As the cyber security space heats up in 2018, stay in the know with the latest trends, news topics and threats to help your business stay informed and on alert.
Industry Updates
Google will mark all HTTP sites as non secure by July 2018
With 80% of all websites loaded on Chrome using HTTPS since the beginning of 2018, Google is pushing the non-secure players out of the game. Announced on the Google Security Blog earlier this month, by July of this year all HTTP sites will be marked “unsecure” across Chrome browsers.
What does this mean for HTTP sites and internet users? There will be increased visibility into the security of sites with a “red flag” following those operating without SSL.
This is good news for user visibility and although a step closer to a safer online marketplace as well, this is not to say the HTTPS model is foolproof as we will report in the latest security threats of this month.
NEWS WORTHY
Leading organization backing cyber security funding doubles down
When a top organization taking on cyber security doubles down on an internet protection initiative – you know it means business.
The year of 2017 marked a milestone in businesses and the greater public feeling the widespread impact cyber threats can have. With the buzzing headlines and aftermath of last year’s global hacks such as the Equifax and Ashley Madison attacks where cyber criminals stole confidential information from thousands: it is undoubtedly internet security is becoming a personal matter.
The Director of National Intelligence, Dan Coats has recently even called this a top priority of greater concern than weapons of mass destruction and terrorism. (Really, more of a priority than terrorism?) And some of the biggest names in cyber security funding are raising their bets. One of the top grant makers in the space, the Hewlett Foundation, has doubled down on its Cyber Initiative that started in 2014 with a new 5 year, $50 million commitment. This new funding brings the initiative’s total support to $130 million over 10 years with major plans to create a diverse cyber security infrastructure capable of preventing and tackling threats.
The foundation views its role differently than that of the government and industries, with a focus towards bridging the gap between immediate threats and long-term policies. Hewlett also wants to draw more attention and encourage funding in cyber security from the grant making community.
Staying aligned with Hewlett President Lance Kramer’s revised grant-making strategy – here’s how they’re doing it:
- Build a set of core institutions with the capabilities to respond quickly and confidently to the emerging needs of cyber policymakers.
- Create a pipeline of individuals who possess the right mix of technical, legal and policy skills to staff in key institutions, government and industry positions.
- Utilize the talent pipeline to foster the infrastructure needed to translate and disseminate policy ideas and solutions to decision-makers and the public.
With the forecast of cyber security threats continuing to exceed in importance; this approach towards investing in an enhanced infrastructure to take on the issues of current and future generations will become more prevalent- even in the philanthropic community.
Latest Technology in Automated Vehicles focuses on Cyber Security
Self-driving, connected and autonomous cars are becoming a great possibility for the near future. With millions in research invested by industry manufacturers and suppliers, consumer curiosity is growing and demand is developing with each mention of this cloud based transportation.
As we move towards a new generation of awe-inspiring vehicles that oversee acceleration, steering, braking, as well as infotainment and navigation systems – the risk of cyber attack is real; and real life-threatening at that.
Two major players in the industry, Panasonic and Trend Micro have just announced they are teaming up to develop a different type of technology for the market. Joining forces to bring cyber security solutions to this cutting edge industry, each company will leverage its specialized technology to develop systems that detect and prevent attacks on electronic control units (ECU) in these new vehicles.
“Hackers taking control of steering and braking systems in connected cars are real,” the companies said in a statement. And these threats just scratch the surface on the potential risks faced with a generation of vehicles running off of automated technology. As the industry grows, new security vulnerabilities are being discovered each day putting emphasis on constant monitoring of new attacks and translating that into improved security measures to implement.
With Panasonic and Trend Micro working towards their solution that is planned to be offered commercially by 2020, the industry as a whole is adopting this joint approach to putting security first. The Automotive Information Sharing and Analysis center is one example. Originally developed in 2015 by US-based car makers, the center acts as a central hub for sharing, tracking and analyzing intelligence about cyber threats, vulnerabilities and incidents related to connected vehicles. Members have now expanded to car makers in Europe and Asia as with any developmental industry facing constant cyber threats, companies must rely on each other to have the best chance at identifying and alleviating risk.
The most important matter in this new-age industry comes with the undeniable risk imposed when the public puts their lives in the hands of automated technology. And as investor and consumer interest continues to boom, the race for better, more adaptable security, monitoring and information sharing systems will be the primary factors dictating the industry’s success.
LATEST THREATS
Cyber-Criminals are flipping the script on “secure” HTTPS traffic
As reported on above, the latest push for HTTPS sites by Google is coming to a head starting July, 2018 where all sites without SSL be marked as unsecured within Chrome browsers. Part of the success in pushing all sites to run on HTTPS comes from the rise of free and low-cost SSL certificates being offered, which has helped enable the widespread adoption of data encryption we see today.
But even with Google’s push towards a safer online experience; cyber criminals are flipping the script on what we deem to be “secure”.
Thanks to this lowered barrier in obtaining SSL certificates, adverse effects are being introduced as cybercriminals can also get their hands on legitimate digital credentials. According to threat detection tools run under the security firm Zscaler, their systems blocked a reported 30% increase in SSL-based attacks over the last six months and a 300% increase in SSL-delivered phishing attacks through 2017.
So what does this boil down to? Cyber criminals are now using legitimate SSL certificates to carry malicious code.
With most companies and users assuming SSL traffic to be secure, security systems in place to monitor network threats are merely taking cursory looks at HTTPS sites creating a huge blind spot for IT protection. And what’s more – it is now being discovered the way certificates are exchanged could also allow new cyber security threats to be developed. Before a secure connection is made in the exchange process, systems have been discovered with the potential to bypass detection methods that don’t inspect certificate values. Basically, SSL certificates can be exchanged illegally.
Although the widespread impacts of these new threats are still unknown they do reflect the need to evolve stricter SSL security protocols to better protect networks and their users. Encryption alone doesn’t guarantee safe traffic and the current measures in place to protect us also can not without continued improvement.
Stay in the know with the monthly updates and up to the minute critical threat vulnerabilities by signing up for our newsletter.
