One of the most difficult challenges in cybersecurity – perhaps the most difficult challenge, depending on who you talk to – is how quickly the threat landscape changes and shifts. It seems as if no sooner is one set of security protocols in place, new regulations and compliances are required or the attack vector changes. It’s no wonder that so many companies struggle with security.
I’ve been writing about cybersecurity for nearly a decade, and not only have I seen the types of attacks evolve and grow more sophisticated, I’ve also seen an evolution of how and where these attacks are happening. Long gone are the days of a Windows computer being the prime target.
When I first began writing about cybersecurity, my assignments mostly focused on getting feedback about the latest data breach in the healthcare industry (and it always seemed like it was only the healthcare industry being attacked a decade ago) or on explaining the importance of installing antivirus software and a good firewall.
Then my editor asked me to write something about cloud security. “Cloud” was a phrase I heard every so often in 2008, but I was totally unfamiliar with the concept of cloud computing, let alone know anything about cloud security. It didn’t take me long to discover that nothing generates more concern about security than cloud computing, from IT and business decision makers alike. I recall a conversation I had with a small business owner about whether or not he would consider using cloud computing. He literally shouted into the phone that he might as well just hand over all of his business secrets if he decided to store his files in the cloud. That was the perception of cloud security eight years ago. There has been a lot progress made and I personally believe that cloud security is strong, but there are still a lot of folks who refuse to believe the cloud is safe.
Within days of getting my first smartphone, I began asking security experts how long they thought it would be until apps caused a security threat. Although a couple of people said it would happen as soon as the phones became more mainstream, a surprising number didn’t expect apps to be included in the threat landscape. It made some sense, especially if you were talking about an iPhone – malware penetrating Apple’s OS rarely occurred. Yet, mobile threats go back to 2004 and jailbreaking an iPhone created all kinds of security risks. By 2011, malware targeting Android OS was a rising threat. Of course, by this time, it wasn’t only personal data at risk of compromise by mobile malware. BYOD was making huge inroads into the corporate world, and suddenly, IT departments were tasked with developing security plans that addressed personally owned smartphones and tablets.
Who would have thought that Apple would become an emerging attack vector? Security experts would warn me that it was only a matter of time until it happened. Unfortunately, users still don’t want to believe that iOS has flaws and that the popularity of the devices has increased the number of malware strains and targeted attacks on Apple products.
I don’t write as much about AV software and firewalls in 2016 – not because they aren’t an essential layer in the security battle, but because the way we approach cybersecurity has changed. Whereas in the not-so-distant past, the primary concern was protecting the perimeter, today it is more about protecting the data directly. This has companies rethinking the security tools they use, like multi-factor authentication and application security.
What’s the next attack vector? We’re beginning to see more threats against the devices that make up the Internet of Things, but I’m going to keep my eye on areas like machine learning and artificial intelligence, especially as it becomes more mainstream.