May 11, 2022 3:04:22 PM

Emerging Threats Take Advantage of an Expanded Digital Attack Surface - The Concept of Cyber Security Expands

Threats related to the cyber world are growing and affecting the real world. New threats take advantage of an expanded attack surface – for example, the number of devices and the use of digital identities have increased, increasing the number of risks and providing more and more opportunities for cybercriminals.

In the face of new threats in the online world, traditional security thinking and technologies may not provide a broad enough picture to minimize risks effectively. For example, the log information generated by monitoring digital infrastructure only indicates what has happened in the past but does not provide access to external threats and risks.

As the use of digital services increases, so does cybercrime. Security should therefore be considered more broadly than has traditionally been the case.

Do you know how many devices your organization owns?

Among other things, the increase in the number of devices brings new types of risks. In many companies, the number of devices is starting to be quite high. When asked from an IT manager or a CEO how many devices their organization possesses, the answers vary because, in fact, neither of them has accurate information.

This brings new opportunities for data phishing. It may be possible to access corporate systems through the devices lost in inventory. Devices may also be being used in ways in which company information is not secure.

Businesses should therefore keep close track of how many computers and other devices they own and manage, and where these devices are located. Various applications can help with equipment inventory and data maintenance.

Vulnerabilities can be found in more and more systems and applications

The discovery of various vulnerabilities in widely used software and programs will continue to be a nuisance for users, and the pace of digitalization will accelerate the trend. The more digital solutions are used in businesses, the wider the impact of vulnerabilities.

The security of OT (Operational Technology Network) networks, in particular, is gaining attention. With the help of these, power plants, for example, can remain in operation. If vulnerabilities are found in OT networks allowing attacks, it can affect the functioning of the whole of society.

Similarly, the advancement of digitalization is increasing the use of various software and applications. Today, very few citizens can manage without using applications, as both banking and shopping, for example, are often handled through them. Many also use a wide range of different applications at work.

Mobile malware has been a topic of discussion for a long time and will continue to be. There has traditionally not been very much malware on mobiles, as it has apparently been a difficult playing field for cybercriminals. However, the situation will change, and we will see more and more malware on mobiles in the future.

There are many threats to digital identity

Almost everyone is already starting to acquire a digital identity – for example, bank IDs to authenticate oneself in digital services. And authentication is also being used more widely, for example when booking a doctor’s appointment or making online credit purchases.

Even at the work desk, bank IDs are often used when logging into the organization´s systems.

Digital identity and, for example, phishing allow for identity theft. The stolen identity provides access not only to all personal information, but also to important systems of a company, such as the billing or HR systems.

Hijacking a digital identity, or even a social media profile, allows someone to appear as another person in digital services and channels.

The identity of a company can also be stolen, for example for the purpose of trying to phish customer data. Fake accounts and pages may appear on the web or social media channels that skillfully mimic the visual appearance of the company and prompt people to make contact in order to gather their personal information.

Cyber security services are expanding

Physical threats to the company are another side of security. Monitoring only the company’s digital infrastructure will not detect these threats – network threat intelligence monitoring the web, for example, is needed. In this way it is possible to anticipate security threats to company locations or certain key people that may occur in the physical world.

Cyber security services will expand in the future and settle on a layer that may not be detected or monitored by, for example, security companies. With these expanded services it is possible to ensure the overall security of an organization or business, including physical locations and employees.

Read more about Cinia Cyber Security Services

avatar

Tomi Liesimaa

Tomi Liesimaa is working as a Chief Security Officer at Cinia.