IGLOO's Press

This is the latest news on
IGLOO SECURITY

This is the latest news on IGLOO SECURITY, Inc.
having been reported in press.

This is the latest news on IGLOO SECURITY, Inc. having been reported in press.

IGLOO's Press Details
Collapsing Border: IGLOO SECURITY Discloses Report on Security Threat and Technological Prospects in 2017 2016.12.27 980

Collapsing Border:

IGLOO SECURITY Discloses Report on Security Threat and 

Technological Prospects in 2017

 

 

 

- In 2017, the company forecasts an acceleration of 'information protection big blur' referring to the blurring of the border between security threat and technology .... 
- Major examples including information leaks by insiders, attacks exploiting the vulnerabilities of trusted security program, ransomeware combining with traditional attack techniques, and DDoS that uses next-generation IoT infrastructure.

 

 

[Dec. 6, 2016] A company leading next-generation integrated security management, IGLOO SECURITY Co., Ltd. (CEO Deuk choon Lee, www.igloosec.com) disclosed on Dec. 6 Report on Security Threat and Technological Prospects in 2017 which carries its major predictions on security threats in 2017. 
 
The report, which is the fifth in the year written up on the predictions made by IGLOO SECURITY's Security Analysis Team composed of 30 security experts, describes major cyber threats expected in 2017 and security technology and methods available in response.

IGLOO SECURITY's Security Analysis Team states that frequent security flaps due to insiders' negligence or malice exert bad influence on the growth and perpetuation of companies, while it sees a steady increase of roundabout attacks that does not so much mount direct attacks on targeted corporate infrastructure, as exploit the vulnerabilities of centrally controlled software that boasts high-level security. 

The report also predicted an acceleration of 'the big blur ', the blurring of the border between security threats and technology that goes with the development of next-generation IT which is attested by the combination of ransomeware and APT attacks and the emergence of security threats that use IoT devices.​


 

 

 

 

 

Grounded on an analysis of accidents that occurred in 2016, major security threats expected in 2017 are as follows.

 

 

<IGLOO SECURITY's Top 5 Security Threats for 2017​>


'Blurring border between enemy and friend' ‒ information leaks by 'frenemy' will increase and involved risks will further grow

Information leaks by insiders characterized by 'frenemy' which combines friend and enemy will exert greater influence on business next year.  

Company employees unconsciously spread important information while performing corporate duties by using IT devices outside the area controlled by their companies. 

Indeed, a good number of leaks of crucial corporate information are being committed inadvertently or maliciously by current or previous executives or employees.   

Protecting major corporate assets and systems against such threats from insiders now requires it to create an internal security policy and acquire related solutions that address the vulnerabilities of the multi-stage defense system, which focuses on breaches from outside, and come up with an integrated security control plan.​

 

'Ransome ware combines with APT attack' ‒ increasing the fear that it is used to demand money and even stage a large-scale hacking

With a lot of victims occurring around the world, ransomware has emerged as a social problem, and its threat is expected to continue for a while.  

But, getting beyond the old mode of demanding money for freeing encrypted data, 2017 will see frequent occurrence of more advanced ransomware attacks which combine with APT attack.  
The analysis by IGLOO SECURITY's Security Analysis Team shows that the recently repeated new type of ransomware attack consists in penetrating company server in service and encrypting its database to delay the restoration of the service.  

So, a newly required response would have to encrypt massive data including the original and backup copies and thereby get prepared for service stoppage. ​

 

'Circumventing the defense; ‒ increasing attacks that target the foibles of 'trust policy' 

Aiming to take control of the internal computer network or infect a large number of PCs of a company, increasing attacks target the vulnerabilities of security solutions and centrally controlled software that register high-level security and has wide in-company accessibility. 
And along with the vaccine update system, patch management system (PMS), and digital rights management (DRM) solution that are acquired to strengthen security and increase the convenience of asset management, group ware and messengers which are managed by the company are also feared to be abused as a bridgehead for attacks designed to strike internal PCs or computer network.​

 

'ICBAM take wings' ‒ development of next-generation technology has upgraded attack technique and lowered cyber barrier

With daily accelerated development of next-generation IT, one expects to see greater diversity for security threats and lowered barrier for cyber-attacks.  
The massive DDoS attack that occurred in the US in October 2016 suggests two things with respect to cyber security.   
The attack did not use PCs but exploited the vulnerabilities of IoT, and with the source code for the Mirai attack disclosed on dark web, anyone who could handle programming could easily mount a second wave of the attack.
Like this, next-generation technology represented by IoT, cloud, big data, AI, and mobile brings great benefits to our life on the one hand and advances the emergence of new attacks that never occurred before.  

Significantly, it creates an environment that increases the efficiency and convenience of cyber-attacks by ensuring easy download of attack tools just with Internet search.​

 

'Is biometric authentication safe?' ‒ expanding fin tech market poses new security threat

With fin tech related start-ups exploding by 718% in a year and half and the launch of Internet-dedicated banks just around the corner, fin tech is getting ever hotter.   

With fin tech is introduced in ever wider areas such as asset management, loan, payment, and transfer, we think that 2017 will even further highlight the security issues related to fin tech such as leaks of financial information and stolen identity. 

Especially, next year will see heightened concern over biometric authentication, which uses unchangeable biometric data unique to each user.​

 


<IGLOO SECURITY's Top 5 Security Technologies and Methods for 2017​>


AI (artificial intelligence)

Before long, AI will be actively introduced for security control, threat detection, and accident prevention, with a view to lodging a more flexible defense against cyber attacks that are advancing day after day. 
We anticipate increased attempts to tap into 'machine learning' and 'deep learning', which ensure computer's continuous development of thinking ability by imitating the human cognitive, inferential, and learning abilities through learning and without extra intervention, to make sure that greater damage may be prevented by more accurately detecting new types of security threat that break from the previous patterns.​

 

② Cyber Alliance

With organized international hacker groups such as Anonymous and LulzSec increasing and cyber crime established now like an industry, companies, agencies, and countries in turn form 'cyber security alliance' which basically consists in implementing close private-government cooperation and strengthening international law for cooperation among countries.  

Since cyber crime can no longer be handled by just a few specialist groups, we will see continuous salience of an active type of cyber alliance that breaks from the previous passive type of security alliance.​

 

③ Threat intelligence 

2017 will continue to emphasize the importance of Threat Intelligence, which detects and analyzes information on security threats from outside. 

As any one single day has hundreds or millions of upgraded cyber-attacks pouring in, it should be pretty tough for a country or a company to fight them all with one single security solution.  

Therefore, there will be increased demand for various types of threat information sharing platforms which share latest threat information collected from various venues and links it to a long accumulated information asset for an integrated analysis.​

 

④ Situation Awareness 

Up until now, quite a few companies have applied themselves to preparing their response to attackers who penetrate the surveillance from outside. 

With threat from insiders growing and its spillover effect increasing, we are going to witness a progressive gain in the importance of 'situation awareness' which focuses on figuring out internal risks. 

Accordingly, there will be an active approach designed to protect major assets of a company and customer information with a plan to perform real-time data control and management such as monitoring if certain users can access a company's key information or whether there have occurred any unauthorized collection and leaking of data.​

 

⑤ Reality of education and training

As a considerable number of security breaches that occur these days do not represent advanced attack techniques but are caused by humans, the importance of creating a security policy that can upgrade members' awareness of information security.  
Therefore, to making sure that all organizational members recognize the importance of information protection and practice security in their everyday life, there will be increased emphasis on reviewing the validity of security policy, regularly performing training close to reality, and acquiring and operating a security solution.​

 


 

Manager Jeong Il-ok of IGLOO SECURITY's Security Analysis Team said, "We think that 2011 will see an exponential growth of composite security threats that have the border blurred between inside and outside. 

One thing particularly notable is that security breaches involving insiders who handle important information are increasing day by day and are making considerable ripples in corporate business." 

He added, "We should promote the perception that in companies, information security is closely related to the tasks of individual executives and employees, and that companywide security can constitute corporate competitiveness."​

 

 

 

'Big Blur': a phrase that appears in Blur: The Speed of Change in the Connected Economy published in 1999 by Stan Davis, a futurist. 
It suggests how fast change blurs the existing boundaries and how it is spreading fast.​

 

Prev, Next List
Next IGLOO SECURITY, Inc. Signs a Contract with SSK, a Security Company Based in Osaka, Japan for 'Exporting Security Control Solution and Services'
Prev Paradigm Shifts in Security Control