Emerging Threats

I was at a recent Information Systems Audit and Control Association event which discussed the future of threats to the individual and the enterprise, including concerns such as cyber attacks, advanced phishing, data governance and more.

Whilst working at Oracle as an EMEA consultant, I worked with many large organisation (> 30k employees) within the financial services and telecomms industries focusing on their approach to identity management - working out who has access to what and why.  This is still a fundamental approach to basic information security management, but now we are seeing information being accessed in a variety of different ways which in turns creates opportunities for information and data attacks in new and sophisticated ways.

  • Mobile - The increased use of mobile and hand held devices, whilst increases the ability for remote working, also increases the risks to the individual, from the likes of rogue apps, identity threat and virus's.  Whilst many major app stores have some basic verification of the validity of the app's content, not all do, creating an opportunity for badly written or in fact rogue apps to proliferate quickly across mobile devices.  Also, as phones become more adept at handling complex data such as video's, PDF's and even terminal services sessions, what protection does your mobile provide for things like anti-virus detection, personal firewall, buffer over flow protection, kernel safety and the the like?

  • Phishing - whilst not a new concept, phishing has now moved into new areas.  Quick Response, or QR Codes, allow smart phone users to scan what in essence is a 2D bar code.  This pictorial data representation is impossible to de-cypher by the naked eye.  Using a simple replace technique, sometimes using even a basic sticker, QR codes can now be replaced with a malicious version navigating the scanner to a rogue website or worse.

  • Third Party Content Management - Sounds like a convention of some sort doesn't it.  Third party content is what I would interpret as data, often social media, that is associated with an organisation or individual, that didn't derive from the organisation or individual in question.  A simple example could be a review of a hotel.  The review data actually originated from a visitor, but obviously references information about the hotel.  This content can proliferate virally across social networks such as Twitter, YouTube and Facebook if the information is sufficiently interesting or topical.  Why is this a threat?  Well the information could be of a malicious intent such as slander, or competitive fud, right through to a fraudulent website attempting to resell products in which it is not licensed to sell or review.  Due to the increased interconnected nature of the social graph, the rate at which this information can spread can become   a serious threat to an organisations brand or a users identity.

  • Email Break - This is really more of a threat for the individual than an organisation.  Most people will have a personal email address.  This address will be asked for when signing up to any on line service, store or social network.  The same will be true for on line banking.  This puts the users email address at the centre of their on line idenity -  a bit like the keys to the castle.  Whilst a hacker would need to potentially know several passwords in order to access the users many on line sites and stores, knowing just their email password gives them access to everything in one easy place.  Reminder emails, password resets, receipts and not to mention the ability to send emails on the users behalf.

  • Cyber Security Arms Race? - We're all pretty familiar with the cold-war arms race of nuclear subs, missiles and the rest.  But has this now evolved into something a lot less confrontational and more on line and subvert?  There have been several alleged on line Denial of Service attacks at a country level in recent years including the North and South Korea stand off which many claim included a cyber aspect.  The US recently created a cyber security special advisory team, with security veteran Howard Schmidt providing direct guidance to President Obama.  The increased threat of DoS attacks to bring down governmental, military and large corporate websites will only increase as more information is made available on line.

Whilst threats and attacks evolve constantly over time, the increased reliance on the internet will put increasing focus on the identification and prevention of on-line malicious activity.  Whilst once road, rail and food where the main stays of an effective social grouping, the internet has now become the main de-facto way of not only accessing data and information, but also ordering services, food, entertainment content, news and more either via personal computers but more likely by mobile devices not initially built with security in mind.