November was a scary month in California. After four years of drought, the forests and towns in the northern part of the state exploded into wildfires, displacing thousands of residents and destroying millions of dollars of property. The foul air in San Francisco and the surrounding areas was a sordid reminder of the ordeal and a warning that once adverse conditions exist disaster can strike at any point.
We can’t help but draw parallels between the adverse fire conditions in California and the adverse risk conditions in the digital world. There are many unaddressed risks out there that make the possibility of a big security disaster in the coming months very real.
There are new, widely relied upon technologies that do not have established proven security practices attached to them yet. These are
While the new technologies create new threats, the old risks remain. Vulnerabilities still exist in third-party platforms, like Wordpress & Joomla. Because of poor user practices and the long window between the actual compromise and the discovery of the problem, the danger of these vulnerabilities being exploited still looms over most online businesses.
On top of that, the attackers are getting smarter. It’s an old truth that to protect, you need to protect everything, but to attack, you need only to find a single vulnerable point of entry. The new generation of attackers uses two strategies: broad scanning for accessible entry points and highly targeted spear-phishing attacks. In both cases, the attacks are frequently enhanced by AI/ML tools that generate daisy-chained exploits on the fly. In his recent Forbes article, Ivan Novikov describes how attackers use AI technologies today and what we can expect in the near future.
With these high-level threats, it’s surprising that security incidents have not been worse. It’s up to us to stay prepared, be ready to discover and recover, and try to compartmentalize and minimize risks.
While all we can do for California fire victims to send them our prayers and DONATIONS (Select California Wild Fires from the drop down) to help them rebuild, we still have time to audit our systems for security and make sure that we are protected and any damage there may be is contained.
“Fire Danger Rating” on “High” in Security Climate was originally published in Wallarm on Medium, where people are continuing the conversation by highlighting and responding to this story.