Future Of Security
Watch the following video on the future of network security: https://www.youtube.com/watch?v=U7UBQ4-2MR4
Create a list of your top 10 security considerations, challenges, or goals for securing computers and networks in 2020.
Original post- 350 words
Respond to two classmates with 150 words each resposne.
Response#1(Derek)
Here is a list of my top 10 security considerations, challenges, and goals that should be addressed presently:
1) Software/APPs/hardware are not developed with security in mind. And, they’re rushed onto the market before understanding many of the vulnerabilities. It has become a hodge-podge of security patches and fixes after the fact, which takes away significant time and resources from a security professional’s daily tasks.
2) One consideration should be to design security into the software/APP/hardware using the systems design approach, so security is baked-in.
3) As more devices connect to the internet, more targets with vulnerabilities exist. This includes the Internet of Things and Cloud computing. As the IoT explodes and 5G comes online en masse, the problem of securing these devices will be a major challenge for security practitioners.
4) Mobile devices should consider implementing encryption for all uses. Encryption for communications and hard drive encryption for data should be a standard practice.
5) Utilize machine learning for security analytics to better determine patterns and trends in cyber threats is an approach that can highlight where precious resources should be focused.
6) Better education for consumers is a challenge, as most people are passive and believe “it won’t happen to me.” Organizations of all types must do their part to improve cyber security awareness, rather than relying on the government to be the consumer advocate, especially for the IoT.
7) Sharing of cyber threat intelligence would benefit organizations of all sizes, so they can mitigate vulnerabilities once they are discovered. If vulnerabilities are known to a few, but unknown to the rest because of poor information sharing, then the security is not functioning as it should be. Consider this: If you knew a bank was going to be robbed, but you didn’t know exactly which bank, but failed to notify all of the banks in the area so they could take precautions, have you improve security?
8) Since IPv6 comes with IPSec capabilities, thus allowing for secure VPN communications, this feature should be utilized at every opportunity. This security feature is slowly making its way into newer systems, as IPv4 is slowly being replaced.
9) Self-* technologies should be further investigated and adopted as a means to mitigate information security risks. While machine learning is still in its infancy, significant improvements in what it can accomplish have been well-documented. The future of IT security belongs to artificial intelligence to combat threats and cyber risks associated with the IoT. Eliminating the human factor has shown to improve security efforts in both technology-based risks and physical security.
10) IT security professionals should be better aware of the APT from nation states and cyber terrorism. Those involved in SCADA-related systems are on the frontline of defending against such threats to critical infrastructure. However, nation states and cyber terrorists seek to use weapons of mass disruption through cyber space to attack targets of all sizes, big and small. They have no problem attacking a small business or non-profit organizations, for example, that may be aiding their enemy or simply attack because of differing political view points. Hacktivism from groups such as Anonymous are on the rise.
In the past, attacks from organizations such as PETA and other left and right wing extremist groups have occurred on the streets. Now the attacks are occurring in cyber space more frequently. At the same time, cyber criminals, who have little fear of being caught, have increased their presence online, as the trend toward online crime continues to rise exponentially. Therefore, regardless of the size of an organization, if an opportunity to attack presents itself, there will be someone there to exploit any vulnerability discovered. IT security professionals should be aware that not every attack is motivated by money or thrill, but may be to seek revenge or send a political message to the masses.
