markets, potentially affecting entire industries as misinformation spreads online and can’t be easily countered. The role companies and their security chiefs can play may be limited; it’s difficult for individuals and most companies to have much of an effect. However, CSOs and CISOs might want to begin communicating with their counterparts at other companies should a unified response become necessary.

Featured image: ©Tierney