|Figure 1- Cybersecurity: Changing Threat Landscape|
The constantly shifting threat landscape can be daunting to follow – and it shows – in fact, the 2016 Vormetric Data Threat Report states that, “64% of IT execs think achieving basic compliance will stop most breaches.” With the increasing nation-state threat, breaches are becoming more sophisticated and creating APTs (Advanced Persistent Threats) with new levels of potency.
The “script-kiddies” of yesterday, taking advantage of single exploits, have grown up to become a highly trained, educated and government-sponsored team of professionals. This team is dedicated to stealing a target’s IP (intellectual property) and/or using that company’s weaknesses to damage an entire industry. The scale is massive, and the threat is real.
|Figure 2 - Verizon 2015 DIBR|
Amidst the growing and changing attacks on the cyber front, many of the fundamentals have not changed. It is still true that most exploited vulnerabilities – 99% in fact, according to Verizon’s 2015 DIBR (Data Breach Investigations Report) -- came over a year after that exploit had been discovered and patched. The importance of patching will continue to be critical to a secure infrastructure.
Want to get a real feel for insecurity as it exists today? Try searching for protocols or devices you hold near and dear to your heart through the SHODAN connected-devices search engine at https://www.shodan.io. You should not find a device-speaking Modbus or EtherNet/IP directly connected to the internet, but you will.
|Figure 3- Inside The Aftermath Of The Saudia Aramco Breach|