Result: There’s a new level of attack sophistication facing a wider array of websites.
Impact: Operators of all sites and web applications, regardless of size, need to learn how to defend against far more sophisticated attackers. Simple Web Application Firewall (WAF) rules and rate-limiting won’t work anymore. Operators must learn how to defend new attacks to protect their revenues and reduce time and resources wasted remediating and reacting to attacks.
Result: Detecting malicious bots will require more advanced machine learning that can better spot and predict bots that are lower volume and coming from higher reputation IP addresses
Impact: Every web application team will need to either understand machine learning or use a web application security service that deploys machine learning to stay ahead of the attackers. Business units and e-commerce revenue teams need to reconsider technology choices for their web defense.
Result: Shoppers not using bots will struggle to buy in-demand items like pulse oximeters and isopropyl alcohol. Hoarding tools will appear quickly whenever there’s a supply interruption, driven by easy access to open source technologies. Businesses must deal with more disruptions caused by hoarding bots including site latency, skewed site analytics and unhappy customers.
Impact: Retailers must more broadly adopt bot mitigation measures to ensure fair access to their products, reduce infrastructure costs and maintain analytics integrity.
Result: Organized attackers will gravitate towards government web applications for high-value, high-impact attacks.
Impact: We see large spikes in attacks as the bad guys target newly digital government sites to harvest PII and financial institution data. Government operators of online properties must consistently test, validate and improve their security stances to protect users from the increased cadence and severity of attacks.
The CIO of Artesia General Hospital in rural Southeast New Mexico shares the ongoing staffing and resource challenges he faces on a daily basis, and how his IT team tackles risk and workforce training.
The Federal Energy Regulatory Commission is asking input on information collection regulations for how energy companies secure bulk electric systems while its CIO speculated earlier this month that regulated energy utilities will likely need to follow recent government actions around implementing zero trust architectures.