GDPR, IoT and Serverless – the new challenges for Cybersecurity

I’d say the year 2017 wasn’t a great year for cybersecurity. There were fatal attacks like WannaCry and BadRabbit that were widespread and fatal. 2018 hasn’t been any better. McAfee had predicted that this year there will be fewer attacks (don’t sigh in relief) but these attacks will be more targeted. Smartphones will be targeted and rather than volume-based attacks, there are more sophisticated tools that are needed to combat the new threats.

Image Source: https://image.freepik.com/free-vector/theft-identity-avatar-character_24877-1443.jpg

While there are many next gen technologies that are ready to invade our lives, organizations and future, cybersecurity remains a concern. Automated learning might be an interesting topic for the tech industry but unfortunately it is also an equally interesting area for cyber criminals as well.

Thanks to machine learning that there are several cyber security tools and mechanisms. For example, machine learning is good at detecting any unusual behavior and is capable to trigger an alert. It can block access to the system or software as well. Additionally, the parameters of the unusual behavior will be examined to determine if the access is authorized or not. Large volumes of data can be collected and analyzed to set usual behavior and unusual behavior.

One of McAfee’s report said: “Adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.”

With the help of machine learning, we can prepare to protect our online data. But we do not know how the hackers are thinking and what will they be attacking next.

GDPR – a new challenge

There has been a lot of concerns around exploitation of personal data that is available with the increased use of smartphones, cloud and IoT. The General Data Protection Regulation or GDPR will have a huge impact in the way data is stored, collected and used. It will protect user data across Europe but the cyber security professionals find it stifling. It will discourage companies to use cloud-based applications and services. As the enforcement date, 25^th May is coming near, there are several many organizations who are not confident of setting up data processing agreements with new cloud providers.

GDPR will pose a challenge for many who are not clear about the number of their application in the cloud and being used within the application. There’s a requirement as per which a data breach must be reported within 72 hours. With such a short time to report a data breach, people feel companies will fudge data.

Additionally, there are companies with security teams that are overstretched (as they have limited budget to cope up with cyber security).  Inability to meet up with the requirements of GDPR will require them to pay 4% of the global turnover that will have a grave damage to the earnings and funding opportunities of small companies.

IoT and Serverless increase the exposure and threat

IoT is connecting our homes, networks and the world – yes it all sounds exciting. But if you think of cybersecurity – it may not sound as exciting as ever. Everything available in your house, right from your locks, thermostats, toasters, door locks and lighting is all connected. These are all exposed to vulnerabilities as well. Cyberattacks are becoming more complex and sophisticated. Increasing interest in autonomous technology led to security becoming an afterthought and this is what hackers took advantage of.

While all the next gen technologies are exciting, the security threats are high. For example, applications distributed on serverless exposes the application to a higher vector for a potential attack.

Cyber attackers tend to target systems that have the least security. It requires low investment and more damage. It’s not even a onetime activity as IoT device manufacturers must think and rethink of security strategies.

We must leave behind the traditional approach and adopt a reactive approach to protect our data. Artificial Intelligence (AI) and Machine Learning will both play a role in protecting us against cyber-attacks and these will also be the aggressor or at least supporting the hackers.

The data deception technology is capable of detecting, analyzing and defending systems against attacks with a proactive approach to detect and trick attackers. Use of adaptive technologies and knowledgeable cyber security professionals can help you think and be prepared for hackers.

If you wish to understand how GDPR, Internet of Things (IoT) or Serverless threaten your cyber security, give us a call and we’ll be happy to provide a free consultation.