On 18th June 2020, Suhas Patil, Founder and CEO – Sankey Solutions and Karan Rao, Lead – Sankey Cybertech Solutions delivered a webinar on the Fundamentals of Securing your Platform. In the webinar, Suhas and Karan unraveled the different types of cyber-attacks that can make a particular tech platform vulnerable and how organizations can make security a core requirement of the development process. What follows is a summary of the webinar:
What are some of the recent cybersecurity trends that you have noticed?
As we have been building engineering applications while working with several large enterprises, we have observed quite a bit of change happening in the security space. Some of the most prominent trends we have seen for the last few years is large data breaches. When we say data breaches, we mean the ability to take data(in most cases customer data) through any hacking mechanism and posting it on the dark web to be sold illegally. The first quarter of 2020 was the worst in terms of data breaches in so many years of hacking history. It has become so common and serious that it has started to impact everyone now. Earlier it was thought that only big enterprises will suffer major data breaches, now even a small startup has to take care of the security scenarios.
In the last few years, cloud adoption has gone up. Cloud adoption has naturally created more exposure and a lot more endpoints for someone to attack. The other engineering trend that is amplifying cyber threats is microservices and automation. Microservices provides hackers with more entry points as you break the application into smaller parts. As the architecture and technology advances, we become more vulnerable to cyber-threats, just recently we have heard about many cases of connected vehicles getting attacked.
In addition, everyone is talking about AI being the prominent application capability, but hackers are also using AI technology to create patterns that can mimic users and attack the applications. Another underlying threat that comes around is open-source. We all use open source but very few of us actually follow the proper guidelines to vet the open-source code for malware and other threats.
In short, the trends are really worrying because of the number of attacks, the type of attacks, and the increase in numbers of entry points.
How can AI and Automation be utilized to defend against these cyber threats?
Hackers have been one step ahead of the developers thus far. Developers now have to think about the new scenarios which hackers can exploit using AI and thus there is a need to create a more restrictive environment for AI to penetrate. We have a number of threat intelligence tools at our disposal these days which can help us monitor the traffic in real-time, give you a predictive flag based on past activity and IP address scanning and blacklisting. The bigger theme is that developers have to not just be reactive but be preventive and proactive. We also need to have a mechanism in place where once a threat is identified, it is then propagated in various networks thus slowing down the spread.
How has Covid-19 impacted the whole security landscape:
COVID has not created any new types of threat but it has created a lot of vulnerabilities. The biggest threat has come from employees working remotely where they are connected to public networks which are not as secure. A lot of organizations have faced ransomware attacks because of this vulnerability. The number of entry points has dramatically increased for hackers to exploit. Phishing attacks are also on the rise resulting in devasting financial fraud. A lot of COVID related maps and dashboards were eventually found to be malware, so there a lot of opportunities for these hackers to exploit. COVID has made the lives of hackers much easier.
What are the different types of attacks at different layers of an architecture?
To answer this question, we need to first understand the doors of a typical application that are vulnerable to attacks. Typically, at Layer 1, we will find presentation layers where we do scripting of HTML codes for the front end part to present our application. In Layer 2, users interact with the application where they first have to go through a DNS server, and then the traffic goes through cloud caching servers (Level 3), and then it enters into the application (Level 4). If you have a gateway at level 4.1, it will go through microservices or monolithic core backend. The most common way to secure the backend layer where microservices endpoints are open to attack is by using secured APIs. But that is not enough. There is a lot more we need to think about given the vulnerabilities we have seen in recent years. Typically, we make sure that we do the IP binding of the services with the gateway. On top of it, there are a number of API discovery-based tools where you don’t map the endpoints directly with the API gateway and you create a registry where the application is smart enough to know what is the request and where to send it.
What are some of the common types of attacks that can take place from the mobile app or browser?
When it comes to mobile, its less vulnerable compared to the web application. However, there are still a lot of ways through which hackers can exploit the platform. Some of the things to keep in mind is not embedding passwords and endpoints of APIs in frontend code. Not failing to do so will give the hackers an opportunity to reverse engineer your code and get all the endpoints and query parameters. There are also a number of tools out there to make your code more complex and difficult to reverse engineer.
How do security professionals stay one step ahead of the hackers?
There are not enough security professionals in the industry today. The cybersecurity industry is going to grow from $160 billion to almost $220 billion in a year alone. There is a huge lack of awareness and skillset with respect to security. One thing that has got to happen is making security part of your learning, increasing awareness about the different security threats at different levels, and how to mitigate these risks. It has to be a part of every organization from startups to Fortune 500 companies. It’s no longer an option or choice. And it should not be only limited to developers. Everyone in the company including IT Directors, CXOs need to go through application-level related security training and build the skillset with respect to security.
You can watch the webinar here.Find out more