Prominent changes in the trajectory of the Cyber-security space Part 2

Click here if you prefer to listen the episode.

Free quick start guide — Master your business protection

In the previous episode we have covered six of the twelve prominent changes in the trajectory of the cyber-security space. Today we will continue with the remaining six because those changes are your compass for the right approach to your personal, professional and national protection.

Change #7: Shift on the attack surface ground

For the majority of people cyber-attacks were only taking place at the software level realm, yet the last two years have proven without any doubt that today’s attacks have expanded to the hardware level with backdoors, attacks have become more unpredictable with zero days and way more deceptive in combination with social engineering. Furthermore, with the plethora of devices owned by individuals and organizations the attack surface ground is constantly growing from your computer, tablet and phone to your TV, vacuum, laundry machine, kettle and even baby monitors.

Change #8: Shift on skill set for the perpetrator & the protector

In the past it was a matter of skill set in terms of performing an attack. The cyber-criminal needed technical skills to perform an attack. However today due to the leaked CIA and NSA tools and the plug and play tools elite hackers have set up on the web using illegal marketplaces the only skills perpetrators need is an ability to access the dark web, a fairly low dollar credit and the IQ necessary to follow basic instruction like click here and connect there. Everyone has the ability to hack systems. The focus of protection in the past was on systems meaning that one of the most important technical skills were network and internet security, setting up firewalls, installing and updating antiviruses and monitoring through network monitor systems.
Today as we are facing sophisticated undetectable and highly deceptive cyber-attacks the skills required by cyber-attackers and protectors have to do with the ability to value data, the impact of an attack on that data, how to gain or restrain the access to that data and how to prevent or enable a supply chain of impact. The sophistication of an attack is calculated based on the design and strategic plan behind a successful attack and the duration of impact and profit. At the end of the day it all comes down into how good both sides are in seduction, illusion and deception.

Change #9: Shift in protective measures, controls & tools

I have talked to you about leaked sophisticated tools, ready for anyone to use, undetectable attacks and so many other situation enabling factors of a new approach and methodology of attacks. That means that the tools that we have in our current arsenal of protection are not enough to help us defend against the new challenges of time. In the past you needed an antivirus and a firewall. Now, those are only good for known attacks. Zero days, back-doors and today’s most common attacks require skills which can be obtained only through specific training and strategic planning.

Free quick start guide — Master your business protection

Change #10: Change in focus

In the past cyber-criminals were focusing on how to penetrate systems and they had to discover vulnerabilities in them. Today all these are available at any time. The only thing they need is an opportunity to get the victim to trigger it and that is all achieved by examining and exploring human behavior and psychology. Again, it all comes down to seduction, illusion and deception thus security is human-centric, and we have moved from vulnerable systems to vulnerable behavior.

Change #11: Impact of attacks expansion

The last two years have definitely demonstrated the expansion of cyber-attacks to all areas of our lives. From our personal privacy and physical protection, to our career and businesses survival to even our nations protection and function. We have seen from attacks against hospitals and organizations, mass attacks regarding identity theft, to shutting down the power grids of a country, to hijacking airplanes and to controlling the nuclear reactors of a country like Ukraine. Just look around you. Every day we hear about politicians exposed online and confidential documents in the wild. Security has become the common denominator of all infrastructures of life.

Change #12: shift of mentality approach

In the past the mentality was about detection and correction. As soon as they discovered an attack they would do as much as possible to detect it, avoid its penetration and damage and to recover. Preparation was much less of their focus. Yet what recent history has demonstrated it that this mentality is causing security to fall apart. That is why we are moving from the era of reaction to the era of anticipation. Anticipation is all about knowing from before and being prepared on how to avoid an attack, how to prevent not only known but undetectable attacks and how to detach the impact an attack can have on your data.

Let’s finish this episode with a tweetable.

Security has become the common denominator of all infrastructures of life.

Apply what you learn immediately. Free quick start guide — Master your business protection

About Yiota Nicolaidou

Yiota Nicolaidou is on a mission to eliminate terrorist and information security attacks (both cyber and physical) on businesses, by demystifying their security and simplifying their protection. Yiota is a former Communications Affairs Attaché for the Cyprus government, a Safety Critical Infrastructures adviser and Director of Regional Control Center of Operations for the Cyprus Civil Defence, information security analyst & strategist for the Cyprus Cyber Security Organization (CyCSO) NPO, an ambassador and correspondent for the Olbios Network for Action and finally, the founder of Secure World Vision, an international company enabling businesses to protect their valuable assets. Trained in Safety Critical Systems and Highly Classified Information, Yiota was the star pupil and mentee of Professor Dhiraj Pradhan, an ACM award winner and adviser, amongst others to NASA. Her academic qualifications include a degree in Hardware Design, a master’s in Advanced Microelectronic Systems Engineering with further specialisation in fault tolerance, hardware security, usable security & human brain functionality. Yiota’s expertise has been sought out by top semiconductor companies, Boeing, the European Space Agency, Europol, and governmental agencies fighting cyber-terrorism; she has also undertaken government-based safety critical infrastructure re-design related to public protection and the state. Yiota focuses her training model on holistic security, strategy and mental behavioural models. She also helps non-profit organisations by supplying them with the required technological tools.Featured as a female role model in Cyprus. You can learn more at https://www.yiotanicolaidou.com and https://www.secureworldvision.com

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yiota Nicolaidou

Owner & CEO Secure World Vision🤓 Mission: Protecting human lives, safety critical systems & business information #secureworldvision #infosec #cybersecurity