A new decade is always something to celebrate. We can now look back on our twen’teens with nostalgia, and talk about all the security threats of the past years. Nation-state attackers, critical infrastructure attacks, fiery banking trojans and the rise of ransomware.
But enough about these threats of the past. Instead, this blog will discuss some of the new-school threats that may surface now that we are in the roaring twenties.
Deepfake Social Engineering
The Deepfake technology, put simply, lets an attacker pretend to be somebody else. Using AI and enough training data, they can change their digital voice, or face, into an eerily convincing replica of another person.
It hasn’t taken long for cybersecurity criminals to start abusing this technology. Last year an energy company was defrauded when an attacker used Deepfake tech to pretend to be the CEO, and over the phone, successfully request a transfer of EUR220,000.
The best thing you can do to defend against these sophisticated social engineering attacks is to ensure that your organisation develops a strong ‘security conscious’ culture, and to update and re-deliver security awareness training to staff. As technology and security threats change, so must these awareness campaigns.
When it comes to security, migrating to the cloud is generally a good thing, but many organisations are now using multiple cloud environments across multiple vendors.
To make things easier, organisations are using ‘multicloud managers’. These are platforms that help you to manage a spiderweb of cloud solutions. One platform having management level access to your entire multicloud infrastructure? Yikes.
If an attacker compromises a multicloud manager, then they will have a golden ticket to cascade through all of that organisations cloud environments. If you decide to use one of these multicloud managers, make sure that you double down on your security management (people, process and technology) of these platforms.
Malware gone mobile
It feels like this threat belongs in the ‘emerging threats of 2010’ list, but mobile device security is only going to become more important in this new decade.
Everyone has a smartphone, everyone brings them to work, and most people also use their smartphone for multi-factor authentication to ensure that their personal and business accounts are secured.
It’s pretty clear that more and more attacks will be targeting smartphones as time goes on (2019 saw a 50% increase in attacks against smartphones), so organisations need to make sure they are using a Mobile Device Management solution that can enforce security policies (particularly secure authentication and mandatory patching) across all staff devices.
Information security is always changing, and that’s what makes it so interesting. With every new technology, or cultural change, there will always be new security threats, but knowing is half of the battle.
An organisation that is aware of emerging threats is able to properly assess how much risk they are exposed to. This means they will be able to make accurate and context-driven business decisions, and not decisions based on the fear, uncertainty and doubt that new technology often brings.
At Axenic we pride ourselves on our focus on delivering valuable, practical and pure information security guidance and consulting.
Contact us at firstname.lastname@example.org if your organisation is in need of security advice. We’d love to have a chat about how we can help.