Cyber Security timeline – 2018

The cyber security is one of the major challenges in the present world. Companies are under constant threat and it can turn out to be the worst of the nightmares for system administrators and security professionals. Hackers gain access to system and data, this can be due to multiple holes in the security system or mishandling of the data.

Hackers intend to have undue benefits by stealing mission critical information, locking access to systems or files, or leaking proprietary information.

Cyber security attacks have high impact on the organizations of all sizes. It can destroy the entire organization by damaged reputation, legal suits and government compliance variance.

Hackers utilize different methods to attain access to the systems and data, these need prevention strategies and techniques.

Different types of cyber-attacks:

  • Social engineering and Phishing: This is one of the oldest and simplest way of hacking by posing as legitimate page/email etc. to trick people onto into entering sensitive information.
  • Cracking: Hackers use high-powered computer programs to automate the systematic cracking of passwords by trying different potential permutations and combinations
  • Crypto-Jacking: the victim unknowingly installing a program that secretly mines cryptocurrency.
  • Crypto Currency: The hackers attack the crypto currency by targeting the Blockchain and taking control of Bitcoins. With the advancement on of the technology, and Blockchain are broken and taken control of currency.
  • Internet of Things: Ubiquitous connected devices are subject to hacking and hackers take advantage of these internet connected devices in two ways.
    • Attack on the fleet of devices to destroy or control them.
    • Use the fleet of devices to attack by using enormous compute power of millions connected devices.
  • Man in the Middle Attack: An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Software Sub-Versioning Flaws: The attacker takes advantage of the flaws in the system and creates a back door in the software and attacks the system.
  • Ransomware: Hackers attack by locking specific, highly sensitive files on the user’s computer or servers and ask for ransom stating that their files have been locked, and that they will only receive the encryption key if they pay a specified amount to the hacker, usually through crypto currency.

Biggest data breaches of 2018

Jan-18 Feb-18 Mar-18 Apr-18
Careem — 14 million – User names, email addresses, phone numbers, and trip data.

Source: Reuters
MyFitnessPal — 150 million – Users’ usernames, email addresses, and encrypted passwords.

Source: Business Insider
Cathay Pacific Airways — 9.4 million – Approx 860,000 Flyers’ passport numbers; 245,000 Hong Kong identity card numbers; 403 expired credit card numbers; and 27 credit card numbers without the card verification value (CVV).

Source: Reuters
Chegg — 40 million – Users’ personal data including names, email addresses, shipping addresses, and account usernames and passwords.

Source: ZDNet
May-18 Jun-18 Jul-18 Aug-18
Ticketfly — 27 million users’ personal information including names, addresses, email addresses, and phone numbers.

Source: The Verge — 6.42 million users’ email addresses and encrypted passwords for customers’ online store accounts.

Source: ZDNet
SingHealth — 1.5 million citizens’ names and addresses in the Singapore government’s health database, and some patients’ history of dispensed medicines.

Source: BBC
T-Mobile — Approx. 2 million users’ encrypted passwords and personal data, including account numbers, billing information, and email addresses.

Source: Motherboard
Sep-18 Oct-18 Nov-18 Dec-18
British Airways — Approx. 380,000 users’ Card payments were exposed by “criminal” hack affecting bookings made on the airline’s website and app.

Source: Business Insider
MyHeritage — 92 million – Users’s email addresses and encrypted passwords of users who have signed up for the service.

Source: Business Insider
Quora — 100 million- Account info including names, email addresses, encrypted passwords, data from user accounts linked to Quora, and users’ public questions and answers.

Source: Reuters
Saks and Lord & Taylor — 5 million – What was affected: Payment card numbers put up for sale more than 5 million stolen credit and debit cards.

Source: Associated Press

The above timeline clearly indicates that at least one major cyber-attack was impacting millions of internet users every month. There were other major cyber-attacks reported in 2018 by some of the most tech savvy companies like Google, Facebook etc. This clearly indicates that all big / small companies are under continuous threat and impacts are disruptive.

What has changed in last 2 years?

  • IOT devices: The IOT devices are ubiquitous and increasing at a great pace. The cyber security for the IOT is still at low maturity and the surface area for of cyber-attack is very high. This makes it a big challenge for the security professional to build strong prevention and protection mechanism.
  • Authentication through the mobile devices: The access management and authorization through mobile devices is growing at a rapid pace. This makes the credential and key management a big challenge.
  • Identity solution moving to the cloud: The enterprises used to have unified way to manage the identity through LDAP and AD based systems. This changed with identity management shifting to cloud through IAM and similar technologies. The identity federation has also evolved and now spread over the different environments.
  • Rise in AI/ML technology accessibility and ubiquitous cloud resources. The AI/ML based security systems are evolving and updating to build prevention and protection systems. At the same time hacking community is using these technologies to build very sophisticated cyber-attacks.

Cyber Market Trends:

The traditional security systems are not going to be sufficient in the new age of technology. Cloud systems are rapidly replacing the traditional systems. With IOT and mobile ecosystems, the surface area is wide and difficult to control. The users want the higher freedom and ease of access, which further increases the risk.

The compliance and governance are evolving, but the question is, are these compliances effective and how can you measure that effectiveness of the controls. A new set security tools are taking birth to handle the new security needs. These tools are based on measuring the effectiveness of the security systems by modeling the threat pattern. These tools use the MITRE ATT@CK security framework. Tools such as Verodin which are based on ATT@CK are measuring the effectiveness of the security systems and helping you define the security layers and prevention tools and techniques specific to your environment.

New security tools are built keeping effective measurement at the center. Cloudlytics is such a tool which provides effective measurement of controls put on the cloud environment (AWS) as per the specific requirement of your organization. This also gives you real-time measurement of the controls on simple granular dashboards and alerting system.

Monitor your business’ security in the cloud. Book a free demo now!

Security By Design?

With the cloud adoption, the security needs to be rethought and the approach needs a fresh look. The traditional approach to the security is restrictive and control driven. With cloud in the center the agility and speed are key drivers for the adoption. The security needs to be integrated right from the development & programming process, with DevOps pipeline and automated surveillance. This has led to Security by Design.

Security by design is an approach to build the application and systems which have one of the key design parameters as security. This approach is opposite to the working in the environment where security is audit driven and afterthought. Security by design is an approach where you consider that malicious practice is expected to happen, design should be such that it has minimal impact due to any of such security attack or malicious activity. The design of any system or application should consider graceful handling of such malicious acts /events by following approach. 

  • Build a zero-trust approach, privileges and access should be highly classified
  • Anticipate security vulnerabilities and discover security vulnerabilities as you develop code
  • Real time Logging and Monitor the systems
  • Control Vs Surveillance – Build system which provides real-time security audit control

Security by design is achieved in 4 phases

Phase 1: Requirements definition and security outline:

Security requirements depend on the criticality of the system and the level of security required. The security enablement is taxing and complex, this needs additional layers of engineering, it becomes important to define the level of security required. The security control matrix should be well defined to make sure we have the requirement definition broken down into different controls. The security standards also help to build the control matrix required for the different IT systems.

Phase 2: Build DevOps pipeline with automated security validations and verification:

The security needs to be integrated in the coding practices and the validation needs to be part of the build and deployment process integrated into the DevOps pipeline. This helps in identifying the security loopholes at the coding level, making sure the system is secure to handle the code level malicious attacks. Defining the right tool chain for DevOps pipeline, which has built-in security level code validations is required. This also helps in the making sure that the code quality is high through the development life cycle.

Phase 3: Identify the tools for different layers of security:

Security needs different layers to make sure IT system is secure. These layers can be divided into the following areas

  • Infrastructure
  • Network
  • Operating system
  • Code and Data layer

We need to identify the requirement of the security systems at all the levels and build automated tool chain to handle different layers.

Phase 4: Setup Real-time security audit controls:

The continuous audit and compliance are key metrics to measure the security of IT systems. In the dynamic cloud environment need to real-time compliance audit and reporting. This makes sure the systems are secure as per the control requirements. This is achieved by building automated governance systems for controls to be audited in the real-time.

Cloudlytics – SaaS based tools, cloud security and automated audit compliance.

Cloudlytics has been built by keeping in mind the requirement of phase 3 and phase 4 mentioned above. Cloudlytics helps with automated real-time governance and audit controls. It has building blocks for the strong real-time monitoring of the cloud environments.

Cloudlytics provides per-packaged automated real-time audit compliance to industry standards on Cloud such as PCI, HIPPA, GDPR, MAS, ISO and others.

Future of security by design:

With the development in the field of Machine Learning (ML) the automated validation and verification will be done to extend to self-healing systems. The compliance and automated audit will automate the self-control needs and build on the control requirement. This will help in defining the controls as and when new vulnerabilities are identified. Machine Learning and advance analytics will chance the security landscape completely.

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!