Cybersecurity methods of the past have essentially included a 2-pronged approach of Network-level “firewalls” and appliances to software solutions on servers and desktop/laptops which detect anomalous software, like botnets, malware, etc. Then, with various recent attacks exposing customer data, and with the advent of privacy regulatory requirements like GDPR, a third approach of encryption was sought as an additional solution.
We have seen that with the plethora of vulnerabilities being exposed like Spectre, Meltdown, and now Foreshadow, that even these “solutions” remain inadequate.
As IoT continues to expand its footprint into the lives of consumers, individuals and businesses, we are all exposed to a fast-growing threat landscape that makes personal data increasingly vulnerable to attack due to the generally insecure state of IoT implementations today. Recent IoT security breaches heighten the risks of both privacy as well as significant safety concerns such as the Jeep hacking in 2015, mobile robot hackings like the Softbank Pepper hacking in early 2017, to the Devil’s Ivy vulnerability found in many video surveillance gear discovered in the summer of 2017. In mid-October 2017, RSA keys generated by Infineon chips used in Smartcards, and IoT devices were found to be vulnerable to hackers, while the Malware detection software was found to be a malware itself. In September of 2017, Kaspersky’s malware detection software was reported to have been exploited by Russian and North Korean hackers to acquire classified data from U.S. and South Korean government systems.
According to Transaction Network Services, the top three industries targeted by malware, in terms of data breaches are:
- Accommodation and Food Services
- Public Administration
- Retail
By which, POS systems are a critical component in the Accommodation/Food Services and Retail sectors, with common attacks on POS systems including:
- FastPOS
- Alina
- PoSeidon/FindStr
- FrameworkPOS
- Project Hook
A comprehensive approach is required, whereby the network-level firewalls are now offered as software-based solutions for monitoring, reporting, and remediation. Deep data monitoring and control is also needed, as the Foreshadow, Meltdown, and Spectre attacks are dependent on the fact that only data in main memory is encrypted, once it is inside the processor, in a cache, it is decrypted and becomes vulnerable to attacks.
What about rogue employees with insider attacks? What about new software patches that are not authorized, or older versions that have vulnerabilities?
According to neXt Curve’s principal analyst Akshay Sharma, “A new holistic solution is essential! CISOs, CTOs, and CIOs need to think of security holistically and consider new approaches to de-risk these multi-faceted threats. The C-Suite and the board need to understand the significant risks that vulnerabilities such as Spectre, Meltdown, IoT hacks, POS system hacks and more will have on their business and on their digital strategy.”
Managed Security as a Service in the Cloud can block viruses, Trojans, worms, rootkits, and polymorphic “zero-day” malware before they reach your network. This is from vendors like NTT Security, Akamai, and others.
Network-level firewalls are needed in both physical appliances as well as virtualized in the hybrid cloud (enterprise cloud, and public clouds), from vendors like Palo Alto Networks, Cisco and others.
Processor-level Real-Time Deep Memory Inspection (RTDMI) is a newer approach from vendors like SonicWall who also provide firewalls as well as Managed Security as a Service offering. Here, RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior and renders its effects useless by adding further levels of encryption.
With the advent of GDPR, we now need to continually perform a risk analysis to achieve the highest level of security, where we need to regularly analyze the application and production infrastructure to ensure that any vulnerabilities are identified and swiftly mitigated.
Holistic Behavioural-level Analytics can detect anomalies such as insider-threats and analyzing all flows of data including personal devices like tablets/smartphones with cameras.
Solutions are needed that helps identify the vulnerabilities that impact network devices, so that action can be taken to keep the network secure, including identification of devices and software at End-of-Support where new vulnerabilities will not be remediated and may impact compliance. Replacing old software running on unsupported operating systems, like POS systems running on Windows 7 and other non-supported operating systems, should be the first action item the C-suite in retail, restaurants and hospitality firms should embark upon right away.
Enter DevSecOPs!
Agile development in the Cloud is based on DevOPs. Here, continuous integration and continuous deployment (CI/CD) of applications occur, orchestration and release automation, and operational management and monitoring are occurring, but now integrate Security, thereby creating DevSecOPs! While the cloud is generally our friend, on-prem solutions should also be considered in case the network connections are severed.
The New Agile, Privacy-first, Secure Business
- Agile DevSecOPs Organizations will transform the way we do business - with holistic security integrated within all Business workflows, applications, from the web, mobile, back office, and more!
- An AI-based Algorithmic Business for Behavioral Analytics - There has been a dramatic shift in the way we intact with customers from Digital Transformations, and now AI tools will analyze, report and remediate anomalous behaviors
- Big Data will require businesses Agile and real-time with Analysis and Control - Imagine manually analyzing millions of log files, can’t be done. Enter newer real-time diagnostics and remediation as well as continuous reporting.
According to Sharma, “Times are changing with newer 4.5G/5G technologies and local secure WiFi-only solutions, supporting IoT, mobile video, smartphone payments, the tablet-based point of sales, cellular-powered digital signage, and wireless broadband connectivity, including newer combo-Tablet-TV Tables, and combo video gaming point of sale devices.”
Enter the Hybrid Cloud, from the Megaplexes in Public Cloud, to the Enterprise-hosted Private Clouds to newer Carrier-hosted local Edge Clouds.
While some feel the Cloud will solve Privacy and Security concerns, the reality is while they provide some rudimentary support, they are not enough and may actually introduce additional vulnerabilities.
A new Agile DevSecOPs Hybrid Cloud from on-prem, to carrier, hosted edge cloud, to the megaplexes, is likely to occur that not only monitors, controls, and remediates the Enterprise applications and databases, as well as network and server resources, but can dynamically move workloads between the multiple clouds, while maintaining high levels of quality of experience, and ensuring privacy and security is maintained.
Business and technology leaders need to urgently recognize the need for a holistic approach to cybersecurity and understand the risks that cyber vulnerabilities and threats present to their business in a Privacy First future especially in the new world of GDPR, and heightened regulations now on privacy by the State of California. The C-suite needs to assess how secure is their infrastructure and their firm’s current use of personal data and the potential impact GDPR requirements and restrictions will have on their business model going forward.
Edited by
Ken Briodagh
