- May 17, 2020
Current Trends in IT Security
CURRENT TRENDS IN IT SECURITY
CurrentTrends in IT Security
Large companies are experiencing various threats to the information technology security.
The emergence of new technologies has led to increased threats to the security of information technology.
Current Trends in the IT Security System
Data breach is one of the major current trends that pose increased threats to the security of information technology in large enterprises.
The major factors that contribute to security threats to information technology include poor configuration of management, weak IT security, cloud computing and lack of security infrastructure.
The Future Trends in IT Security System
Access to data by malicious actors will be through blended threats, emphasis will be placed on machine learning, phishing emails and increased adoption of advanced analytics and real-time monitoring.
Increased awareness on the public security threats to information technology will enhance their understanding on the value of their information and the significance of safeguarding their privacy.
Databreach is a profound threat that compromises the availability,confidentiality and integrity of the enterprise and thus requiresactionable led intelligence to address the problem.
Largecompanies are currently experiencing significant threats in theInformation Technology (IT) security system. The field of informationtechnology is ever changing and the emergence of new technologiescreates new security threats that challenge large companies.Thedramatic changes in technologies such as the increased utilization ofpersonal devices, the emergence of new mobile operating systems andthe delivery of Software-as-a-service (SaaS) have posed increasingchallenges to the security of IT in large companies. The growingthreats on IT system within organizations have hindered the abilityof the IT professionals to provide risk management and businesssupport effectively. Moreover, the current security threats to theinformation technology system have caused information security teamsto experience challenges in combating the current security threats tothe information technology system in big firms. Cybercriminals aredeveloping more sophisticated and innovative tactics, and thus theinformation security team needs to develop new security measures andtechniques to adequately address the problem (Le,Lee & Lee, 2014).
Thispaper seeks to discuss data stealing, which is one of the currenttrends in the security of the information technology in largeenterprises, its effects, the technologies involved in addressing theproblem and the future trends in the security of informationtechnology system in large organizations.
TheCurrent Trend in Security of the Information Technology in LargeEnterprises
Thecurrent trend in the security of information technology that largecompanies encounter includes data breach. Data breach involvesstealing of data from large companies has become prevalent in thecontemporary business environment that affects the integrity,confidentiality, and availability of information. With the emergenceof new technologies, cybercriminals have developed new innovativeways of accessing data of companies. Data breach occurs in differentways including loss of data, stealing of data, or comprised securityof the information technology system by malicious code that attacksthe operating system and its operations (Hemphill& Longstreet, 2016).
Accessand stealing of data have resulted in massive destruction ofconfidential and vital data in large enterprises. For instance, in2014, cybercriminals attacked Sand, Sony and CodeSpace companiesleading to major damage to important data. Information securities’experts have pointed that data breach on an organization haslong-term effects including loss of loyalty of customers and theeffective functioning of the organization (Hemphill& Longstreet, 2016).
Theprevalence of data breach in the large organization has beenattributed to the weak IT security systems. Studies have pointed outthat the information technology system in organizations consists of anumber of risks that have made the IT security weak. These risksinclude increased malware attacks, vulnerabilities to viruses, andcompromised network services and systems. Thus, inadequate securityof the information technology has led to increased rates ofunauthorized access that has compromised the availability, integrity,and confidentiality of data (Hemphill& Longstreet, 2016).
Examplesof factors that contribute to weak IT security include someorganizations lack security infrastructure thus exposing theirnetworks to vulnerabilities such as exploitation and loss of data.Some have not established the security architecture due to lack ofqualified IT personnel or resources. Insufficient protection ofnetwork led to increased threats to data such as exposure tomalicious software, viruses, malware, and hacking. Additionally, someorganizations have un-patched Client Side Software and applicationsexposes computers to multiple vulnerabilities. Computers consist ofvarious software applications that in some instances havevulnerabilities especially the older versions and that providesmalicious actors opportunities to exploit information technologysystem thereby posing security threats easily. It is, therefore,important for organizations to update their software from time totime to reduce the many of those vulnerabilities (ElKadiri, Grabot, Thoben, Hribernik, Emmanouilidis, von Cieminski &Kiritsis, 2016).
Poorconfiguration management also exposes the information technology ofcompanies to security risks. Computers connected to the network of anenterprise that fails to comply with the configuration managementpolicy is at increased risks of attack. Weak protection measures todata security fail to restrict computers connected to the network ofthe organization that increases the information technology to thevulnerability of this threat (Sadeghi,Wachsmann, & Waidner, 2015).
Thewidespread adoption and use of mobile devices such as laptops andsmartphones have increased the exposure of the information technologyto security risks. Most of these mobile devices do not have adequatesecurities, and since they are mostly used to carry out tasks outsidethe organization, there is a high possibility of data breaches. Cloudcomputing has also contributed to security threats to the informationtechnology system in large enterprises. The sharing of large amountsof data through shared resources increases the risks of data loss anddata encryption issues within an organization. In additionally,managing the applications of cloud computing such as patching poseschallenges to the cloud provider that affects their ability toeffectively protect the IT system against malicious code (Faheem,Kechadi & Le-Khac, 2015).
Varioustechnologies have been developed to address the problem of datastealing of vital and confidential information from companies. Thesetechnologies have been adopted widely by organizations in efforts tocounter the activities of cyber criminals that compromise theintegrity and functioning of organizations. These technologiesinclude the cloud access security brokers (CASB), which is softwarethat allows the information security team to effectively apply thesecurity policies and strategies in different cloud services. Itincreases the visibility of the information security team so thatthey are able to detect the security threats and also it providesthem with control options to those threats. The Endpoint Detectionand Response (EDR) provide organizations with the ability toeffectively detect any security breaches and thus influence theirability to respond immediately to prevent the attacks. The machinelearning-based systems and the memory protection and exploitprevention systems provide larger companies with approaches toprevent malware from targeted and advanced attacks. It usesmathematical models to detect targeted malware attacks (Thierer,2015).
TheUser and Entity Behavioral Analytics (UEBA) offers the informationsecurity teams with information on applications, endpoints, andnetworks as well as user-centric analytics that allows them toeffectively and accurately detect threats. The Micro-segmentationtechnology works by stopping cybercriminals who have already attackedthe information systems of a company from moving to other systems.Visualization tools enhance the understanding of information securityteam on the set segmentation policies, the flow patterns of attacksand effectiveness in monitoring for deviations within the system ofthe organization. The DevOps technology provides an automatedconfiguration that is also compliant and transparent that ensures thesecurity of information technology infrastructure. TheIntelligence-Driven Security Operations Centers have been created toallow the information security teams to handle new models of“detection and response. Deception tools are used to preventattacks by using tricks to detect attempted attacks. The informationsecurity team designs and uses fake systems, vulnerabilities, andcookies to detect any targeted attacks and prevent them (Thierer,2015).
Thefuture trends of security issues on information technology in largeenterprises are many. Various studies and security experts haveforecasted the future of information technology security. Forinstance, in future, intelligence-led security will be a center offocus considering the fact that many of the traditional technologieshave failed to effectively detect security patterns and incidents dueto their inability to analyze large amounts of data. Adoption ofadvanced analytics and real-time monitoring will be widespread andthus allows companies to respond quickly to security threats withclear, actionable intelligence. Actionable threat intelligence isseen to be key in managing the increasing threats to informationtechnology security in future. Incorporation of actionable threatintelligence in the strategic plan of an enterprise will providesecurity to companies thus contributing to the growth of the business(Feng-hua, 2016).
Additionally,with the increased rates of data theft from companies, more emphasiswill be placed on phishing emails especially spear phishing. Spearphishing refers to targeted attacks and thus enhanced security willbe enhanced around emails to prevent cybercriminals from accessingdata. The high rates of breaches of high-profile customer data haveadversely affected the legitimacy of emails (Feng-hua, 2016).
Moreover,more attacks on payment card data is expected to increase in future.Cybercriminals are continuing to target payment card data because ofthe need to commit financial fraud and to steal banking credentials.This mostly is carried out through social media where cybercriminalsuse engineering tricks to access confidential data such as spearphishing emails. Also, it is expected that state-sponsored attackswill continue to be a major problem in future in the security ofinformation technology. Although the United States and China haveshown some improvement in political reconciliation, it is clear thatstate-sponsored hacking will continue. More types of maliciousstate-sponsored attacks are likely to emerge in future, which maysabotage the functioning of large companies in large states (Loo,Mauri & Ortiz, 2016).
Infuture, more people and businesses will have awareness on thesecurity threats to information technology. For instance, hackdemonstrations, high-profile breaches, and the Snowden have enhancedpublic awareness on security threats. This has allowed the public tounderstand the value of their information and the significance ofsafeguarding their privacy. Thus large companies are prompted todevelop sophisticated security measures to prevent their informationsecurity system against attacks. For example, some large companiessuch as Apple have already begun developing security controls for itsproducts such as iPhone (Whitmore,Agarwal & Da Xu, 2015).
Infuture, there will be increased emphasis on machine learning. Machinelearning is a component of artificial intelligence that enhances theability of computers to learn different aspects of security withoutbeing programmed. This is the latest innovation of cybersecurity andit is believed to be widespread in future. More focus will be put inadvanced analytics that will prompt large companies to minimize thecomplexities existing within their organizations and increasesvisibility in order to detect and prevent security threats oninformation technology(Camastra,Ciaramella& Staiano, 2013).
Furthermore,as technology changes, cybercriminals continue to find new innovativeways of accessing data. It is believed that in future, cybercriminalswill be able to achieve their goal of accessing data information oforganization through blended threats. Blended threats may involvemalware wending, unpatched systems and unauthorized access toconfidential data. Therefore, blended threats provide cybercriminalswith increased opportunity of accessing information security systemundetected (Camastra, Ciaramella & Staiano, 2013).
Databreach is a major problem facing large enterprises currently that hasposed increased risks to the security of information technology. Datareach is executed by malicious actors such as cybercriminals thatattack the information system of organizations and illegally accessdata. Data breach involves loss of data, stealing of data orcompromising of security of information technology thus exposing thesystem to security threats that affect the integrity,confidentiality, and availability of information. The prevalence ofdata breach within organizations has been facilitated by a number offactors including increased adoption of mobile devices such aslaptops and smartphones that lack adequate security, poorconfiguration management, and lack of insecurity infrastructure.There are various technologies that are involved in addressing theproblem of a data breach in organizations. These technologies includecloud access security brokers (CASB), Endpoint Detection and Response(EDR), machine learning-based systems, User and Entity BehavioralAnalytics (UEBA), Microsegmenattaion technology, Intelligence-DrivenSecurity Operations Centers and deception tools. The future trends inIT security include access to data by malicious actors will bethrough blended threats, emphasis will be placed on machine learning,increased awareness on the public security threats to informationtechnology will enhance their understanding on the value of theirinformation and the significance of safeguarding their privacy,phishing emails and increased adoption of advanced analytics andreal-time monitoring that will allow companies to respond quickly tosecurity threats with clear actionable intelligence. Therefore, thedata breach is a huge problem affecting companies and immediateaction should be developed to address the problem adequately.
Camastra,F., Ciaramella, A., & Staiano, A. (2013). Machine learning andsoft computing for ICT security: an overview of current trends.Journalof Ambient Intelligence and Humanized Computing,4(2),235-247.
ElKadiri, S., Grabot, B., Thoben, K. D., Hribernik, K., Emmanouilidis,C., von Cieminski, G., & Kiritsis, D. (2016). Current trends onICT technologies for enterprise information systems. Computersin Industry,79,14-33.
Faheem,M., Kechadi, T., & Le-Khac, N. A. (2015). The State of the ArtForensic Techniques in Mobile Cloud Environment: A Survey, Challengesand Current Trends. InternationalJournal of Digital Crime and Forensics (IJDCF),7(2),1-19.
Feng-hua,L. I. (2016). Development trends of the information technology andcyberspace security. ChineseJournal of Netword and Information Security,1(1),8-17.
Hemphill,T. A., & Longstreet, P. (2016). Financial data breaches in the USretail economy: Restoring confidence in information technologysecurity standards. Technologyin Society,44,30-38.
Le,H. S., Lee, J. H., & Lee, H. K. (2014). Exploring CurrentResearch Topics and Trends based on the Keywords Analysis in theLeading Information Systems Journals. 인터넷전자상거래연구,14(2),161-180.
Loo,J., Mauri, J. L., & Ortiz, J. H. (Eds.). (2016). Mobilead hoc networks: current status and future trends.CRC Press.
Sadeghi,A. R., Wachsmann, C., & Waidner, M. (2015, June). Security andprivacy challenges in industrial internet of things. In Proceedingsof the 52nd Annual Design Automation Conference(p. 54). ACM.
Thierer,A. D. (2015). The internet of things and wearable technology:Addressing privacy and security concerns without derailinginnovation. AdamThierer, The Internet of Things and Wearable Technology: AddressingPrivacy and Security Concerns without Derailing Innovation,21.
Whitmore,A., Agarwal, A., & Da Xu, L. (2015). The Internet of Things—Asurvey of topics and trends. InformationSystems Frontiers,17(2),261-274.