As with most of technology, security goes through periodic changes, cycles and generations. Hardware, software, applications and methodologies all arrive, become commoditised and standardized to the point of being invisible, and then come back in a new evolved form. New platforms and new devices create new opportunities but are also subject to new evolved threats – something that remains true of security.
Cloud Computing: a brand new landscape for threats
IT security threats evolve and adapt to the new IT environment. As corporate and personal IT usage habits have changed, so too have the types of security threats present in the world. New IT practices like Cloud Computing give end-users great benefits in terms of mobility, flexibility and productivity, but they also give malicious third parties new routes to breaching security and increase risks. So while the Cloud has given users a whole new world of mobile computing, it has also created a whole new landscape for hackers and viruses to attack from.
The rise and rise of mobile usage and the Cloud have seen third party attackers change their approaches. Cloud services, social media websites and Android operating system devices have all become new targets, while traditional user data and website denial of service hacks remain popular.
Recent malicious examples in Australasia have included the damaging loss of over 20,000 customer passwords by surf wear brand Billabong and Web giant Google having its Australia office’s building control system hacked into. Similarly it was revealed recently that the Reserve Bank of Australia wascompromised by a phishing attack, while the Commonwealth Bank of Australia recently stated, in the light of hacking attacks on Australia Security Intelligence Organization, that cyber security is among its top concerns.
The risks posed by hackers and phishing attacks haven’t gone away, they’ve just evolved.
the ever-changing nature of the cyber security threat
Cyber security attacks and the ways in which they affect people and organizations are always in a state of transformation. As one IT specialist finds a solution to a particular problem or type of attack, so the creative hackers out there come up with something new and improved.
So as the Cloud has played out its role as both a disruptor and an enabler in the technology world, so too new threats have emerged from it. The leading threat to both organizations and individuals is data breaches. Companies fear sensitive corporate data falling into the hands of competitors, private citizens fear their bank details and credit card information being misappropriated and abused. This is of course not a new threat in itself, but the Cloud enables new routes to the hack, virtual machines and poorly-designed multitenant databases both offering different access points.
In addition to data breaches and data loss, there are the ever-present threats of account hijacking and denial of service, both of which can now be attempted differently thanks to the Cloud. API keys – the coding that Cloud applications use to identify each other – are another tool in the hacker’s armory, allowing malicious parties to launch denial of service attacks or accumulate fees and charges on a victim’s account.
cyber security: a critical business issue
So while the threat is still similar in nature to previously, the avenues to getting in have increased. What this means is that it is time for companies to start thinking about security as a defined strategic issue.
Data security threats and attacks are major factors in successfully achieving regulatory compliance, whatever industry a company might be in. Non-compliance through having inadequate protection of corporate and customer data is a terrifying thought for any company director, so cyber security now really needs to sit at the top of any senior executive’s ‘to do’ list.
but end-users suffer too
At an individual level, the Cloud has helped to bring phishing into the mainstream of cyber security threats. Phishing was previously quite an insidious tactic, but today it has become incredibly brazen and up front, particularly in the mobile world. Because people now use their mobile devices by second nature, often inputting their password dozens of times a day, users are simply less vigilant.
It is estimated that mobile users look at their devices for one reason or another up to 150 times per day – this means entering that precious four-digit PIN code repeatedly – and how many end-users are really certain about what site they are distractedly tapping their password into?
changing threats mean changing strategy
To address this ever-changing security threat, a change of thinking is required. For many years companies and governments acknowledged the need for IT security, were both aware of and concerned about the threats involved, but were still very reactive. So this change in thinking means no longer considering IT security as ‘just’ an IT issue. The focus must change to making cyberspace a strategic asset which requires as much security as physical borders and buildings do.
The Australian government has recently taken the proactive step of investing in cyber security, identifying the threat as a strategic one which affects not just ‘the Web’, but the country’s entire economy, infrastructure and the nation’s future prosperity. It has been estimated that during 2012, 5 million Australians were affected by cyber security issues, at a cost to the country of around $1.6 billion. So it is to the government’s credit that even in an election year it has given the problem due consideration and taken the initiative, ploughing money into cyber security. That’s how significant an issue cyber security and the new threats available through the Cloud have become.
risk management is required at all three levels
The evolution of cyber security threats to the new environment means that the threat exists at three different levels
- the personal
- the organizational
- and the nation state or community level.
At each of these levels the consequences can be dramatic and risk management is required at all three levels.