_
From Computer hardware,network computer, computer servers, electronics, computing by Manuel 2017, https://pixnio.com/fr/objets/electronique-appareils/ordinateur-composants-images/materiel-informatique-ordinateur-de-reseau-des-serveurs-informatiques-electronique-informatique, In the public domain

Navigation

The following content outlines three areas of focus for today's cyber sercuity experts. Continue reading or use the menu below to skip ahead.

The Internet of Things
What is the Internet of Things?
The Internet of Things (IoT) is made up of objects that communicate “with the internet in order to exchange information between the physical world and the virtual world” (Agrawal 2015).

Edureka! (2018) provides a basic introduction to the IoT:

What are the risks of the IoT and how can we mitigate them?

Problem:

Hewlett-Packard found that of 10 popular IoT devices and identified an average “25 vulnerabilities per device” (Hewlett-Packard 2014). Vulnerabilities enable attackers to gain access to the device, using it as part of a botnet, as an entry point in to the network, or even to cause the device to stop working.

Problem:

In the same study, 8/10 device manufacturers also “raised privacy concerns regarding the collection of consumer data” (Hewlett-Packard 2014).

Solution:

More efficient encryption technologies are being developed that will allow for better integration into otherwise power limited IoT devices (Koilakonda 2011). Devices should be developed such that they are “capable of executing applications in a protected manner” (Koilakonda 2011).

Solution:

Legislation that protects consumer's data must be created and enforced. A good example is the European Union’s General Data Protection Regulation, which provides “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (Regulation (Eu) 2016/679 of the European Parliament and of the Council 2016 (EU)).

Social Engineering
What is social engineering?
Social engineering is the “the science of skilfully manoeuvring human beings to take action in some aspect of their lives” (Hadnagyk 2010). Put to nefarious use, social engineering “can breach even the most secure systems” (Hober et al. 2014).

GraVoc (2017) provides a basic introduction to social engineering:

What are the risks of social engineering and how can we mitigate them?

Problem:

Modern hardware and software security technologies, such as encryption, make the human components easier to exploit than the computer ones. The human component may be:

  • A person at home browsing their emails or;
  • A call centre employee answering phone calls and taking notes on their computer

Modern phishing attacks are alarmingly potent. Verizon (2019) reported that phishing was a part of “32% of confirmed data breaches” in 2019.

The sophistication seen in modern phishing attacks has come along way. For example, phishers automate the harvesting of social media accounts to personalise phishing emails for each individual targets. (Hober et al. 2014)

Solution:

Education that “[exposes] users to commonly employed tactics and behaviours” so that they recognise them in use (Conteh & Schmick 2015) is recommended for employers or educators.

Machine learning algorithms are being developed to identify and filter phishing content.

Cloud Computing
What is cloud computing?
Cloud computing is when a cloud provider enables the consumer to connect to a “shared pool of configurable IT resources” (Carroll & Merwe 2011) through the internet.

Amazon Web Services (2019) provides a basic introduction to cloud computing:

What are the risks of cloud computing and how can we mitigate them?

Problem:

The consumer must trust that the provider is “capable of providing the required services accurately and infallibly” and have “faith in its moral integrity, in the soundness of its operation, in the effectiveness of its security mechanisms, in its expertise and in its abidance by all regulations and laws” (Lekkas & Zissis 2012).

Solution:

Stringent security protocols and practices must be implemented and adhered to at all times and across all levels of the cloud computing chain. Examples of the levels of providers and corresponding security measures include:

  • The data centre should adhere to good physical and network security practices.
  • The cloud infrastructure provider should isolate tenant data during storage, processing and transmission (Grundy et al. 2010).
  • The cloud service provider should employ a “robust and consistent Identity management system” and strong encryption whenever data is being transmitted (Grundy et al. 2010).