The rapid development of 5G and the Internet of Things (IoT) in the era of pervasive cloud computing has led to dramatic advancements in the process of data collection and transmission. Industrial applications that leverage these technologies generate huge amounts of data that require localized storage and processing. However, these enormous amounts of data need a lot of time before they can be processed at the centralized data center and then sent to the user.
For these reasons, data center providers are now charged with the impossible task of delivering faster response times of transmitting the data to a centralized data center to be processed before it can be returned to the user. As a possible recourse to the quandary, data center providers are moving workloads closer to the data sources, often called “the edge,” to drive down latencies and to extend its use to applications that need faster data gathering and processing times.
Referred to as edge computing, it, however, comes with the added risk of increased vulnerability to malicious activity resulting as a side-effect of distributing activity over a broader range of endpoints. While most data centers are usually subject to cybersecurity hardening, edge computing environments are often overlooked.
Given this, malicious actors like MoneyTaker hack edge computing environments to commit cybertheft. They have been known to pull off more than 20 successful attacks while taking away approximately US$500,000 per incident.
In 2018, there were more than 6,500 publicly revealed data breaches, up from 5,000 in 2017. The 2018 breaches also exposed almost 5 billion sensitive records, 67% of which stemmed from the business sector, according to a study by Risk Based Security.
Direct losses from cybersecurity breaches are the most visible and can wreak havoc on an organization’s finances. However, it pales in comparison to the reputation damage suffered by the organization. Moreover, a greater number of devices than ever before are going to be connected to the internet, with estimates indicating that almost 27.1 billion devices will be connected globally by 2021. Cybercriminals can hack IoT devices and expose their vulnerabilities if they are not secured properly.
Norton, the antivirus and antimalware software company, listed a glossary of cybersecurity threats that will affect organizations and people the most in 2020. These included deep fakes, synthetic identities, AI-powered cyber attacks, cloud jacking, and ransomware attacks on the public sector.
Additionally, a Cisco study highlighted the most serious attack vectors across the Asia Pacific (APAC) region with ransomware (41%), DDOS (36%), and targeted attacks (30%) being the most common. Additionally, 12% of APAC organizations endured severe breaches (over US$5 million) that arose from lost revenue, lost customers, lost opportunities, and out of pocket costs, as opposed to only 8% of global organizations. A study by Marsh & McLennan attributed inadequate cybersecurity to a dearth of recruiting talents, with 42% of HR professionals reporting a severe undersupply of them, in addition to cybersecurity not being treated as a priority within most organizations.
The first step of any risk assessment procedure should be to identify the parts of your business that most tickle the cyber criminals’ fancy. To identify this, you can ask yourself basic questions like:
Once you have the answer to these questions, evaluate your current protection measures and how you secure your network, email, and other crucial infrastructure. Create a ranking order of which assets, information, and data are the most important and need to be protected the most to help prioritize the level of security measures accordingly. This will help you find out the assets that are most vulnerable to cyber attacks so that you can accordingly prepare to fortify their security.
Study and learn about the most common cyber attacks and how they are conducted. Apart from focusing on external threats, pay attention to the ones that may arise from within the organization itself. Internal threats are well-documented with malicious employees being a very serious attack vector in APAC organizations.
Collect external threat intelligence by deriving it from external sources, such as open source information sharing, threat information sharing group conversations, or even Security Information and Event Management (SIEM) systems. This information feeds directly into enterprise security measures like incident response, alerts and blocking, and security planning to identify and mitigate cyber attacks.
Enterprises can also adopt Machine Learning (ML) and Artificial Intelligence (AI) to develop insider threat prevention solutions that help them monitor employee activity and identify behavioral irregularities to detect internal threats. In the case of behavioral analytics, modern threat detection softwares use a variety of ML and AI techniques to gather huge amounts of data and establish correlation and regression to identify abnormal user behavior.
According to GlobalData, the edge computing market in APAC is forecast to grow at a CAGR of 21% between 2019 and 2024 to reach US$5.8 billion in 2024. According to Gartner, about 10% of enterprise-generated data is generated and processed outside of a conventional data center or cloud and is predicted to grow to 50% by 2022.
This goes to show how prevalent edge computing is becoming. This growth has been further buoyed by use cases like pre-processing IoT data before it is sent to the host data center. However, all this growth has made the edge computing environment a prime target for malicious actors.
According to Juniper Research, cybercrimes have already cost the world as much as US$2 trillion by 2019. Another report by Cybersecurity Ventures forecast that the damages, if continued in the same vein, would quickly soar to the US$6 trillion mark by 2021, thus prompting a global expenditure of an estimated US$10 billion in cybersecurity measures by 2027.
In view of the current impasse, enterprises are working to find reliable defensive strategies to protect themselves against cyber attacks. While many enterprises choose to outsource cybersecurity services, an effective practice is to integrate a Security Operations Center (SOC).
SOC is a term given to a team of cybersecurity experts and the facility in which they conduct IT security operations. These experts employ a range of specialized security processes to locate and resolve vulnerabilities in an organization’s virtual infrastructure. SOCs also implement various technologies like probes, firewalls, and security information and event management (SIEM) systems to record and supervise data when it moves across different endpoints. They avoid potential threats by evaluating active feeds, identifying exceptions, enhancing responses, and keeping an eye on potential vulnerabilities in the defenses set up by them.
Zero Trust is another strategic initiative that can be employed by organizations to prevent data breaches. Based upon the principle of “never trust, always verify,” Zero Trust does away with the concept of trust from an enterprise’s network architecture and is designed to safeguard digital environments by utilizing network segmentation, offering Layer 7 threat prevention, obstructing lateral movement, and streamlining granular user-access control.
In Zero Trust, data is protected by limiting access to it. An enterprise will not trust anyone, whether from within or beyond the network perimeter. Enterprises are required to identify a “protect surface” that is made of the network’s most crucial data, assets, applications, and services, i.e., DAAS. The Zero Trust initiative then demands verification for any person, account, or device attempting to connect with the enterprise’s systems or applications before it grants access to them.
Zero Trust also represents a pivot to the traditional approach to cybersecurity defense. Instead of securing only a single, enterprise-wide perimeter, the Zero Trust creates a microperimeter around the “protect surface” and moves it to every system, network, user, and device inside and outside the organization. This movement is facilitated with the help of multi-factor authentication, strong identities, network segmentation, trusted endpoints, user attribution, and access controls to segregate and govern access to sensitive systems and data.