This is the latest news on
This is the latest news on IGLOO SECURITY, Inc.
having been reported in press.
This is the latest news on IGLOO SECURITY, Inc. having been reported in press.
Collapsing Border: IGLOO SECURITY Discloses Report on Security Threat and Technological Prospects in 2017 2016.12.27 417
IGLOO SECURITY Discloses Report on Security Threat and
Technological Prospects in 2017
- In 2017, the company forecasts an acceleration of 'information protection big blur' referring to the blurring of the border between security threat and technology ....
- Major examples including information leaks by insiders, attacks exploiting the vulnerabilities of trusted security program, ransomeware combining with traditional attack techniques, and DDoS that uses next-generation IoT infrastructure.
[Dec. 6, 2016] A company leading next-generation integrated security management, IGLOO SECURITY Co., Ltd. (CEO Deuk choon Lee, www.igloosec.com) disclosed on Dec. 6 Report on Security Threat and Technological Prospects in 2017 which carries its major predictions on security threats in 2017.
The report, which is the fifth in the year written up on the predictions made by IGLOO SECURITY's Security Analysis Team composed of 30 security experts, describes major cyber threats expected in 2017 and security technology and methods available in response.
IGLOO SECURITY's Security Analysis Team states that frequent security flaps due to insiders' negligence or malice exert bad influence on the growth and perpetuation of companies, while it sees a steady increase of roundabout attacks that does not so much mount direct attacks on targeted corporate infrastructure, as exploit the vulnerabilities of centrally controlled software that boasts high-level security.
The report also predicted an acceleration of 'the big blur ', the blurring of the border between security threats and technology that goes with the development of next-generation IT which is attested by the combination of ransomeware and APT attacks and the emergence of security threats that use IoT devices.
Grounded on an analysis of accidents that occurred in 2016, major security threats expected in 2017 are as follows.
<IGLOO SECURITY's Top 5 Security Threats for 2017>
① 'Blurring border between enemy and friend' ‒ information leaks by 'frenemy' will increase and involved risks will further grow
Information leaks by insiders characterized by 'frenemy' which combines friend and enemy will exert greater influence on business next year.
Company employees unconsciously spread important information while performing corporate duties by using IT devices outside the area controlled by their companies.
Indeed, a good number of leaks of crucial corporate information are being committed inadvertently or maliciously by current or previous executives or employees.
Protecting major corporate assets and systems against such threats from insiders now requires it to create an internal security policy and acquire related solutions that address the vulnerabilities of the multi-stage defense system, which focuses on breaches from outside, and come up with an integrated security control plan.
② 'Ransome ware combines with APT attack' ‒ increasing the fear that it is used to demand money and even stage a large-scale hacking
With a lot of victims occurring around the world, ransomware has emerged as a social problem, and its threat is expected to continue for a while.
But, getting beyond the old mode of demanding money for freeing encrypted data, 2017 will see frequent occurrence of more advanced ransomware attacks which combine with APT attack.
The analysis by IGLOO SECURITY's Security Analysis Team shows that the recently repeated new type of ransomware attack consists in penetrating company server in service and encrypting its database to delay the restoration of the service.
So, a newly required response would have to encrypt massive data including the original and backup copies and thereby get prepared for service stoppage.
③ 'Circumventing the defense; ‒ increasing attacks that target the foibles of 'trust policy'
Aiming to take control of the internal computer network or infect a large number of PCs of a company, increasing attacks target the vulnerabilities of security solutions and centrally controlled software that register high-level security and has wide in-company accessibility.
④ 'ICBAM take wings' ‒ development of next-generation technology has upgraded attack technique and lowered cyber barrier
With daily accelerated development of next-generation IT, one expects to see greater diversity for security threats and lowered barrier for cyber-attacks.
The massive DDoS attack that occurred in the US in October 2016 suggests two things with respect to cyber security.
The attack did not use PCs but exploited the vulnerabilities of IoT, and with the source code for the Mirai attack disclosed on dark web, anyone who could handle programming could easily mount a second wave of the attack.
Like this, next-generation technology represented by IoT, cloud, big data, AI, and mobile brings great benefits to our life on the one hand and advances the emergence of new attacks that never occurred before.
Significantly, it creates an environment that increases the efficiency and convenience of cyber-attacks by ensuring easy download of attack tools just with Internet search.
⑤ 'Is biometric authentication safe?' ‒ expanding fin tech market poses new security threat
With fin tech related start-ups exploding by 718% in a year and half and the launch of Internet-dedicated banks just around the corner, fin tech is getting ever hotter.
With fin tech is introduced in ever wider areas such as asset management, loan, payment, and transfer, we think that 2017 will even further highlight the security issues related to fin tech such as leaks of financial information and stolen identity.
Especially, next year will see heightened concern over biometric authentication, which uses unchangeable biometric data unique to each user.
① AI (artificial intelligence)
Before long, AI will be actively introduced for security control, threat detection, and accident prevention, with a view to lodging a more flexible defense against cyber attacks that are advancing day after day.
We anticipate increased attempts to tap into 'machine learning' and 'deep learning', which ensure computer's continuous development of thinking ability by imitating the human cognitive, inferential, and learning abilities through learning and without extra intervention, to make sure that greater damage may be prevented by more accurately detecting new types of security threat that break from the previous patterns.
② Cyber Alliance
With organized international hacker groups such as Anonymous and LulzSec increasing and cyber crime established now like an industry, companies, agencies, and countries in turn form 'cyber security alliance' which basically consists in implementing close private-government cooperation and strengthening international law for cooperation among countries.
Since cyber crime can no longer be handled by just a few specialist groups, we will see continuous salience of an active type of cyber alliance that breaks from the previous passive type of security alliance.
③ Threat intelligence
2017 will continue to emphasize the importance of Threat Intelligence, which detects and analyzes information on security threats from outside.
As any one single day has hundreds or millions of upgraded cyber-attacks pouring in, it should be pretty tough for a country or a company to fight them all with one single security solution.
Therefore, there will be increased demand for various types of threat information sharing platforms which share latest threat information collected from various venues and links it to a long accumulated information asset for an integrated analysis.
④ Situation Awareness
Up until now, quite a few companies have applied themselves to preparing their response to attackers who penetrate the surveillance from outside.
With threat from insiders growing and its spillover effect increasing, we are going to witness a progressive gain in the importance of 'situation awareness' which focuses on figuring out internal risks.
Accordingly, there will be an active approach designed to protect major assets of a company and customer information with a plan to perform real-time data control and management such as monitoring if certain users can access a company's key information or whether there have occurred any unauthorized collection and leaking of data.
⑤ Reality of education and training
As a considerable number of security breaches that occur these days do not represent advanced attack techniques but are caused by humans, the importance of creating a security policy that can upgrade members' awareness of information security.
Manager Jeong Il-ok of IGLOO SECURITY's Security Analysis Team said, "We think that 2011 will see an exponential growth of composite security threats that have the border blurred between inside and outside.
One thing particularly notable is that security breaches involving insiders who handle important information are increasing day by day and are making considerable ripples in corporate business."
He added, "We should promote the perception that in companies, information security is closely related to the tasks of individual executives and employees, and that companywide security can constitute corporate competitiveness."
'Big Blur': a phrase that appears in Blur: The Speed of Change in the Connected Economy published in 1999 by Stan Davis, a futurist.
It suggests how fast change blurs the existing boundaries and how it is spreading fast.
|Next||IGLOO SECURITY, Inc. Signs a Contract with SSK, a Security Company Based in Osaka, Japan for 'Exporting Security Control Solution and Services'|
|Prev||Paradigm Shifts in Security Control|
문의 사항을 남겨주시면 상담을 도와드리겠습니다.
'(주)이글루시큐리티'는 (이하 '회사'는) 고객의 개인정보를 중요시하며, "정보통신망 이용촉진 및 정보보호 등에 관한 법률"을 준수하고 있습니다.
회사는 개인정보취급방침을 통하여 고객이 제공하는 개인정보가 어떠한 용도와 방식으로 이용되고 있으며, 개인정보보호를 위해 어떠한 조치가 취해지고 있는지 알려드립니다.
수집항목 : 이름, 회사명, 이메일, 연락처
회사는 수집한 개인정보를 다음의 목적을 위해 활용합니다.
회사는 개인정보 수집 및 이용목적이 달성된 후에는 예외 없이 해당 정보를 바로 파기합니다.
회사는 원칙적으로 개인정보 수집 및 이용목적이 달성된 후에는 해당 정보를 바로 파기합니다. 방법은 다음과 같습니다.
회사는 이용자의 개인정보를 원칙적으로 외부에 제공하지 않습니다. 다만, 아래의 경우에는 예외로 합니다.
회사는 고객님의 동의없이 고객님의 정보를 외부 업체에 위탁하지 않습니다.
이용자 및 법정 대리인은 언제든지 등록된 자신 혹은 당해 만 14세 미만 아동의 개인정보를 조회하거나 수정할 수 있으며 가입 해지를 요청할 수도 있습니다. 이용자 혹은 만 14세 미만 아동의 개인정보 조회ㆍ수정을 위해서는 ‘개인정보변경’(또는 ‘회원정보수정’ 등)을 가입해 지(동의철회)를 위해서는 “회원탈퇴”를 클릭하여 본인 확인 절차를 거치신 후 직접 열람, 정정 또는 탈퇴할 수 있습니다. 혹은 개인정보관리책임자에게 서면, 전화 또는 이메일로 연락하시면 바로 조치하겠습니다. 귀하가 개인정보의 오류에 대한 정정을 요청하신 경우에는 정정을 완료하기 전까지 당해 개인정보를 이용 또는 제공하지 않습니다. 또한, 잘못된 개인정보를 제3자에게 이미 제공한 경우에는 정정 처리결과를 제3자에게 바로 통지하여 정정이 이루어지도록 하겠습니다. 이용자 혹은 법정 대리인의 요청으로 해지 또는 삭제된 개인정보는 “회사가 수집하는 개인정보의 보유 및 이용 기간”에 명시된 바에 따라 처리하고 그 외의 용도로 열람 또는 이용할 수 없도록 처리하고 있습니다.
쿠키 등 인터넷 서비스 이용 시 자동 생성되는 개인정보를 수집하는 장치를 운영하지 않습니다.
회사는 고객의 개인정보를 보호하고 개인정보와 관련한 불만을 처리하기 위하여 아래와 같이 관련 부서 및 개인정보보호책임자를 지정하고 있습니다.
정부의 정책 또는 보안기술의 변경, 개인정보 위탁업체 등의 변경에 따라 내용의 추가ㆍ삭제 및 수정이 있을 시에는 개정 전에 홈페이지 “소식” 게시판을 통해 고지합니다.
재화나 서비스의 홍보 및 판매 권유, 기타 이와 관련된 목적으로 개인정보를 이용하여 정보주체에게 연락할 수 있습니다.
귀하께서는 회사의 서비스를 이용하시며 발생하는 모든 개인정보보호 관련 민원을 개인정보관리책임자 혹은 담당 부서로 신고하실 수 있습니다.
회사는 이용자들의 신고사항에 대해 신속하게 충분한 답변을 드릴 것입니다.
기타 개인정보침해에 대한 신고나 상담이 필요하신 경우에는 아래 기관에 문의하시기 바랍니다.