As the number of connected devices and systems grows, so does the number of threats we have to defend against. Security professionals came together at the Gartner Security & Risk Management Summit to learn how they can defend their organizations against the threats that exist today and those they expect to face tomorrow.
There were a few questions that came up repeatedly among visitors to the A10 booth. Some of the questions were ripped from the headlines, like those about cryptomining, and some were more evergreen, like those about how security teams can communicate better with leadership.
Here’s the answers to the top three questions we heard most frequently:
Cryptocurrency isn’t the currency we need to worry about, it’s the sneaky cryptomining. This year has seen a big surge in the practice of hijacking computers to perform resource-intensive processing tasks. This practice has been a nuisance in recent years, but now it’s become popular enough among hackers to impact business operations. Use machine learning to monitor your network activity for unusual activity that includes short incoming messages and long outgoing messages.
There is a lot of uncertainty around General Data Protection Regulation (GDPR), and the stakes are high for enterprises that interpret the regulation incorrectly. We heard mind-twisting questions like, “If a user emails us their request to exercise the right to be forgotten, do we have to delete the request?” and “If we can’t keep users’ records, how can we prove we ‘forgot’ someone who asked to be forgotten?” A lot of the questions we were asked should have been directed to in-house counsel. Security professionals need to think more about data classification and sharing practices overall, and leave the nitty-gritty details to the lawyers.
As more enterprises move greater segments of their operations online, security is more important than ever. Yet it’s not unusual for security activities to be treated as separate from development, which leads to the perception that security is a roadblock to agile roll-outs. Security leaders need to get involved in the planning stages of a digital transformation. If decision-makers don’t provide the proverbial seat at the table, then security leaders need to find back-channel ways to help developers build security into the coding process. Easy? No. Necessary? Yes.
We’re going to see more attacks via IoT, of course—no surprise there. We’ll see more damaging attacks as hacking syndicates like Carbanak/FIN7 assign structured teams to assault specific targets. And we’re sure to see more DDoS attacks as hacking continues to be productized on an as-a-service basis available to anyone who can google directions to the dark web.