Using Convenience and Simplicity to Win the Security Arms Race
How can we build smarter security systems?
The arms race between attackers and defenders is constructive. It should lead to the detection of inefficient parts and production of more robust solutions help to improve systems. It is an unfortunate fact that attackers are ahead of us and they determine where we need to focus.
This fact can only change when we start designing systems with security in mind.
Recently, a researcher published four zero-day attacks, three of which were released in 24 hours. This can lead to either new threats or new opportunities for building more robust shields.
It is surprising to see multiple zero-days being published back-to-back because they are usually difficult and costly to generate; however, it is more efficient for attackers to serve a known malware by modifying its packaging.
Our research on malware trends showed that while we see new attack types, we also observe malwares over 10 years old that are still used in attacks. For example, here is how many instances of MyDoom malware, which first originated in 2004, we saw in our own research in 2018.
Cybersecurity Convenience: The Pros and Cons
These days, convenience in every level of daily life is becoming a trend. In fact, some of the recent spam and phishing campaigns show that it is not hard work but smart work that pays off. There are solutions created for user convenience such as pastebin, WordPress, GitHub, and a new rising star in OneDrive.
However, we often forget that attackers also take advantage of those solutions. One surprises me most is Adwords which is utilized by blackhats in various ways.
This new trend of convenience should be appraised by security researchers and vendors to help organizations as well. Key/important points for designing better systems with security in mind should include the following:
- Security awareness trainings should be simple and reachable to everyone.
- Take advantage of community experience and knowledge, such as utilizing social media for mining new trends and crowdsourcing for handling complex problems.
- Last but not least, incorporate artificial intelligence in essential detection processes as a decision support tool.
I will be discussing this and more during a panel discussion, Cyber Resilience in the Face of Human Error, at Infosecurity Europe in London on June 6. It will be moderated by my Mimecast colleague Linsday Jack, vice president of security services. On the panel will be my Mimecast colleague Meni Farjon, chief scientist for advanced malware detection, as well as Paul Watts, CISO for Domino’s Pizza UK and Ireland.
We hope those attending the panel will learn new strategies to mitigate the effects of new vulnerabilities and exploits, as well as new ways to understand internal and external threats and keep organizations secure.
Learn more at this link. I hope to see you there.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!