Collapsing Border:

IGLOO SECURITY Discloses Report on Security Threat and 

Technological Prospects in 2017

 

 

 

- In 2017, the company forecasts an acceleration of 'information protection big blur' referring to the blurring of the border between security threat and technology .... 
- Major examples including information leaks by insiders, attacks exploiting the vulnerabilities of trusted security program, ransomeware combining with traditional attack techniques, and DDoS that uses next-generation IoT infrastructure.​

 

 

[Dec. 6, 2016] A company leading next-generation integrated security management, IGLOO SECURITY Co., Ltd. (CEO Deuk choon Lee, www.igloosec.com) disclosed on Dec. 6 Report on Security Threat and Technological Prospects in 2017 which carries its major predictions on security threats in 2017. The report also predicted an acceleration of 'the big blur ', the blurring of the border between security threats and technology that goes with the development of next-generation IT which is attested by the combination of ransomeware and APT attacks and the emergence of security threats that use IoT devices.​

 

 

 

 

 

Grounded on an analysis of accidents that occurred in 2016, major security threats expected in 2017 are as follows.

 

 

<IGLOO SECURITY's Top 5 Security Threats for 2017​>

① 'Blurring border between enemy and friend' ‒ information leaks by 'frenemy' will increase and involved risks will further grow​

Information leaks by insiders characterized by 'frenemy' which combines friend and enemy will exert greater influence on business next year.  

Company employees unconsciously spread important information while performing corporate duties by using IT devices outside the area controlled by their companies. 

Indeed, a good number of leaks of crucial corporate information are being committed inadvertently or maliciously by current or previous executives or employees.   

Protecting major corporate assets and systems against such threats from insiders now requires it to create an internal security policy and acquire related solutions that address the vulnerabilities of the multi-stage defense system, which focuses on breaches from outside, and come up with an integrated security control plan.​

 

② 'Ransome ware combines with APT attack' ‒ increasing the fear that it is used to demand money and even stage a large-scale hacking​

With a lot of victims occurring around the world, ransomware has emerged as a social problem, and its threat is expected to continue for a while.  

So, a newly required response would have to encrypt massive data including the original and backup copies and thereby get prepared for service stoppage. ​

 

③ 'Circumventing the defense; ‒ increasing attacks that target the foibles of 'trust policy' ​

Aiming to take control of the internal computer network or infect a large number of PCs of a company, increasing attacks target the vulnerabilities of security solutions and centrally controlled software that register high-level security and has wide in-company accessibility. 
And along with the vaccine update system, patch management system (PMS), and digital rights management (DRM) solution that are acquired to strengthen security and increase the convenience of asset management, group ware and messengers which are managed by the company are also feared to be abused as a bridgehead for attacks designed to strike internal PCs or computer network.​

 

④ 'ICBAM take wings' ‒ development of next-generation technology has upgraded attack technique and lowered cyber barrier​

Significantly, it creates an environment that increases the efficiency and convenience of cyber-attacks by ensuring easy download of attack tools just with Internet search.​

 

⑤ 'Is biometric authentication safe?' ‒ expanding fin tech market poses new security threat​

With fin tech related start-ups exploding by 718% in a year and half and the launch of Internet-dedicated banks just around the corner, fin tech is getting ever hotter.   

Especially, next year will see heightened concern over biometric authentication, which uses unchangeable biometric data unique to each user.​

 

<IGLOO SECURITY's Top 5 Security Technologies and Methods for 2017​>

① AI (artificial intelligence)​

 

② Cyber Alliance

With organized international hacker groups such as Anonymous and LulzSec increasing and cyber crime established now like an industry, companies, agencies, and countries in turn form 'cyber security alliance' which basically consists in implementing close private-government cooperation and strengthening international law for cooperation among countries.  

Since cyber crime can no longer be handled by just a few specialist groups, we will see continuous salience of an active type of cyber alliance that breaks from the previous passive type of security alliance.​

 

③ Threat intelligence 

2017 will continue to emphasize the importance of Threat Intelligence, which detects and analyzes information on security threats from outside. 

Therefore, there will be increased demand for various types of threat information sharing platforms which share latest threat information collected from various venues and links it to a long accumulated information asset for an integrated analysis.​

 

④ Situation Awareness 

Up until now, quite a few companies have applied themselves to preparing their response to attackers who penetrate the surveillance from outside. 

With threat from insiders growing and its spillover effect increasing, we are going to witness a progressive gain in the importance of 'situation awareness' which focuses on figuring out internal risks. 

Accordingly, there will be an active approach designed to protect major assets of a company and customer information with a plan to perform real-time data control and management such as monitoring if certain users can access a company's key information or whether there have occurred any unauthorized collection and leaking of data.​

 

⑤ Reality of education and training

As a considerable number of security breaches that occur these days do not represent advanced attack techniques but are caused by humans, the importance of creating a security policy that can upgrade members' awareness of information security.  
Therefore, to making sure that all organizational members recognize the importance of information protection and practice security in their everyday life, there will be increased emphasis on reviewing the validity of security policy, regularly performing training close to reality, and acquiring and operating a security solution.​

 

 

Manager Jeong Il-ok of IGLOO SECURITY's Security Analysis Team said, "We think that 2011 will see an exponential growth of composite security threats that have the border blurred between inside and outside. 

One thing particularly notable is that security breaches involving insiders who handle important information are increasing day by day and are making considerable ripples in corporate business." 

He added, "We should promote the perception that in companies, information security is closely related to the tasks of individual executives and employees, and that companywide security can constitute corporate competitiveness."​

 

 

 

'Big Blur': a phrase that appears in Blur: The Speed of Change in the Connected Economy published in 1999 by Stan Davis, a futurist. 
It suggests how fast change blurs the existing boundaries and how it is spreading fast.​