Remember meForgot password?
    Log in with Twitter

article imageQ&A: 5G could be used by bad actors to attack businesses Special

By Tim Sandle     Nov 26, 2020 in Business
Businesses face a large array of challenges in 2021, and among these are data security and data privacy issues. Many of the cases developed in 2020 are likely to be exacerbated in the following year, according to a leading expert.
To gain an insight into the future points that businesses need to content with, Digital Journal caught up with Mike?Riemer, Chief Security Architect at Pulse Secure.
Digital Journal: Will we see an uptick in bad actors capitalizing on the growth of 5G to execute coordinated attacks?
Mike?Riemer: 2020 has reminded us how nimble cybercriminals can be. The rise in 5G devices and networks will undoubtedly catch the attention of consumers in the coming year, as cell phone carriers such as AT&T look to scale standalone deployment in 2021, and new products such as the iPhone 12 advertise 5G capabilities. The technology is predicted to completely transform the way we work and live by linking numerous aspects of our lives to faster and lower latency networks. The spotlight on this technological revolution will also draw the attention of state-sponsored and other cybercriminals, who will seek to develop sophisticated and aggressive plans of attack that can leverage the increase in network connectivity to carry out ransomware attacks.
DJ: Will financial institutions will at the most at-risk industry for cloud-jacking?
Riemer: As companies across industries continue to move towards hybrid IT environments, the threat of cloud security breaches is at an all-time high. Financial institutions, which have traditionally been slower to adopt cloud technologies due to heavy regulations and security concerns, accelerated their digital transformations in 2020 as COVID-19 brought about new challenges. These businesses are now faced with a customer base seeking digital-first services, and they are leveraging cloud-based infrastructure to maintain customer satisfaction. As a result of this rapid transition to a hybrid cloud environment, we could see the cloud-jacking of a major financial institution that results in bad actors gaining control of highly sensitive customer information.
DJ: Is the Twitter employee hack a sign of more sophisticated phishing scams to come?
Riemer: In July 2020, bad actors leveraged social engineering techniques, which involves manipulating people into giving up sensitive information, in order to pose as internal IT staff and convince Twitter employees working from home to enter their login information. The phishing attack resulted in numerous high-profile Twitter accounts, like Barack Obama and Elon Musk, being hacked. Twitter was ultimately found to have insufficient internal controls and a lack of cybersecurity regulation, which contributed to the incident.
The brazen nature of the Twitter attack shows bad actors are using social engineering to raise the stakes, and we can expect to see more of these high-profile orchestrated events in 2021 as remote work continues and cyber criminals look for new, creative ways to infiltrate organizations. The incident represents a new focus on remote users and remote connectivity, whether through VPN tunnels or other remote connectivity forms. In response, companies must prepare now with the appropriate end-user education and adopt an adaptive risk and trust threat assessment mentality. This can be accomplished by adopting a Zero Trust approach founded on the principles of continuous verification and authorizations that allow organizations to have better visibility and insight into what is, and is not, typical behavior for an employee.
DJ: What are risks around the Internet of Things?
Riemer: A lack of segregation between company IoT/IIoT devices and the rest of the network will result in an increase in breaches.
Most organizations have network-level, port-based security on IoT devices, but it's really the internet-connected operational technology (OT) assets that these devices are communicating with and this is where the security focus needs to be, especially since a lot of those OT systems are going to the cloud. We will see more hackers looking to infiltrate a host OT system on the web to gain access to various tenants. From there, these bad actors can go in and hit an IoT device on somebody's network and drop some sort of bot or ransomware on it that then goes after the internal systems.
In the Industrial Internet of Things (IIoT) market, which has been around a lot longer than the IoT market, devices also present a growing risk to organizations. These machines, which are used in manufacturing sectors and applications, have traditionally had a legacy connectivity to OT systems that has taken place outside of the internet. However, similar to the IoT market, we have seen the manufacturing move those OT systems to a cloud environment, opening up the entire organization to intruders.
Maintaining the security for OT systems is going to be critical, which is why companies must implement processes and technologies that ensure the IoT devices or IIoT devices talking to the OT systems are what they say they are and haven’t been hijacked.?It is important to ensure that any type of interaction happening between IIoT/IoT devices and OT systems occurs away from corporate content. This means setting up strict parameters to keep networks as secure as possible.
More about Mobile communications, 5g network, Bad actors
Latest News
Top News