Connect with us

Technology

The Future of Security

Published

on

The future of cybersecurity is being shaped by the need for companies to secure their networks, data, devices, and identities. This includes adopting security frameworks like zero trust, which will help companies secure internal information systems and data in the cloud. With the sheer volume of new threats, today’s security landscape has become more complex than ever. With the rise of ransomware, firms have become more aware of their ability to recover from an attack if they are targeted, but security needs also continue to evolve as new technologies, apps, and devices are developed faster than ever before. This means that organizations must be focused on solutions that allow them to stay on the cutting edge of technology and business.

What does the future have in store for cybersecurity? What are some of today’s trends, and what might be future trends in this area? Several significant cybersecurity trends have already emerged or will continue to gain momentum this coming year and beyond. This report covers four of the most important trends:



Learn faster. Dig deeper. See farther.

  • Zero trust (ZT) security (also known as context-aware security, policy-based enforcement), which is becoming more widespread and dominates many enterprise and vendor conversations.
  • Ransomware threats and attacks, which will continue to rise and wreak havoc.
  • Mobile device security, which is becoming more urgent with an increase in remote work and mobile devices.
  • Cloud security and automation, as a means for addressing cloud security issues and the workforce skills gap/ shortage of professionals.Related to this is cybersecurity as a service (CaaS or CSaaS) that will also gain momentum as companies turn to vendors who can provide extensive security infrastructure and support services at a fraction of the cost of building self-managed infrastructure.

We’ll start with zero trust, a critical element for any security program in this age of sophisticated and targeted cyberattacks.

Zero Trust Security

For decades, security architects have focused on perimeter protection, such as firewalls and other safety measures. However, as cloud computing increased, experts recognized that traditional strategies and solutions would not work in a mobile-first/hybrid world. User identities could no longer be confined to a company’s internal perimeter, and with employees needing access to business data and numerous SaaS applications while working remotely or on business travel, it became impossible to control access centrally.

The technology landscape is witnessing an emergence of security vendors rethinking the efficacy of their current security measures and offerings without businesses needing to rebuild entire architectures. One such approach is zero trust, which challenges perimeter network access controls by trusting no resources by default. Instead, zero trust redefines the network perimeter, treating all users and devices as inherently untrusted and likely compromised, regardless of their location within the network. Microsoft’s approach to zero trust security focuses on the contextual management of identities, devices, and applications—granting access based on the continual verification of identities, devices, and access to services.1

NOTE

Zero trust security is a paradigm that leverages identity for access control and combines it with contextual data, continuous analysis, and automated response to ensure that the only network resources accessible to users and devices are those explicitly authorized for consumption.2

In Zero Trust Networks (O’Reilly, 2017), Evan Gilman and Doug Barth split a ZT network into five fundamental assertions:

  • The network is always assumed to be hostile.
  • External and internal threats exist on the web at all times.
  • Network locality is not sufficient for decided trust in a network.
  • Every device user and network flow is authenticated and authorized.
  • Policies must be dynamic and calculated from as many data sources as possible.3

Therefore, a zero trust architecture shifts from the traditional perimeter security model to a distributed, context-aware, and continuous policy enforcement model. In this model, requests for access to protected resources are first made through the control plane, where both the device and user must be continuously authenticated and authorized.

An identity first, contextual, and continual enforcement security approach will be especially critical for companies interested in implementing cloud services. Businesses will continue to focus on securing their identities, including device identities, to ensure that access control depends on context (user, device, location, and behavior) and policy-based rules to manage the expanding ecosystem of users and devices seeking access to corporate resources.

Enterprises that adopt a zero trust security model will more confidently allow access to their resources, minimize risks, and better mitigate cybersecurity attacks. IAM (identity and access management) is and will continue to be a critical component of a zero trust strategy.

The rise of cryptocurrency, the blockchain, and web3 technologies4 has also introduced conversations around decentralized identity and verifiable credentials.5 The decentralized identity model suggests that individuals own and control their data wherever or whenever used. This model will require identifiers such as usernames to be replaced with self-owned and independent IDs that enable data exchange using blockchain and distributed ledger technology to secure transactions. In this model, the thinking is that user data will no longer be centralized and, therefore, less vulnerable to attack.

By contrast, in the traditional identity model, where user identities are verified and managed by a third-party authority/identity provider (IdP), if an attacker gains access to the authority/IdP, they now have the keys to the kingdom, allowing full access to all identities.

Ransomware, an Emerging and Rapidly Evolving Threat

One of the most pressing security issues that businesses face today is ransomware. Ransomware is a type of malware that takes over systems and encrypts valuable company data requiring a ransom to be paid before the data is unlocked. The “decrypting and returning” that you pay for is, of course, not guaranteed; as such, ransomware costs are typically more than the costs of preparing for these attacks.

These types of attacks can be very costly for businesses, both in terms of the money they lose through ransomware and the potential damage to a company’s reputation. In addition, ransomware is a widespread method of attack because it works. As a result, the cybersecurity landscape will experience an increasing number of ransomware-related cybersecurity attacks estimated to cost businesses billions in damages.

So, how does it work? Cybercriminals utilize savvy social engineering tactics such as phishing, vishing, smishing, to gain access to a computer or device and launch a cryptovirus. The cryptovirus encrypts all files on the system, or multiple systems, accessible by that user. Then, the target (recipient) receives a message demanding payment for the decryption key needed to unlock their files. If the target (recipient) refuses to comply or fails to pay on time, the price of the decryption key increases exponentially, or the data is released and sold on the dark web. That is the simple case. With a growing criminal ecosystem, and subscription models like ransomware as a service (RaaS), we will continue to see compromised credentials swapped, sold, and exploited, and therefore, continued attacks across the globe.

Terms to Know

Phishing: a technique of fraudulently obtaining private information. Typically, the phisher sends an email that appears to come from a legitimate business—a bank or credit card company—requesting “verification” of information and warning of some dire consequence if it is not provided. The email usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card’s PIN or a credit card number.6

Smishing: the act of using SMS text messaging to lure victims into executing a specific action. For example, a text message claims to be from your bank or credit card company but includes a malicious link.

Vishing (voice phishing): a form of smishing except done via phone calls.

Cryptojacking: a type of cybercrime that involves unauthorized use of a device’s (computer, smartphone, tablet, server) computing power to mine or generate cryptocurrency.

Because people will trust an email from a person or organization that appears to be a trustworthy sender (e.g., you are more likely to trust an email that seems to be from a recognizable name/brand), these kinds of attacks are often successful.

As these incidents continue to be a daily occurrence, we’ve seen companies like Netflix and Amazon invest in cyber insurance and increase their cybersecurity budgets. However, on a more positive note, mitigating the risk of ransomware attacks has led companies to reassess their approach to protecting their organizations by shoring up defenses with more robust security protocols and advanced technologies. With companies storing exponentially more data than ever before, securing it has become critical.

The future of ransomware is expected to be one that will continue to grow in numbers and sophistication. These attacks are expected to impact even more companies, including targeted attacks focused on supply chains, industrial control systems, hospitals, and schools. As a result, we can expect that it will continue to be a significant threat to businesses.

Mobile Device Security

One of the most prominent areas of vulnerability for businesses today is through the use of mobile devices. According to Verizon’s Mobile Security Index 2020 Report,7 39% of businesses had a mobile-related breach in 2020. User threats, app threats, device threats, and network dangers were the top five mobile security threats identified in 2020, according to the survey. One example of a mobile application security threat can be an individual downloading apps that look legitimate but are actually spyware and malware aimed at stealing personal and business information.

Another potential problem involves employees accessing and storing sensitive data or emails on their mobile devices while traveling from one domain to another (for example, airport WiFi, coffee shop WiFi).

Security experts believe that mobile device security is still in its early stages, and many of the same guidelines used to secure traditional computers may not apply to modern mobile devices. While mobile device management (MDM) solutions are a great start, organizations will need to rethink how they handle mobile device security in enterprise environments. The future of mobile device management will also be dependent on contextual data and continuous policy enforcement.

With mobile technology and cloud computing becoming increasingly important to both business and consumer life, smart devices like Apple AirTags, smart locks, video doorbells, and so on are gaining more weight in the cybersecurity debate.

Security concerns range from compromised accounts to stolen devices, and as such, cybersecurity companies are offering new products to help consumers protect their smart homes.

A key issue involving the future of mobile device management is how enterprises can stay ahead of new security issues as they relate to bring your own device (BYOD) and consumer IoT (Internet of Things) devices. Security professionals may also need to reevaluate how to connect a growing number of smart devices in a business environment. Security has never been more important, and new trends will continue to emerge as we move through the future of BYOD and IoT.

Cloud Security and Automation

We have seen an increase in businesses moving their operations to the cloud to take advantage of its benefits, such as increased efficiency and scalability. As a result, the cloud is becoming an integral part of how organizations secure their data, with many companies shifting to a hybrid cloud model to address scale, security, legacy technologies, and architectural inefficiencies. However, staffing issues and the complexities of moving from on-premises to cloud/hybrid cloud introduces a new set of security concerns.

Cloud services are also often outsourced, and as such, it can be challenging to determine who is responsible for the security of the data. In addition, many businesses are unaware of the vulnerabilities that exist in their cloud infrastructure and, in many cases, do not have the needed staff to address these vulnerabilities. As a result, security will remain one of the biggest challenges for organizations adopting cloud computing.

One of the most significant benefits cloud computing can provide to security is automation. The need for security automation is rising as manual processes and limited information-sharing capabilities slow the evolution of secure implementations across many organizations. It is estimated that nearly half of all cybersecurity incidents are caused by human error, mitigated through automated security tools rather than manual processes.

However, there can be a downside to automation. The industry has not yet perfected the ability to sift signals from large amounts of noise. An excellent example is what happens around incident response and vulnerability management—both still rely on human intervention or an experienced automation/tooling expert. Industry tooling will need to improve in this area. While automation can also help reduce the impact of attacks, any automated solution runs the risk of being ineffective against unknown threats if human eyes do not assess it before it is put into practice.

In a DevOps environment, automation takes the place of human labor. The key for security will be code-based configuration, and the ability to be far more confident about the current state of existing security and infrastructure appliances. Organizations that have adopted configuration by code will also have higher confidence during audits—for example, an auditor checks each process for changing firewall rules, which already go through change control, then spot checks one out of thousands of rules versus validating the CI/CD pipeline. The auditor then runs checks on your configuration to confirm it meets policy.

The evolution of SOAR (security, orchestration, automation, and response) tools and automation of security policy by code will open up a huge potential benefit for well-audited businesses in the future.

Automation May Help with the Security Workforce Shortage

The shortage of cyber workers will persist because there aren’t enough cybersecurity professionals in the workforce, and cyber education isn’t keeping up with the demand at a solid pace. As a result, cybersecurity teams are understaffed and burnt-out, lowering their effectiveness while posing risks.

Automation may help organizations fill the cybersecurity talent gap and address many of the same activities that human employees perform, such as detection, response, and policy configuration.

While automation cannot completely replace the need for human cybersecurity experts, it can assist in decreasing the burden on these professionals and make them more successful in their work. In addition to more professionals joining the field with varying backgrounds, automated technologies will play a significant role in mitigating the impact of cyberattacks and assisting in solving the cybersecurity workforce shortage problem.

(Cyber)Security as a Service

Cybersecurity as a service (CaaS or CSaaS) is growing more popular as companies turn to managed service vendors that can provide extensive security infrastructure and support services at a fraction of the cost of building self-managed infrastructure. As a result, organizations can use their resources more effectively by outsourcing security needs to a specialized vendor rather than building in-house infrastructure.

CaaS provides managed security services, intrusion detection and prevention, and firewalls by a third-party vendor. By outsourcing cybersecurity functions to a specialist vendor, companies can access the security infrastructure support they need without investing in extensive on-site infrastructure, such as firewalls and intrusion detection systems (IDS).

There are additional benefits:

  • Access to the latest threat protection technologies.
  • Reduced costs: outsourced cybersecurity solutions can be less expensive than an in-house security team.
  • Improved internal resources: companies can focus on their core business functions by outsourcing security to a third party.
  • Flexibility: companies can scale their security needs as needed.

The ransomware attack on Hollywood Presbyterian Medical Center8 is an excellent example of why CaaS will continue to be sought after by organizations of all sizes. Cybercriminals locked the hospital’s computer systems and demanded a ransom payment to unlock them. As a result, the hospital was forced to turn to a cybersecurity vendor for help in restoring its computer systems.

Of course, this approach has disadvantages:

  • Loss of control over how data is stored and who has access to your data/infrastructure. Security tooling often needs to run at the highest levels of privilege, enabling attackers to attack enterprises at scale, use the managed service provider network to bypass security safeguards, or exploit software vulnerabilities like SolarWinds Log4j.
  • In addition, CaaS providers may or may not support existing legacy software or critical business infrastructure specific to each organization.

CaaS is expected to continue on a solid growth path as more enterprises rely on cloud-based systems and the IoT for their business operations.

Conclusion

Cyberattacks continue to be successful because they are effective. Thanks to cutting-edge technology, services, and techniques available to every attacker, organizations can no longer afford to make security an afterthought. To defend against present and future cyberattacks, businesses must develop a comprehensive security plan that incorporates automation, analytics, and context-aware capabilities. Now more than ever, companies must be more diligent about protecting their data, networks, and employees.

Whether businesses embrace identity-first and context-aware strategies like zero trust, or technologies like cloud computing, mobile devices, or cybersecurity as a service (CaaS), the growth of ransomware and other cyberattacks is forcing many companies to rethink their overall cybersecurity strategies. As a result, organizations will need to approach security holistically by including all aspects of their business operation and implementing in-depth defense strategies from the onset.

The future is bright for the cybersecurity industry, as companies will continue to develop new technologies to guard against the ever-evolving threat landscape. Government rules, regulations, and security procedures will also continue to evolve to keep up with emerging technologies and the rapid number of threats across both private and public sectors.


Footnotes

1. “Transitioning to Modern Access Architecture with Zero Trust”.

2. Scott Rose et al., NIST Special Publication 800-207.

3. Evan Gilman and Doug Barth, Zero Trust Networks (O’Reilly, 2017).

4. See “Decentralized Identity for Crypto Finance”.

5. See “Verifiable Credentials Data Model”.

6. See this social engineering article for more information.

7. “The State of Mobile Security”.

8. “Hollywood Hospital Pays $17,000 in Bitcoin to Hackers; FBI Investigating”.

This Article was first live here.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Technology

Paytm, whose share price has dropped 57% so far this year, reports Q4 revenue of ~$200M, up 89% YoY, and a net loss of ~$98M, up 72% YoY due to higher expenses (Reuters)

Published

on


Reuters:

Paytm, whose share price has dropped 57% so far this year, reports Q4 revenue of ~$200M, up 89% YoY, and a net loss of ~$98M, up 72% YoY due to higher expenses  —  India’s One 97 Communications Ltd (PAYT.NS), the parent of fintech firm Paytm, on Friday reported a wider fourth-quarter loss due …

This Article was first live here.

Continue Reading

Technology

Doctor Strange 2 Surpasses 800 Million at the Box Office

Published

on

Image for article titled Doctor Strange 2 Surpasses 800 Million at the Box Office

Image: Marvel Studios

As the weekend winds down, news has come out from The Wrap that Doctor Strange in the Multiverse of Madness, directed by Sam Raimi, has earned over 800 million dollars officially passing The Batman’s theatrical runs, the last big superhero flick to hit the theaters. Doctor Strange 2 is still a decent chunk of change away from the last Marvel outing–Spider-Man: No Way Home earned 1.89 billion dollars during its release.

The Northman continues to draw audiences, although its release to VOD has made it so that there will likely be little more movement after this weekend. To date the Robert Eggers-directed historical action film earned about 64 million. The film stars Alexander Skarsgård and Anya Taylor-Joy as they attempt to seek revenge and escape the clutches of a dismal fate.

This weekend also saw the first returns for Downton Abbey: A New Era, which brought in 16 million after its opening weekend. Universal Pictures, a specialty production from Universal Studios, released the sequel to 2019’s Downton Abbey, which in turn was a follow-up to the hit television series that ran from 2010 to 2015 and became an international phenomenon. The show follows the aristocratic Crawley family and their domestic help across six seasons and fifty-two episodes.

Alex Garland’s horror film of “toxic masculinity,” aptly titled Men, had a solid opening weekend as well (Entertainment Weekly). While 3.3 million might seem modest compared to the big releases, the film is a challenging and divisive watch distributed by the indie darling A24. For a better comparison we can look at the opening numbers for Everything Everywhere All at Once, another A24-distributed film, which netted 3.2 million on its opening weekend.


Want more io9 news? Check out when to expect the latest Marvel and Star Wars releases, what’s next for the DC Universe on film and TV, and everything you need to know about House of the Dragon and Lord of the Rings: The Rings of Power.

This Article was first live here.

Continue Reading

Technology

Your iPhone Pro Has LiDAR: 7 Cool Things You Can Do With It

Published

on

Tim Brookes

Some high-end iPhone and iPad models have a LiDAR scanner integrated into the camera module on the back of the device. This effectively gives your device 3D scanning abilities with a few unique and interesting applications.

RELATED: What Is LiDAR, and How Will It Work on the iPhone?

What Does the LiDAR Scanner Do?

LiDAR stands for Light Detection And Ranging, but it may also be commonly referred to as “3D laser scanning” or some variation thereon. The technology works by bouncing light waves at surfaces and measuring the reaction time to determine the shape and distance of objects in the area.

Think of it like RADAR (RAdio Detection And Ranging) but for light waves. Unlike RADAR imaging, LiDAR can provide more detailed and crisper scans with smaller equipment. LiDAR uses signals that work in the nanometer range, whereas RADAR requires the use of antennas that produce radio waves at much lower frequencies.

Coupled with the software on your iPhone, the LiDAR scanner can be used to create 3D representations of objects and their surroundings. To do this you’ll need the appropriate software which you can download from the App Store. Some core iPhone features, like the Camera app, will use LiDAR in other ways.

At present, only the iPhone 12 Pro, iPhone 13 Pro, iPad Pro 11-inch (2nd and 3rd generation), and iPad Pro 12.9-inch (4th and 5th generation) are equipped with LiDAR scanners. If you look at the camera array on your device, the LiDAR scanner looks like a small round black circle.

RELATED: How to Use the iPhone Camera App: The Ultimate Guide

Create 3D Scans of Places You Love

Imagine if you had an interactive 3D model of your childhood home or a treehouse you built when you were young. Most of us keep photographs to remind us of places we once lived and loved, but what if instead of flat images we were able to take 3D scans instead?

Well if you have an iPhone or an iPad with a LiDAR scanner on the back, you can do exactly that. Having a 3D space to navigate is a lot more immersive than simply looking at a 2D image. Photographs and videos still have their place, but why not augment your memory bank with something you can experience in three dimensions instead?

This is possible with apps like Polycam, RoomScan LiDAR, and Canvas: Pocket 3D Room Scanner. Most of these apps are free to use, though there are paid upgrades that remove certain restrictions and improve the quality of the scans that you make. You can see LiDAR scanning in action in a YouTube video published by Polycam.

RELATED: How to See 3D Walking Directions in Google Maps

Buying a House? Redecorating? Scan First

Capturing a 3D model of a room or building has some very practical uses. If you’re currently looking to rent or buy a house, taking a scan of the building can help you make up your mind whether or not the place is for you. The process is very similar to taking a walk-through video or series of photographs, both of which are common practices in the real estate world.

Not only is a 3D scan more immersive, but it’s also easier to compare sizes, layout, practical space, and potential for renovation and other major work. We’d recommend taking detailed photos and videos in addition to your scan, which works best with apps like Polycam and RoomScan LiDAR.

If you’re planning major work in a home you already own, a 3D scan can give you a base from which to work in a 3D modeling app like Blender (if you’re comfortable working in such an app). Alternatively, it can provide a nice “before and after” comparison to look back on.

And lastly, selling your house without a real estate agent is surging in popularity. These apps allow you to provide 3D environment scans to potential buyers while still cutting down on expensive agent fees.

RELATED: The Best DIY Home Improvement Apps for iPhone and Android

Create Your Own 3D Assets

Photogrammetry is the act of creating 3D objects from photographic data, and it’s a time-consuming process. While the assets that photogrammetry provides are often highly accurate and detailed, the process of taking an item from a series of photographs to a finished model you can use can take hundreds of hours.

By comparison, a scan made on an iPhone or iPad with an app like Polycam can take a matter of minutes. Scanning an object is a bit like taking a video, and when you’re finished you can export a file that can be used in 3D modeling apps like Blender. Once you’ve tidied up your scan you can import objects into 3D engines like Unity and Unreal.

These engines are used heavily in game development, film, and interactive media. Conor O’Kane is a game developer with a YouTube channel who has not only used this technique but created a tutorial showing how to do this and why small developers might be interested in the process.

Scan and Share Interesting or Cherished Items

Are you a collector? Whatever it is you collect—art, plants, games consoles, or even cars—you might get a kick out of exhibiting it online, in a 3D format. Polycam is perfect for this since it includes built-in model sharing with the rest of the Polycam community, or “polyworld” as the app refers to it.

Some people share ice cream or rock crystals, others share their extensive sneaker collection. Even if you don’t have a LiDAR scanner on your iPhone or iPad, Polycam may still be worth the download just to see what people are scanning and sharing.

It’s like Instagram but for 3D models with an interactive element that other forms of media don’t come close to. It’s easy too, even if you make a bit of a mess while scanning the app has intuitive crop controls that allow you to remove background or surface objects.

Tip: For best results, place your item on a stand, pedestal, or stool before scanning

Take Better Photos in the Dark

Your iPhone and iPad already do this, so you don’t need to activate anything to get the benefit. However, if you’re putting off taking photos in the dark since you don’t trust your device’s autofocus, you might want to reconsider if you have a LiDAR-equipped device.

Since LiDAR is capable of judging distances based on how long it takes the light waves to return to the sensor, autofocus in the dark can be better calculated.

While standard cameras and non-LiDAR equipped models use contrast and phase detection autofocus (what Apple calls “Focus Pixels”) which struggle in low light, your LiDAR-equipped model fares much better. Coupled with Night mode you should be better equipped to take photos in the dark.

Measure More Accurately

You may not have realized this but Apple includes an app called Measure with iOS by default. If you’ve previously discounted and deleted it you can download Measure again for free from the App Store.

The app uses augmented reality to measure real-world distances simply by pointing your phone at a surface. Tap the plus “+” icon to start the measurement and move your device to see it in action.

iPhone Measure app

With a LiDAR scanner, augmented reality is vastly improved on the iPhone and iPad. Measure has gone from being a fun party trick to surprisingly accurate. In our tests, the app was right most of the time, with a margin of error of around 1 cm. This may depend more on how shaky your hands are than anything.

RELATED: How to Measure Distances With Your iPhone

Get More From AR Apps

Measure is just one such AR app that performs better when paired with a LiDAR-equipped iPhone or iPad. Every other AR app can benefit from the sensor, which provides a more stable experience by gauging distance using light rays rather than estimations derived from a “flat” image.

LiDAR really helps to improve the AR experience across the board, like when you’re creating art in apps like World Brush, SketchAR, and Assemblr. Need to provide remote assistance for a real-world problem? Vuforia Chalk allows you to scribble on real-world objects to help relay the point.

Try out various bits of IKEA furniture in your house with IKEA Place, or bring your child’s LEGO sets to life with LEGO Hidden Side, as demonstrated in the above YouTube video published by the Brothers Brick. If you’d rather have a more educational AR experience, Playground AR provides a whole physics sandbox to play around with.

Of course, these experiences are available on just about any recent iPhone, but the experience is considerably more stable with a LiDAR scanner. Find even more apps to enjoy in Review Geek’s roundup of the best AR apps for iPhone and Android.

RELATED: The Best Augmented Reality Apps for iPhone and Android

This Article was first live here.

Continue Reading

Trending