Conventional IT Security approach is very soon going to be obsolete
Organizations have been battling a war against vulnerabilities and bugs existing in their IT infrastructure introduced by the vendors. IoT devices are the forefront runners in this race and have been responsible for crippling the Internet.
Mirai Botnet took advantage of these vulnerable IoT devices and hackers have been using these very vulnerabilities to launch massive DDOS attacks. Traditionally IoT device vendors have been taking for granted the entire concept of IT Security and insecure coding standards are to be blamed for this. Furthermore, the turn-around time to issue patch updates to these vulnerable devices is very high or simply does not exist.
Recently, TheHackerGiraffe exploited one such vulnerability existing in Printers connected to the Internet and hacked them to print his message. Such incidents force us to contemplate on the existing issues governing the IT Security landscape and conventional methods used to protect the devices from the prying eyes of hackers.
All the stakeholders involved in the development/deployment of IoT devices have to retrospect their approach towards implementing Security Processes / Standards and they may have to digress from the conventional outlook they have towards the securing IoT devices.
Be it Quora or Dell, in the past few weeks their security defenses have been breached and their sensitive user-centric data pilfered by hackers. Data is the new oil and every organization has been investing heavily into securing their networks; however, this has not prevented the hackers from breaching the defenses and stealing the data, which were supposed to be prevented by the systems and process that were in place.
The security product offerings in the present day although advanced but are lacking the essential component viz. understanding the user behavior and collating all the incidents and making sense out of them. Artificial Intelligence in IT Security is the missing component. Breaking away from the conventional approach of securing end-points, implementing IDS/IPS, NG Firewalls may prevent the majority of the attacks, however, for a motivated/experienced hacker, conventional methods will always fail.
In coming years, IT Security Product landscape will change drastically from the rule/signature-based engines to intuitive AI based ones.