With a new decade approaching, focus now must turn to security

Paul Barker | Dec 03, 2019 | The News

All the pieces are in place when it comes to both file sharing advances and the entire edge computing environment and with billions of dollars set to be invested in both by organizations, the focus now must be on ensuring each remains secure.

With the start of a new decade only weeks away, there are some serious concerns that will need to be addressed by every organization in existence, according to Trend Micro Inc.’s 2020 cybersecurity predictions report released earlier this month.

“As we enter a new decade, organizations of all industries and sizes will increasingly rely on third party software, open-source and modern working practices to drive the digital innovation and growth they crave,” said Jon Clay, the firm’s director of global threat communications.

“Our threat experts predict that this fast growth and change will bring new risks of supply chain attacks. From the cloud layer all the way down to the home network, IT security leaders will need to reassess their cyber risk and protection strategy in 2020.”

Findings revealed that:

  • Attackers will increasingly go after corporate data stored in the cloud via code injection attacks such as deserialization bugs, cross-site scripting and SQL injection. They will either target cloud providers directly or compromise third-party libraries to do this
  • The increasing use of third-party code by organizations employing a DevOps culture will increase business risk in 2020 and beyond.  Compromised container components and libraries used in serverless and microservice architectures will further broaden the enterprise attack surface as traditional security practices struggle to keep up.
  • Managed service providers (MSPs) will be targeted in 2020 as an avenue for compromising multiple organizations via a single target. They will not only be looking to steal valuable corporate and customer data, but also install malware to sabotage smart factories and extort money via ransomware.
  • The new year will also see a relatively new kind of supply chain risk as remote workers introduce threats to the corporate network via weak Wi-Fi security.

To combat these challenges and others, Trend Micro recommends that organizations:

  • Improve due diligence of cloud providers and MSPs
  • Conduct regular vulnerability and risk assessments on third parties
  • Invest in security tools to scan for vulnerabilities and malware in third-party components
  • Revisit security policies regarding home and remote workers
  • Consider Cloud Security Posture Management (CSPM) tools to help minimize the risk of misconfigurations.

When it comes to the cloud, Tom Ward, vice president of marketing with Qnext Corp., developer of the Fileflex Enterprise, a hybrid point-to-point software-only service that addresses the inherent issues of cloud sync and share via edge technology, says having the tools to enable a distributed workforce has introduced issues with security and privacy.

“Because of the significant productivity gains and demand workers have for workplace flexibility – particularly from millennials – we have accepted the security and privacy compromises that are inherent with the new technologies.

“For example, providing remote network access via a VPN also provides access to the entire network infrastructure. Storing files for remote access, sharing and collaboration with third-party cloud providers introduces compromise to the privacy and confidentiality of those files as they can be legally inspected and secretly exfiltrated by the platform owner, law enforcement, security agencies and even in some cases by foreign powers.

“These issues are inherent to the technology and can prove difficult and very technical to control.”

Ward adds that the foremost security issue for public and private clouds is that “users duplicate a subset of their files to the centralized server cluster so that those files can be accessed over the internet. This creates duplication and version control issues.

“Since each server will typically have both a near-line and off-line backup and may be replicated in other geographies to provide better global access, there will be multiple copies of each filed stored. Each copy made increases the threat surface of the organization and creates a more complex storage structure. This inherently increases the risk posture of the organization.

“Who operates and controls the public cloud centralized server cluster is vital for an organization’s security strategy. The problem using the cloud is that the management of that server is outside of your control. This can quickly become a compliance headache.”

Trend Micro, meanwhile, states in its report that the “year 2020 will see a transition to a new decade. So will cybersecurity. Gone are the days of networks isolated behind a company firewall and a limited stack of enterprise applications.

“The current paradigm demands a wide variety of apps, services and platforms that will all require protection. Defenders will have to views security through many lenses to keep up with and anticipate cybercrime mainstays, game changes and new players.”