Living in the digital age brings its own challenges. News of security breaches in well-known companies is becoming a normal thing. In the battle between those who want to secure the Internet and those who want to exploit its security vulnerabilities, here’s a list of five significant security challenges that I think information security is/will be facing in 2017.
Army of young developers
Everyone’s beloved celebrity is encouraging the population to learn how to code, and it’s working. Learning to code is becoming easier every day. There are loads of apps and programs to help people learn to code. But not many of them care to teach how to write secure code. Security is usually left as an afterthought, an “advanced” topic to learn sometime in future. Even without the recent fame, software development is a lucrative career. It has attracted a lot of 9-to-5ers who just care about getting through the day and collecting their paycheck.
This army of young developers who care little about the craft is most to blame when it comes to vulnerabilities in applications. It would astonish you to learn how many people simply don’t care about the security of their applications. The pressure to ship and ever-slipping deadlines don’t make it any better.
Rise of the robots
I mean IoT devices. Sorry, I couldn’t resist the temptation. IoT devices are everywhere. “Internet of Things” they call it. As if Internet wasn’t insecure enough already, it’s on “things” now. Most of these things rarely have any concept of security. Your refrigerator can read your tweets, and so can your 13-year-old neighbor.
We’ve already seen a lot of famous disclosures of cars getting hacked. It’s one of the examples of how dangerous it can get.
Routers and other such infrastructure devices are becoming smarter and smarter. The more power they get, the more lucrative they become for a hacker to attack them. Your computer may have a firewall and anti-virus and other fancy security software, but your router might not. Most people don’t even change the default password for such devices. It’s much easier for an attacker to simply control your means of connecting to the Internet than connecting to your device directly. On the other front, these devices can be (and have been) used as bots to launch attacks (like DDoS) elsewhere.
Internet advertisements as malware
The Internet economy is hugely dependent on advertisements. Advertisements is a big big business, but it is becoming uglier and uglier every day. As if tracking users all over the webs and breaching their privacy was not enough, advertisements are now used for spreading malware. Ads are very attractive to attackers as they can be used to distribute content on fully legitimate sites without actually compromising them. They’ve already been in the news for this very reason lately.
So the Internet can potentially be used to do great damage.
Mobile devices
Mobile apps go everywhere you go. That cute little tap game you installed yesterday might result in the demise of your business. But that’s just the tip of the iceberg. Android will hopefully add essential features to limit permissions granted to installed apps.
New exploits are emerging everyday for vulnerabilities in mobile operating systems and even in the processor chips. Your company might have a secure network with every box checked, but what about the laptop and mobile device that Cindy brought in?
Organizations need to be ever more careful about the electronic devices their employees bring into the premises, or use to connect to the company network. The house of security cards crumbles fast if attackers get access to the network through a legitimate medium.
The weakest links
If you follow the show Mr. Robot (you should, it’s brilliant), you might remember a scene from the first Season when they plan to attack the “impenetrable” Steel Mountain. Quoting Elliot:
Nothing is actually impenetrable. A place like this says it is, and it’s close, but people still built this place, and if you can hack the right person, all of a sudden you have a piece of powerful malware. People always make the best exploits.
People are the weakest links in many technically secure setups. They’re easiest to hack. Social engineering is the most common (and probably easiest) way to get access to an otherwise secure system.
With the rise in advanced social engineering techniques, it is becoming crucial everyday to teach the employees how to detect and prevent such attacks. Even if your developers are writing secure code, it’s doesn’t matter if the customer care representative just gives the password away or grants access to an attacker.
Here’s a video of how someone can break into your phone account with a simple call to your phone company. Once your phone account is gone, all your two-factor authentications (that depend on SMS-based OTPs) are worth nothing.
About the author
Charanjit Singh is a freelance JavaScript (React/Express) developer. Being an avid fan of functional programming, he’s on his way to take on Haskell/Purescript as his main professional languages.
