Corero
Blog & News

Eight New Technologies that Could Increase Your Cyber Risk

Digital transformation is creating new opportunities to improve performance, accessibility, and connectivity. Unfortunately, cybercriminals are also taking advantage of these new technologies, to launch malware, ransomware, data breaches, and distributed denial of service (DDoS) attacks. Furthermore, it’s all happening quickly; the pace of digital transformation is making it challenging for even the best CIOs and CISOs when it comes to meeting the business needs of their external and internal customers and protecting their critical infrastructure from cybersecurity risks. They must carefully evaluate the value-complexity-risk ratio of technologies. Cyberattacks not only threaten business continuity and brand reputation, but also cost significant time and money to remediate, and some organizations may have to offer compensatory damages to their customers.

Below is a list of some of the most common technology innovations, and the risks associated with them.

  1. Edge computing: Distributing data across networks containing numerous (100s-1,000s) devices and data centers operating far from a company’s main locations can create problems with visibility and control.
  2. IoT: IoT devices can be rendered inoperable or have their performance impacted. They typically have inadequate security and can easily be harnessed into botnets to launch large-scale DDoS attacks on other targets.
  3. Digital applications: Many digital applications exist in the cloud. This exposes users to cloud security risks, including lack of ‘security-by-design’ hardening. Shadow Apps may not be configured against a security framework of ‘risk-mitigation’ which opens the entire business to cyberattacks.
  4. Software Defined Networks (SD-WAN): Traffic outside the bounds of the data center perimeter could place users in remote locations at risk, as SD-WAN doesn’t automatically integrate with the existing security infrastructure. ‘One local unsecured Internet entry point is all that’s needed for a breach to occur.
  5. 5G: Based on newly developed software, 5G expands the risks related to major security flaws. Emerging techniques; network slicing, network functions virtualization (NFV) etc., blurring their boundaries and increasing the risk from 5G-enabled devices and botnets made up from them. All communication service providers now have a serious risk of inside-out attacks.
  6. Virtual Private Network (VPN): Remote machines using VPN must be secured from abuse, requiring the enforcement of certain minimum standards with regards to operating system, antivirus software, firewalls, and so on. If the target corporate network is compromised with a DDoS attack, no access can be granted to the VPN, and the user is prevented from getting to their data and systems.
  7. Artificial Intelligence (AI): It is possible to systematically feed disinformation to AI powered device software, opening a potential new attack vector . Cybercriminals use machine-learning to detect and bypass security detection systems. A combination of malicious actors and AI technology could be a deadly combination across networks, applications, and communications.
  8. Cloud: Cloud is not necessarily better than an on-premise data center. It could be worse for the risks that iti introduces, such as: Loss of intellectual property, compliance violations, regulatory actions and service outages due to DDoS and application DoS attacks.
The Weakness of Enterprise Risk Management

Cybersecurity risks may not be getting the Enterprise Risk Management (ERM) attention they deserve. ERM managers should collaborate with CIOs and CISOs to factor in cybersecurity threats to their risk portfolios and dedicate resources to cybersecurity. Commonly, ERM protocols are defensive and reflective, relying on post-incident analytical reports to anticipate future risks. Furthermore, ERM tends to look at supply chain issues, internal business rules regarding health and safety, or political, natural, and economic factors that are beyond the control of the organization. Unlike some external factors, organizations do have some control over their cyber vulnerabilities and can take steps to mitigate their risk of being victimized by cyberattacks.

Cyber Defenses Require Real-time Responses

With the constantly evolving technology landscape and accompanying threats, organizations must be able to do two things: 1) conduct forensic reviews of past cyber incidents, and 2) prevent victimization. Immediate analysis of an attack provides a learning opportunity, so organization can assess and harden existing defenses and controls. Just as new technologies are more powerful and automated, so too must cybersecurity technologies be real-time and automated. For example, to protect against DDoS attacks, which are often highly automated, organizations must implement a fully automated, real-time DDoS mitigation solution.

Move Forward, with Caution

One cannot expect C-level executives to not embrace new technologies; in many cases, organizations have little choice but to use a cloud-based solution, or 5G connectivity. Managers must also understand that, even if their own organization has not deployed any of these new technologies, there is an increased chance that they will be the victim of various attacks, simply because threat actors can weaponize others’ new technologies against unwitting targets. For example, every organization is at a greater risk of DDoS attacks today compared to two years ago, because 5G networks make it easier for threat actors to assemble more powerful botnets and, potentially, with fewer devices.

Any organization could be the victim of a DDoS attack, but not every organization would suffer the same types of loss in the event of a DDoS attack. To help organizations determine their risk level, Corero has developed an evaluation assessment tool that they can use to determine the most appropriate DDoS mitigation provider. By using such tools to conduct due diligence, organizations can realistically assess their risk portfolio, to protect their networks and their bottom line.