Changing Threat Landscape

As stated by the Institute for Security and Open Methodologies (ISECOM) in OSSTMM 3, security is a form of protection where a separation is created between the assets and the threat. In todays world, there are four types of security threats to consider - Interception, Interruption, Modification and Fabrication. These threats arise from various kinds of attacks performed by an attacker. Threats are raised to against the key aspects of security: Confidentiality, Integrity, and Availability (CIA). Security is given to physical and information assets through controls, which provide ass urance that the physical and information assets as well as the channels themselves are protected from various types of invalid interactions. In the earlier days of computer systems, controls over security were provided by passwords. Passwords have been in use since the ancient times and are still used as the primary authentication mechanism on every system, including workstations, servers, network domains, websites, mobile devices, etc. Hacking, in the modern sense, is the act of breaking into systems, usually remotely. Looking at the history of security, the bad guys were always far more sophisticated than the good guys. The history of electronic hacking can be traced back to 1965, when William D. Mathews from MIT found vulnerability in a Multics CTSS running on IBM 7094 to extract system passwords. Soon after, in 1971, John T. Draper, a U.S. Air Force veteran, made free telephone calls (called phreaking) using AT&Ts long distance service by blowing a precise tone into a telephone using a toy whistle from childrens cereal boxes. With the advent of Internet, it became easy for hackers to carry out attacks as it connected the world and diminished boundaries. By sitting at an unidentified location, they could write an attack code or malware (most common ones being virus, worm and Trojan), attach it to an otherwise unsuspecting message and send it to millions of users and systems around the world. The Internets first worm was created by a 23 year old Cornell University graduate student, Robert Tappan Morris, Jr., who just wanted to count how many machines were connected to the Internet. However, todays attacks are far more motivated and backed by well-funded groups, corporations and even nations, called Advanced Persistent Threats (APT). As the Internet evolved through the 90s, more and more organizations offered information and services to the consumers doorstep. As the usage of Internet grew rapidly, it provided hackers more Motive, Opportunity and Means (MOM) to break into systems. Hackers started to dig deeper into systems, identify newer attack vectors (means), write customized attack codes and collaborated among themselves to create hacker groups or fraternities. As the attacks matured, so did security techniques and newer ones came into being, such as defence-in-depth, trusted computing base, finegrained access control, encryption, digital signature, firewall, intrusion prevention, distributed computing and real-time replication. The world matured further and automation of systems became the mantra, which resulted in integration of computer systems with control systems. This brought in newer challenges as hackers shifted their focus to targeting systems that provided critical community services, such as law enforcement, traffic control, medical services and power supplies. A classic example of this is the Stuxnet worm, which targeted Irans nuclear facilities by attacking SCADA systems used to control and monitor specific industrial processes. Stuxnet primarily affected Iran, Indonesia and India, and used such sophisticated techniques that Kaspersky Lab concluded that it could only have been conducted "with nation-state support". The introduction of mobile devices in the enterprise IT landscape brought in fresh challenges to balance security, usability and convenience. Biometric methods, such as fingerprint identification, and graded security techniques are the widely accepted security techniques in this area. In the coming days, as systems and applications become highly virtualized using cloud computing and software-

defined networks, security will become the foundational part of enterprise architecture. To secure their data, organizations would be looking at newer security techniques, such as zero-trust security models, data cloaking, federated identity management, context aware authentication and next generation biometrics-based authentication. Organizations are also looking at subscribing to threat intelligence services, which have the potential to change the way enterprises measure security risk and prepare their defences for the next wave of attacks.