Year 2020: Security Threats in the Coming Year


Moving into a new year, we can expect the trends in information security from the last several years to continue to evolve and affect the methods criminals will use in exploits and the industry’s defenses against them. A few of these, such as the continued migration to the cloud, mobile technologies, and the use of machine learning affect the methods employed by both sides. With a shortage of skilled professionals in cybersecurity and the rapid advance of software development, we can expect serious competition for our data and information security. Here we will take a look at what experts in the field are saying lies ahead in the coming years.

Ransomware

A major method of attack in 2019 was ransomware. While previously online “gangs” would target institutions such as banks in massive multi-million dollar attacks using banking trojans, moving forward it is expected that the focus will shift to smaller attacks on small to medium sized businesses. This is due to it being easier to anonymize smaller attacks, with the profits easier to launder because of less interaction and sharing with physical street gangs in the laundering process.

Phishing 

Phishing will remain an important method in initiating attack, with mobile increasingly becoming the primary vector for phishing attacks aimed at stealing credentials. While conventional secure email gateways are adequate in blocking phishing emails and dangerous URLs, these methods often neglect to defend  mobile attack vectors from account takeover attacks. Personal email, social network accounts, and SMS/MMS messaging can be vulnerable to these attacks.

The Cloud

With business infrastructure increasingly making the move to the cloud, the focus of attackers will follow. This comes with the expected consequence of making attacks more difficult, requiring more sophistication and frequency of attacks which will increasingly rely on luck rather than careful planning and execution. A benefit to corporations using cloud infrastructure is redundancy for data storage and a greater assurance of server up-time. This migration to the cloud should improve security for most, although what attackers will be able to do with machine learning attacks on the cloud remains to be seen.


Having been talked about for several years now, 5G mobile technology will begin to be adopted across major metro areas in late 2020. This increased bandwidth and speed will give rise to a number of new IoT devices and create an uptick in edge computing. With IPv6 adding so many new devices, each one posing a potential risk as an attack vector, companies will need to reevaluate and rethink their threat models. The traditional infosec issues of authentication, confidentiality, authorization, availability and data security will be magnified with the huge build-out of 5G and must be accounted for with an updated risk paradigm.


As for authentication methods, we can expect a move from two-factor (2FA) to multi-factor (MFA), to include biometrics. Implementation of one-time authorization codes (OTAC) will help to provide 2FA circumvention of phishing attacks. Organization are expected to adopt these practices to address credential theft and maintain regulatory compliance, especially those holding highly sensitive data. They will have to contend with more specific phishing attacks leveraging machine learning to optimize attack campaigns. Once done by hand, phishing lures of the 2020s will be tested by AI algorithms in order to improve conversion rates. Phishing domains will even be generated and registered by algorithms independent of human intervention.

Social Engineering and OS Issues

As has always been the case, often the weakest link in the security chain is the human element. We can expect to see an increase of insider attacks in 2020. These occur when an attacker either offers to money or extorts sensitive information from someone working for an organization. This can be achieved through compromising social media accounts and using social engineering methods. This is a low-tech way of breaking security, but often one of the most effective. Some attackers may offer considerable sums of money or cryptocurrency to insiders depending on the target’s position in the company.


One final thing to consider is that Microsoft will be ending support for Windows 7 in the middle of this January. Any businesses and other end-users still using the OS will face the issue of no longer receiving patches and updates, even in the event that a security vulnerability is found. It is expected that at least one significant attack will leverage a Windows 7 end of life vulnerability in the same way that attackers did when Windows XP support came to an end.


These themes will shape the security landscape of the next few years. The interplay between the security professionals and infrastructure meant to protect organizations and those who seek to steal their data will continue to evolve, shaped by emerging technologies. Those organizations best able to defend themselves will be those who anticipate and prepare to resist new and enhanced methods of attack.

STST Inc. is South Texas’ source for professionally designed and integrated security and access control systems.

To set up an appointment to get a quote on your project,

Call us at 210-446-6306

or send an email through our website:

www.securitytechnologyofsouthtexas.com/contact-us/

Moving Into 2020: Video and IoT Trends

             As 2019 comes to a close and we begin to look forward to the next decade, we can now reflect on the year and the trends that have begun to influence both video surveillance and the physical security industries. December tends to be the start of a lull in business, including for the end user. Many businesses can be reluctant to make new purchases in security, or of any kind at the close of the year, and so those in the security industry also feel this slowdown. Still, this time offers us the chance to look forward and prepare for the coming year and beyond.
Here we will look into the security trends we expect in the near future.
—————————————————————————————————————————————————————————-
Cybersecurity for IoT
            IoT device security will continue to be a major focus, as it has been throughout 2019. Threat actors will continue to target IoT devices at the enterprise level in order to attack business infrastructure. In fact, more than 30 percent of denial of service attacks are targeting enterprise IoT devices already. Because these threats continue to evolve, the IoT and physical security industries must make an effort to keep up with cybersecurity trends and take measures to implement defenses against these threats. Still, many integrators continue to ignore this aspect of the field simply out of a lack of knowledge and a failure to properly gauge the severity of the threat.
             One of the best solutions here are automated tools, which are more advanced than ever. These tools can seamlessly integrate IoT hardening without  requiring a significant level of cybersecurity knowledge. These tools can give a complete asset inventory, secure those assets, and then insure compliance through ongoing monitoring. Automated tools also offer reports to the end user which can be helpful in filling in security gaps and determining where weaknesses and potential breaches in infrastructure are at. It is critical for the modern integrator to adopt such hardening tools to implement security from the beginning and throughout the life cycle of a system.
—————————————————————————————————————————————————————————-
Device Monitoring
               With IP cameras and other IoT security devices continuing to proliferate and expected to grow to billions of connected devices with IPv6, the demand for services that can assure and track physical security assets will grow alongside them. These device monitoring services track physical assets, monitor the performance of physical security and help with life-cycle management. Real-time management can be achieved through software platforms offering remote connections. These platforms help security integrators to assure system compliance, increase system up-time and performance, all while lowering the overall cost of maintenance. Such services also offer the benefit of RMR to the integrator through remote monitoring service contracts.
—————————————————————————————————————————————————————————-
The Cloud
                      Much has been said about cloud computing, and it is perhaps one of the most important pieces of the modern internet, allowing off-site data storage and processing using the resources of cloud service companies rather than requiring traditional on-site server setups. Ease of use, reduction in cost, and the simple fact that cloud computing has been critical for the last several years all lead to the end-user wanting these services.
                      Decision makers want to move hardware off premises and are looking for cloud-based solutions to video, access control, device management and monitoring. This demand will increase with time as the cost of entry goes down and cloud computing becomes the gold standard for IoT security platforms. Access control software will be hosted in the cloud, with the data from IP cameras and other security infrastructure fed into it, processed, and stored.
                     There is the issue of upstream bandwidth limitations for some larger commercial security and surveillance deployments. But with 5G coming in the early 2020s, and storage becoming cheaper every year, this is something that will likely be solved in time. In the very near future however, expect some video storage for larger facilities to remain on-site along hybrid solutions involving the use of the cloud for analytics and event video archiving.
                      Another advantage of the cloud is that it streamlines software updates for applications and firmware. Failure to manually manage such updates has historically been a problem in maintaining a hardened network. The cloud allows both these updates as well as new features to be deployed rapidly and securely, all while reducing the costs for integrators.
                        These are all security themes we can expect to continue to grow into the coming years, and the opportunity to remotely service security systems through improved wireless and cloud infrastructure will be leading the way. We can expect the key security changes of the last 5 years to be predictors, ultimately leading us to an age of extremely fast and hardened wireless security that is fully scalable and as cost efficient for both the end-user and integrator as possible.
—————————————————————————————————————————————————————————-

STST Inc. is South Texas’ source for professionally designed and integrated security and access control systems.

To set up an appointment to get a quote on your project,

Call us at 210-446-6306
or send an email through our website:

Why Smaller Businesses Can Be More Susceptible to Hacks

 

 

The last few years have seen major breaches at sprawling corporations such as Facebook, Yahoo, and Marriott Hotels. The list continues indefinitely, and the total losses amount to many billions.

Between overreaching government surveillance, ISPs monitoring us, and the world of cyber-crime, online privacy continues to shrink. Today’s children will never have known the Internet of the past before the total control of tech monopolies and so-called “bulk” data collection efforts of both domestic and foreign governments. Because many of these tech giants do not adequately protect against hacking efforts, even with their massive budgets, the small to medium business owner might feel that these outcomes are unavoidable, and therefore take no proactive measures against them.

Corporation tend to ignore the signs leading up to a hack even though attacks have been steadily rising through the years. They instead prefer to mop up afterwards, and so have set a trend for poor information security. Still, these megacorporations do possess the resources to strengthen their cybersecurity, and so the online criminal element often decides to target the smaller players.

In fact, many dozens of smaller businesses are targeted each month with the attacks being launched from all over the world, many times from overseas. This is despite some smaller business owner’s argument that their small size alone is enough deterrent. They tend to imagine a hack that pulls off something more extreme, such as a ransom on their networks, but most attacks aim to steal and sell people’s data and identity.

Today’s attacks are carried out with robust yet freely available and highly automated tools such as Metasploit and the Kali Linux operating system. It is often not necessary to have knowledge of programming or the ability to write your own scripts in order to lead an effective attack against a network, and as much as 80 percent of all data breaches are a result of weak password security.

Many people and companies will reuse the same weak passwords across several sites, platforms, and networks. Once one of these is compromised, the rest tend to follow. Passwords can be compromised in any number of ways, with the weakest susceptible to simple brute force attacks or rainbow table attacks against stolen hashes (an encryption technique) of the passwords.

It is not uncommon for CEOs and owners to be unaware of exactly the password policies their management have set. Experts in information security have long emphasized that although these policies must necessarily stem from upper-management, everyone must be on-board and playing their part. Frequently changing passwords and making sure to eliminate permissions for any ex-employees right away is critical, as there are many online grey-markets where sensitive network information can be sold.

A common assumption is that an effective cybersecurity infrastructure is by its nature expensive.  A company does not need thousands in budget to make themselves at least less attractive to criminals however. Keeping online credentials private and not sharing login information between employees goes a long way.

Effective security often operates on a “need-to-know” basis. VPN services are cheap, easy to use, and grant so many benefits that not using one is a mistake. From avoiding ISP throttling and surveillance, thwarting region restrictions, and creating an encryption tunnel between you and the Internet, these services can be invaluable. Certainly you should not connect to a public WiFi without going through your VPN. Finally, many enterprises use password management apps and software, which by default provide security.

Brivo and Eagle Eye Network Integration

Brivo and Eagle Eye are now working together for total system integration of access control systems and cameras. With the ability to review live events and to record video to a Brivo Onair interface, this cloud-based solution is pushing the envelope in networked, cloud-based access control.
————————————————————————————————————————————————–
With Brivo Onair being fully integrated with Eagle Eye Networks, a fully comprehensive access control and video surveillance solution can be designed from the ground up. The platform exists in the cloud, taking care of the processing needed for access control and video monitoring, and it can be accessed and administered from anywhere, with any computer with a web browser.
————————————————————————————————————————————————–
An intuitive interface enables integration with Eagle Eye networks and makes administrating a system simple. On the Brivo home page are two new shortcut buttons. One of these accesses Brivo Mobile Pass, and the other takes you to the Eagle Eye video integration panel.
————————————————————————————————————————————————–
By logging into your Brivo Onair account and entering your Eagle Eye credentials, you have now created a link between the accounts. The next step will be to associate existing Eagle Eye cameras with the Brivo Onair account. Once this is done, you can access the Eagle Eye Directory in the sub-menu of your Brivo Onair account. This directory page will show you all Eagle Eye cameras that are presently associated with the Brivo account. In order to add new cameras, simply click the New Eagle Eye Camera button. On this page you can name each camera and associate both sites and devices to it.
————————————————————————————————————————————————–
This seamless integration between these two top-level access control and video monitoring companies gives you incredible ease of access, simplicity of administration, and cutting edge security for your building or site. STST is experienced with both Eagle Eye and Brivo systems and is the answer to your access control needs in South Texas.

————————————————————————————————————————————————–

Security Technology of South Texas is an authorized integrator for many surveillance and access control manufacturers and has designed systems with this kind of functionality.

————————————————————————————————————————————————–

Please contact us at  admin@gostst.com on our website

or by phone at  210-446-4863   24/7