Skip to main content

IT Security – The changing face of risks and opportunities

As dependence on big data and analytics grows, so does the risk of IT security breaches. The imperative for companies and governments to protect their IT systems has never been stronger. IT security today is a USD60 billion industry with the U.S. at its forefront. As the number of threats increases, will our existing IT security tools be enough to hold the line?

The IT security industry is poised for growth. Its core product offerings continue to perform well: firewalls, anti-malware, authentication and encryption, plus 80 other product categories. Investors in the US are bullish about this sector. They ploughed USD3 billion into IT security companies between 2011 and 2013, eventually funding some 300 firms.

The most recent instance of a wildly destructive IT threat was the Heartbleed bug, discovered in April 2014. It left 600,000 servers vulnerable. The Achilles heel it exploited was the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) – an encryption technology marked by small, closed padlocks and “https:” on Web browsers to show that traffic is secure . The Heartbleed episode was a “Titanic moment”: a wake-up call to IT security professionals, showing just how vulnerable current systems were.

The Heartbleed episode was a “Titanic moment” : a wake-up call to IT security professionals, showing just how vulnerable current systems were.

The fall-out from the Heartbleed bug still looms large. Governments have recently been put on high alert to counter the risks. A Canadian government directive ordered all federal departments to disable websites running unpatched OpenSSL software. The US government further issued warnings to infrastructure operators and banks that hackers could exploit Heartbleed by scanning networks for vulnerability .

IT security in the era of Big Data
The obvious benefit of IT security is to assure privacy and a higher security warranty. But Big Data and the internet of things are creating new opportunities and threats, veering the IT security industry in a new direction.
  • Data to improve security
Big data and machine learning (systems that can learn from data) can be used to improve security. Machines can be used to identify complex signals. For instance, various types of data can be analyzed and used to identify threats before they occur – such as system logs, past attack behaviours, preferred target types and so on . To illustrate how this works, Google’s Sibyl is a parallel machine learning system that identifies and recommends data to users from its Internet applications.

  • Security in retail
Technology enhances the way we shop but leaves consumers exposed to IT security risks as well. A 2013 survey by the British Retail Consortium’s Retail Crime Survey revealed a high prevalence of online security threats, with nearly two thirds of retailers having been targeted by hackers in the last 12 months. Against this backdrop, the European Union proposed a General Data Protection Regulation with fines for data breach – capped at 5% of global turnover or GBP100 million. Online retailers face not only crime risk but also regulatory risk for lapses in security or privacy controls.

  • Home automation
Home automation also offers a good opportunity for growth via the market for home security. Imagine all devices in your home being connected to the Internet and monitored via mobile devices. It is a reality offered by big brands such as Google, which recently spent USD3.2 billion in 2014 to buy Nest Labs, one of the many vendors of home automation and Internet of things products. The nascent home IT security opportunity is enormous.

Why IT security compliance programs are catching on
As security threats proliferate and as the landscape becomes more complex, more companies are taking up IT compliance programs. Such programs promise a number of benefits.

  • Streamlined IT operations and processes
As security analytics are applied, processes and systems tend to be discovered which improve IT security controls . Furthermore, monitoring tools help to keep a tab on compliance and risk management issues, identifying opportunities to change basic IT operations for improved efficiency.

  • Network intelligence and troubleshooting
Monitoring utilities like the Security Information and Event Management (SIEM) tool are useful for correlating security incidents, but they are also valuable as troubleshooting tools during network-wide deployment projects.

  • Business intelligence and process improvement
IT Compliance programs also enhance business performance. For instance, analytics can be used to predict trends and find efficient ways to process inventory receipts as well as transfers. Moreover, process documentation can be used to assess current processes and identify methods to streamline a task.

How are enterprises dealing with the new security environment?
Enterprises are now showing a marked preference to grow in-house IT security capabilities instead of outsourcing to professional IT consultants. According to a 2013 survey, 65% of companies utilize in-house resources. These figures are borne out across the globe in places such as the Middle East (73%), Japan (72%) as well as North America (71%).

Enterprises are now showing a marked preference to grow in-house IT security capabilities instead of outsourcing to professional IT consultants.

This trend could be due to a stunning fact. Records of internal security incidents show that one of the top five most common internal security threats was directly linked back to staff actions . Companies seem to be realizing that in-house security works best at understanding the patterns and risks associated with their own employee behaviours.

Pinpointing security threats
Even as the IT landscape evolves, security threats are evolving in tandem. The current array of threats has progressed far beyond the viruses of previous decades.

  • Malware

Malware is defined as “malicious software” installed without a device owners’ consent. These consist of virus, worms, and Trojans.

In 2013, The Guardian newspaper published its first story based on leaked top secret documents implicating the National Security Agency (NSA) for spying on American citizens. Edward Snowden – a former NSA contractor – later revealed himself as the source .

The subsequent stories that followed revealed the existence of programs that would eventually infect millions of computers, enabling the agency to take over a targeted computer’s microphone and record conversations. These programs could also sabotage a computer’s webcam and extract photographs, record logs of Internet browsing histories as well as login details and passwords. At-risk data included keystrokes or extraction of data from removable flash drives connected to a target’s computer .
  • Software bugs

A software bug is a problem or defect which leads a program to crash or produce invalid output .

The most recent instance of a software bug gone viral is the Heartbleed bug – discovered in April 2014 – leaving 600,000 servers vulnerable . The flaw which the Heartbleed bug exposed makes it possible to spy on traffic online even if the padlock is closed. It allows hackers to decipher encrypted data without the website owners knowing about any security breach .
  • BOT Networks
The term “bot” in the phrase BOT networks is the short form for robot. When a computer is infected with BOT malware, it performs automated tasks over the internet without the owners’ knowledge or consent . Moreover, when many computers get infected simultaneously, it results in the formation of a BOT network.

Facebook came under attack from the Lecpetex botnet in 2014; infecting more than quarter of a million computers with malware.

Facebook came under attack from the Lecpetex botnet in 2014, infecting more than quarter of a million computers with malware. The affected computers were pinpointed in Greece as well as across Poland, Portugal, India, Norway and the U.S. This BOT network resulted in the control of approximately 50,000 Facebook accounts, fuelling the spread of the malicious malware.
  • Hacking

Hacking activities tend to exploit little-known vulnerabilities. This was the case with the recently exposed LIFX bulb episode in 2014. These bulbs were controlled wirelessly via a mobile app, with the ability to change colors. A security vulnerability found in the product enabled any hacker to capture Wi-Fi details and decrypt credentials without any prior authentication or permission.

Although LIFX immediately eliminated the glitch by updating their software, the episode exposed a loophole which could have become a nightmare to resolve.

The new face of IT security: up-and-coming vendors
As the IT security industry continues to grow at 24% each year, what options are available for businesses? We highlight a number of interesting vendors who are developing unusual IT security responses to an increasingly dangerous landscape.
  • Mocana
This vendor is into the business of selling software libraries to developers for encryption and containerization for mobile device applications. In order words, they offer a security solution for mobile devices. They have already been successful in selling to device manufacturers.

  • Csg Invotas
This is a division of CSG International, which has worked with telecom providers mostly to automate problem resolution. It predicts that the next big thing in IT security is automated responses to targeted attacks. It aims to provide informed detection leading to effective response solutions by mapping out the steps required to be executed within seconds from detection, instead of hours or days.

  • Norse
This is one of the fastest emerging IT security vendors. It is Atlanta-based and has over 30 data collection points from across the globe for fraud detection. The vast network gives Norse visibility into emerging threats and malicious IP addresses. Norse is partnering with gateway security vendors to provide them with feeds to build their own DarkWatch appliances. This appliance deploys itself when existing devices cannot handle the state memory required to apply rules to millions of addresses.

What lies ahead?
As IT security threats proliferate, the onus is on companies to protect their systems and their data. It is not only commercial theft that is a risk, but privacy violations that may attract hefty fines from regulators. And it is not only companies that fear these threats, but also governments seeking to defend entire national IT eco-systems.

Big Data is creating new risks but also new ways to counter those risks. The rise of young, upstart IT security companies shows how innovation is playing a key role in the IT security industry.

A vibrant supplier landscape, continued proliferation of threats as well as newly emergent data pools created by Big Data and the internet of things all demonstrate one thing – IT security is still a sun-rise industry and one that is still very open to intellectual and entrepreneurial leadership.

Labels:

Comments

Post a Comment

Popular posts from this blog

FIFA World Cup 2018 holds lessons for successful team building

The FIFA World Cup 2018 is widely seen as one of the best World Cups in recent memory, with many surprises and goals aplenty. One talking point was the role of teamwork as opposed to just superstar talent. What lessons can businesses learn from the beautiful game? Leon Perera, CEO of Spire Research and Consulting, shared his thoughts in The Business Times – Views from the Top section on 23 July 2018. As World Cup fever draws to an end, the game lived up to its hype with breath-taking goals and outstanding performances. Perera highlighted the role of 'team effort' over mere individual talent, which was evident in the early failure of teams with world-class superstars like Argentina and Portugal. Perera also pointed out the importance of investing in new talent pipeline development, which paid rich dividends for France, the winning team and also one of the youngest teams in the World Cup. The game also highlighted the role of risk-taking. A relentless approach t...
Post a Comment
Read more

Spirethoughts: No show for Wal-Mart in India

The highly anticipated re-entry of one of the biggest names in retail, Wal-Mart, into India was a huge disappointment. It has recently dissolved a six-year joint venture with Bharti Enterprises, and eagerly awaits the upcoming general elections; which could mean easing up of restriction on foreign retailers. At present, the laws required foreign retailers to source 30 per cent of their goods from small and medium-sized suppliers; making it harder for them to compete against domestic supermarkets which are not saddled with such restrictions. Besides, foreign investors are obligated to partner a domestic player so as to enter the India market, with up to 51 percent ownership in local operations. This has resulted in rising investors’ concerns with regards to having no control over the domestic business. Besides, the brand’s reputation could be tarnished if the local player engages in unethical acts, such as corruption and tax battles. Other global retailers are keeping a cl...
Post a Comment
Read more

Zapping away viruses

A new germ-zapping robot manufactured by Xenex in the U.S. could emerge as a saviour against deadly viruses like Ebola. It uses pulses of high-intensity, high-energy ultra-violet rays to crack bacterial cell walls and kill virus-afflicting pathogens. It has been successfully tested on 22 different microorganisms – destroying viruses similar to Ebola. Standing at 5 feet and bearing the nickname “Saul”, the ultra-violet rays it emits are 25,000 times brighter than fluorescent lights and can kill pathogens that are generally missed by the naked eye. A few surgical teams in the United States have been trained to use this technology on Ebola patients. According to research, hospitals with access to this technology have been able to bring down general infection rates by 60%. It is already being used in 250 hospitals. Can such technology breakthroughs arrest global pandemics in the 21st century? https://www.spireresearch.com/newsroom/spirethoughts/zapping-away-viruses/
Post a Comment
Read more

Amazon has entered the healthcare sector.

Amazon is eyeing the healthcare sector. It has rolled out a line of private label, over-the-counter medicines along with medical supplies for hospitals, doctors and dentists. Whether it is selling prescription or generic drugs, Amazon seems poised to disrupt the healthcare industry. However, Amazon faces its own share of hurdles. It will need licenses from each state to be able to sell medical supplies.  Medical practitioners may prefer to stay loyal existing sales channels. Waiting 24 to 48 hours for a pain or cold medicine means that customers may still run to the nearest pharmacy. Will Amazon disrupt the healthcare industry? For more information, click here.
Post a Comment
Read more

Korea needs to focus on developing service robots

The Korean robotics industry grew by 60% a year between 2005 and 2011. Korea has a strong position in industrial robots. Now, the government’s focus should now be on developing service robots to sustain growth. Spire Research and Consulting shared its insights, published on the Business Korea news portal. Korea’s industrial robot sector is larger than any country’s, except for Japan, China and the U.S. However, the service robot sector is emerging as a new growth hotbed, thanks to the accelerated use of artificial intelligence. However, Korea does not have any companies that specialize in the development of service robots. It will take time to further develop Korea’s service robotics technology which is where the government and Korean enterprises need to step in and focus so as to claim early global leadership. https://www.spireresearch.com/newsroom/media/korea-needs-to-focus-on-developing-service-robots/
Post a Comment
Read more