Current Cyber Security Landscape

The current cyber security landscape is complex. Attackers develop new and ingenious methods of compromising systems on a daily basis. Intrusion tools, originally developed by the intelligence agencies of nation states, have been leaked, reverse engineered, and then made available to anyone clever enough to know where to look for them. New credential breaches are published on breach notification services, such as haveIbeenpwned.com, etc every few days. Exploit frameworks are updated to leverage newly discovered vulnerabilities.

Every month a new set of vulnerabilities is patched by vendors. Security researchers continue to find vulnerabilities in applications, products, and operating systems. Often vendors are able to release updates before knowledge of those vulnerabilities makes it to the public. While vendors are usually diligent in releasing updates to address vulnerabilities, information security personnel don’t always get around to installing those updates in a timely manner.

In the current cyber security landscape, attackers are finding it simpler to monetize their activities, either by deploying ransom ware that encrypts a target’s data and system and demanding payment for a solution, or by deploying coin mining software that generates crypto- currency using the resources of the target organization’s infrastructure. Making a profit by compromising a target’s infrastructure is becoming easier. This is likely to lead to a more, rather than less, aggressive cyber security landscape.

The current cyber security landscape is vast and likely impossible for any one individual to comprehend in its entirety. There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention. These include, but are not limited to:

·        Technology lag

·        Application development security

·        Skill gap

·        Asymmetry of attack and defense

·        Increasing availability and sophistication of attack tools

·        Monetization of malware

·        Automation of Detection

·        Internet of Things

·        Transition to the cloud

·        Increasing regulation