CYBER SECURITY: CHALLENGES AND EMERGING TRENDS ON
LATEST TECHNOLOGIES
Cyberattacks are an evolving danger to organizations, employees, and consumers. They may be designed
to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage
people’s financial and personal lives. A strong cyber security system has multiple layers of protection
spread across computers, networks, and programs. But a strong cyber security system relies not only on
cyber defense technology, but also on people making smart cyber defense choices.
SUBMITTED BY:
POULOMI DAS
MANAN KODIA
SAYAN CHAKRABORTY
ABHISHEK DWIVEDI
SOUMABRATA GHOSH
ARBAAZ KHAN
0
�INTRODUCTION
“The science of today is the technology of tomorrow” says Edward Teller. What do you mean by
cyber security? Cyber security is concerned with making cyberspace safe from threats, namely
cyber-threats. The notion of “Cyber-Threats” is rather vague and implies the malicious use of
information and communication technologies (ICT) either as a target or a tool by a wide range of
malevolent actors.
Internet is one of the fasted-growing areas of technical infrastructure development. In today’s
business environment, disruptive technologies such as cloud computing such as could
computing, and next-generation mobile computing are fundamentally changing how
organizations utilize information technology for sharing information and conducting commerce
online.
Cyber security plays an important role in the development of information technology, as well as
internet services. Enhancing cyber security and protecting critical information infrastructure are
essential to each nation’s security and economic wellbeing. Recent research finding also show
that the level of public concern for privacy and personal information has increased since 2006.
1
�KEY ISSUES
Americans are more worried about being a victim of cybercrime than being a victim of violent
crime.
The global average cost of a data breach is $3.6 million — and it keeps increasing every year.
Mobile malware is on the rise but “gray ware” could pose a more dangerous risk to mobile users.
Cryptojacking is one of the more serious cyber threats to watch out for in 2019.
The number of groups using destructive malware increased by 25 percent in 2018.
Microsoft Office extensions are the most malicious file extensions used by email hackers.
There were more than 1.76 billion records leaked in January 2019 alone.
CYBERSECURITY CONCERNS
1.The cryptojacking “gold rush” will be the top priority for cybercriminals
Cryptojacking activity began exploding toward the end of 2017 and we suspect that we will
see far more activity in 2018, particularly as the value of cryptocurrencies escalates.
2
�cryptojacking activity could replace advertising on sites to become an entirely new revenue
stream. However, the largest portion of cryptojacking is likely to occur from legitimate
websites compromised to mine currency for the criminal wallet. Regardless, cryptojacking
will be one of the cybercrime activities to watch in 2018.
2. The cybercriminal underground will continue to evolve and grow
With a recent increase in cybercriminal tools and a lower threshold of knowledge required to
carry out attacks, the pool of cybercriminals will only increase. This growth is a likely
response to news media and pop culture publicizing the profitability and success that
cybercrime has become. Joining the world of cybercrime is no longer taboo, as the stigma of
these activities diminishes in parts of the world. To many, it’s simply a “good” business
decision. At the same time, those already established as “top-players” in cybercrime will
increase their aggressive defense of their criminal territories, areas of operations and revenue
streams.
3. Security software will have a target on its back
Last year, cybercriminals targeted and exploited more security software. By targeting trusted
programs and the software and hardware supply chain, attackers can control devices and
wholeheartedly manipulate users. Hackers will leverage and exploit security products, either
directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to
achieve their means.
4. Blockchain revolution
While it's difficult to predict what other developments blockchain systems will offer in regards to
cybersecurity, professionals can make some educated guesses. Companies are targeting a range
of use cases which the blockchain helps enable from medical records management, to
decentralized access control, to identity management. As the application and utility of
blockchain in a cybersecurity context emerges, there will be a healthy tension but also
complementary integrations with traditional, proven, cybersecurity approaches.
3
�5. Server less Apps Vulnerability
You’re able to control what security precautions you take to ensure the user’s data remains
private from identity thieves and other cybercriminals. With server less applications, however,
security precautions are, by and large, the responsibility of the user. Unfortunately, with all of
the vulnerability that serverless apps represent, they don’t seem to be going anywhere in the
years to come.
EMERGING TRENDS (safe key)
Context-Aware Behavioral Analytics
Context-aware behavioral analytics is founded on the premise that unusual behavior = nefarious
doings. Snowden achieving super root privilege and downloading 1.7 million files to a USB stick
after hours? That’s unusual behavior. Abnormal file movement and activity across Target’s
point-of-sale infrastructure? That’s unusual behavior. Here’s where analytics can be of help.
Next generation breach detection
In the past few years, hackers have been employing bespoke attacks on systems. Instead of
launching a battalion at a wall, they carefully analyze a system’s defenses and then, Odysseus-
like, send in the Trojan Horse. Thanks to the volume, velocity and variety of big data, most
companies are not even aware that their systems have been breached. Instead of focusing on the
first line of defense, next generation breach detection focuses on what happens once the criminal
is inside the system. It takes behavioral analytics and adds even more tools to identify the
breadcrumbs that a hacker leaves behind.
In other words, breach detection tools can pick out strange movements and changes in a sea of
data and determine that something is very, very wrong.
Virtual Dispersive Networking(VDN)
Data that was once securely encrypted can now be broken by parallel processing power. SSL and
Virtual Private Networks (VPNs) can’t always protect messages as they travel across
4
�intermediary pathways. That’s where Virtual Dispersive Networking (VDN) from Dispersive
Technologies comes in.
VDN takes a page out of now-traditional military radio spread-spectrum security approaches,
where radios rotate frequencies randomly or split up communications traffic into multiple
streams, so that only the receiving radio can reassemble them properly. With Dispersive,
however, the Internet (or any network) is now the underlying communications platform.
Early warning systems
Although this idea is still in the early stages, we thought it worth noting. Using machine learning
and data mining techniques, researchers at Carnegie Mellon have created a “classifier” algorithm
that predicts which web servers are likely to become malicious in the future. The idea is built on
the premise that vulnerable websites share similar characteristics. For example, the algorithm
takes into account a website’s:
Software
Traffic statistics
File system structure
Webpage structure
Plus, a variety of other “signature features” to determine if it shares common denominators with
known hacked and malicious websites. If it does, then steps can be taken to prevent an attack.
Website operators can be notified. Search engines can exclude results.
FINDINGS
” In 2019, healthcare organizations will be the number one target for attackers . The evolution of
attacks has made it much harder to secure the industry, creating and growing an entire
ecosystem that lends itself to multiple forms of fraud that the attacker can profit off of. For
example, in healthcare, when protected health information (PHI) is stolen, attackers are able to
steal identities, gaining access to medical information, which the attacker either uses or sells to
5
�then obtain prescriptions to be traded or sold illegally”—Bob Adams, cybersecurity
specialist, Mimecast.
“In 2019 we will see an evolution in the two-factor authentication (2FA) process that directly
addresses some of the most discussed fraud attacks. It’s a documented fact that the use of 2FA to
stop unauthorized account access has exponentially decreased account takeover fraud around
the globe, but as fraudsters have evolved, so too must the techniques used to combat them. What
we will see as 2019 unfolds is the use of that data to augment 2FA, which will ultimately ensure
the continued growing adoption of this important security step by both businesses and their
users”—Stacy Stubblefield, Co-Founder and Chief Innovation Officer, TeleSign.
“In 2019, there will be continued consolidation of companies in the security sector, especially
for those that have developed technologies that relate to Digital Identities (DIs), including the
on-boarding of individuals behind the DIs, the authentication of the individuals behind the DIs
(MFA), and the continual management of privileges and access (IAM)”—Todd Shollenbarger,
Chief Global Strategist, Veridium.
