The F5 Foundation has reviewed a set of misconceptions and misinformation companies need to address in order to preserve their electronic security and the integrity of their business, by Dan Woods, its Chief Investigative Information.
In the last two years, the world has experienced strong shocks that have affected the economy, politics and technology, so that the transformations taking place in the world of technology can no longer be described as great, but move at an accelerating pace that is sometimes difficult . to catch up or even keep up with.
Against the background of this changing scene, some misconceptions about cyber security have emerged and gained some momentum, resulting in cyber security teams sometimes focusing on the wrong aspects, thus causing companies out of good faith and lack of left knowledge exposed to many security risks. The following are the most prominent misconceptions:
Mistake 1: Thinking that there are too few fake accounts on social media
Many companies are aware of the fact that they have webbots, but the reality is that social networks and platforms do not know – and do not want to know – the true number of webbots spread across their other platforms.
F5 previously revealed the proof of this fact several years ago on a social networking site, as it was found that 98 percent of the logins on that social site were actually done by automated bots. At the time, the company was excited about the future and very proud of its growth and high demand, but in the end it turned out that it only had a tenth of the number of subscribers it thought would join its platform. Therefore, attention should be paid to the consequences of the spread of bots all over the web, especially on social networking sites.
Mistake 2: The fight against webbots is simple and accessible to any company
Companies have long tried to combat malicious web bots by blocking their web addresses or geographic regions, but the development of bot attacks has exposed the flaws of this blocking strategy. With bots exploiting thousands and millions of Internet addresses, network defenses based on the blocking mechanism are unable to repel the massive barrage of attacks.
A successful solution to combat these attacks lies in taking advantage of behavioral signals received from users in the form of measurable indicators. The behavior of browsers and the behavior of connected devices must be extrapolated and behavioral data collected and intercepted in order to succeed in not only identifying malicious webbots, but also detecting malicious behavior of human users.
Mistake 3: Focusing on new and mysterious cyber threats
Most of the bots we see today have the same level of sophistication that we observed in them five years ago. Similarly, we continue to see the success of stolen password exploitation attacks despite the deployment of defensive countermeasures, such as multi-factor access authentication mechanisms and tests to distinguish humans from web bots (CAPTCHA), meaning that attackers are not yet forced to create new not to be found. vulnerabilities as long as their methods The bypass is still successful.
As a result, while new cyber threats need to be addressed and prepared for, companies must continue their efforts to mitigate the effects of old attacks that surfaced years ago. New threats do not reduce the risk or consequences of old attacks.
Mistake 4: Multiple clouds are complex and require rare talent
The world of multi-cloud computing has become a reality that many, if not most, companies are witnessing today. However, there are still companies that run their multi-cloud operations reluctantly and without taking advantage of the excellent opportunities available in these environments.
Today, however, there is no longer any reason why corporate-owned technology portfolios should not only be secured and managed across multiple clouds, as cloud service providers have offered the benefits of interoperability across multiple technologies, while other cloud companies have tackled the challenges. of the integration of systems with each other, As well as making comprehensive cloud functions accessible across all environments and delivered through a simple and unified interface.
Mistake 5: It is enough to secure devices and systems only within companies
Cybersecurity teams typically focus their efforts on protecting corporate infrastructure, including servers, computers, and computing devices, but they don’t pay attention to the home networks of those companies’ employees.
For example, an attacker may deliberately target a CEO’s home computer in search of confidential information about acquisitions and mergers or other strategic corporate information. Therefore, we must focus on home networks as outlets that can allow infiltration by attackers at a time when working from home is increasingly common.