IT Briefcase Exclusive Interview: The Current State of IT SecurityAugust 17, 2017 No Comments
2017 has been quite the year for the cybersecurity industry. Data breaches are on the rise, ransomware attacks have dominated media headlines, and security professionals are scrambling to do everything in their power to protect sensitive customer and corporate data. Ondrej Krehel, CEO and Founder of LIFARS, an international cybersecurity and digital forensics firm, discusses the current state of the security industry and what is in store for the rest of 2017 and beyond.
- Q: What is the biggest trend you see shaping the security landscape over the next several months?
A: Among the numerous security matters that constantly need to be dealt with, ransomware is recently having perhaps the most significant impact on both the enterprise and private citizens. It has dominated headlines with several high-profile attacks such as WannaCry and NotPetya, which have wreaked havoc on thousands of businesses and individuals while doing major financial damage in the process. This model of extortion attacks is affecting everyone, and it is only going to become more popular as hackers gain access to affordable “Ransomware-as-a-Service” tools to aid their cause. CEOs are major targets, as they manage extremely sensitive data that can have a real impact on everything from future corporate strategy to public stock performance. Teenagers are also at risk. Not only do they typically engage in more risky behavior online, making themselves more susceptible to attacks, but they are not very likely to inform their parents when they have been hit by a virus, so the problem festers.
- Q: We’ve seen a rapid increase in the number of “Internet of Things” devices in the enterprise. What should we expect for this area of security going forward?
A: IoT security should be a major concern for organizations as they continue to move to a more internet-connected business model. Gartner predicts that there will be upwards of 20 billion IoT devices in use by 2020, significantly expanding the hackable surface area across the enterprise. While these devices are intended to drive value and create efficiency, they also complicate the jobs of security pros and increase vulnerabilities. In the wake of adopting these “edgepoints,” as Guidance Software CEO Patrick Dennis has called them, businesses must take a close look at their security processes and their capability to remediate attacks. With so many IoT devices online it’s not a matter of if, but when, an organization gets hacked. When that happens, a security team needs the right tools in place to detect and respond quickly to secure sensitive data.
- Q: You talk about how these IoT devices affect the enterprise, but how do they impact the security of the average citizen?
A: There are many products nowadays that come with internet connectivity – everything from smart TVs and Barbie dolls to home thermostats and baby monitors. Not only that, but these devices are also often paired with companion smartphone applications to help manage them. Consumers may not think that hackers can gain access to these, but they should be on alert, as there are little to no security protections for these devices. They can be – and have been – hacked and used against their owners, including everything from covert audio or video surveillance to abuse of children using toys that are taken over. Earlier this year, Consumer Reports created an initiative to set new standards to combat against these technology takeovers and help consumers better understand how they can protect their individual privacy. Measures like this are a good first step, but this will continue to be an area of concern going forward.
- Q: Moving to mobile now; what do we need to know about the security of these devices that are so vital to our everyday lives?
A: Every year, we hear that the mobile apocalypse is here – that our mobile devices are extremely unsecure and that hackers will exploit thousands of phones and tablets. So far, that hasn’t happened and for good reason. The majority of the software on mobile devices, particularly developed by Apple and Android, is updated and pushed out to users just as quickly as hackers are creating possible malicious software that can take over the devices.
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.Fresh Ink, SECURITY