The world has experienced economic, political and technological shock over the past two years. Technology is evolving at an ever -increasing speed, and ordinary citizens are now carrying the brunt of the cyber war waged by nation states.
In this context, a whole series of misconceptions about cybersecurity have gained ground, driving security teams to focus on the evil aspects despite their good intentions.
Here are seven to watch out for:
Many companies are well aware of the existence of bots, but the truth is that social networks do not know and do not want to know the exact proportion of these active bots on their platform.
A few years ago, we did a demo using a social network that found that 98% of logins to that network were from automated bots. Extremely proud of its rapid growth, this company that looks to the future with optimism has to admit that it only has a tenth of the subscribers it thought it had.
This conclusion revealed its importance to the general public in taking over Twitter. The value of this company is highly based on the number of its users. Soon after, Elon Musk challenged Twitter to show that bots and fake profiles represent less than 5% of accounts. This expectation is legitimate on the part of any investor, advertiser, potential business partner, or even users. The number of bots on Twitter is closer to 50%, if not more.
Businesses should need to make sure their users are really people, in addition to effectively managing and facilitating their bot traffic.
In other words, the proliferation of malicious bots is a sign of security failure. Bot prevention is important not only to ensure the integrity of the information circulating on these sites, but also to provide accurate data to the companies involved in making important business decisions as well as to other parties. dealing with them.
For years, companies with big budgets and talented technical teams have been battling bots. When analyzing the traffic of these organizations, one would expect to see sophisticated bots, which would have evolved to overcome defenses, but this was not the case.
Companies are fighting bots by blocking IPs, regions and autonomous systems, and here’s an evolution of malicious bot traffic: attacks are now coming in the hundreds of thousands , even millions of IP addresses. Network layer defenses have limitations.
It is important to have behavioral biometric data. Query the browser and query the device. All of these signals, taken together, refer not only to bots, but also to malicious individuals controlling them.
Companies also think they can get out of this situation by hiring, but it’s simply impossible to hire enough experts to solve such a big problem. The only way to truly combat automation is through automation.
Security professionals are concerned about cybercriminals constantly evolving to stay one step ahead. However, in many respects, the attacks change slightly apart from slight adjustments here and there.
Most bots today feature the same level of sophistication as they did five years ago. Only their origin has changed.
Credential filling still works despite two-factor authentication or CAPTCHA tests. Cybercriminals have no use in generating new attack vectors as long as the original vector remains effective. They just have to find a way to evade new defenses.
Of course, companies should consider emerging threats and try to prepare for them, but the sector must also continue to mitigate last year’s threats.
The multi-cloud world is a reality for many, if not most, businesses today. Regardless of motivation (an acquisition, integration with a partner or simple desire to benefit from the best functions), multi-Cloud is not about to disappear.
However, companies use a lot of the cloud, are sometimes reluctant, and don’t take advantage of the opportunity to reap the full benefits.
Today, there is no reason to be difficult to manage and the security of a computer park in some Clouds. Cloud service providers have incorporated interoperability into their strategies, and many other providers offer solutions designed to remove the burden of integration, extract the essentials of their functionality from a variety of cloud and animate them. available through a simple and unified interface.
Security teams focus on the company’s infrastructure, its servers, computers, workstations … everything within the organization. But in doing so, they often neglect the home networks of all employees.
If a cybercriminal seeks to target the CEO of a company, to access information on mergers and acquisitions or other strategic information, he will be able to monetize the information collected, but it will still be easier to target person concerned. accounts payable or an IT administrator.
At a time when working from home is more prevalent than ever, home networks are a new vulnerability for those with bad intentions.
Insider threats have a huge advantage simply because of human nature to have good intentions from those around you. But the reality is no one can hire 50 or 100 employees without running the real risk of running into one or two malicious collaborators.
However, a disgruntled employee, who wants to harm his or her company, can save sensitive files to a USB key before closing the door. There is even a growing fear that it is introducing broken software into the system.
Many ransomware attacks today can actually originate within the organization. It is very easy for an IT administrator to create a profile on the Dark Web, give them access to the system to install malware, then demand ransom and, as an administrator, advise the company to pay for it.
When the Colonial Pipeline was attacked last year, which caused long lines at gas stations and thus distracted consumers on the East Coast of the United States, it made international headlines. .
But little is said about the millions of citizens who are scammed annually online, many of them elderly and living on their retirement savings. This is a huge threat that can have a devastating effect on individuals and their families, beyond waiting in line and paying for more expensive fuel.
Infrastructure attacks are a big and real problem, but when you listen to the stories of the victims, it becomes clear that widespread cyber fraud deserves more attention than is currently given.