Where cybersecurity is concerned, the stakes have never been higher.
In the process of trying to come up with a suitably powerful opening paragraph for this blog that would encourage you to read to the very end, we must turn to Tamlin Magee writing in ComputerworldUK who puts it thus –
‘With the cyber security industrial complex in full swing and good business for all the major players, from governments and state sponsored groups, to criminal attackers and the vendors as well as their shareholders, we wonder what horrors this dystopian hell world will spew forth next.’
The Low-Hanging Fruit Is Getting Higher & Higher…
Since GDPR came into effect last May, tens of millions of people have been affected by data breaches from some of the biggest names in the game – Facebook, Reddit, Uber, British Airways and the Marriott hotel group – and while the cyberbaddies will still try and hit the soft targets, they are undoubtedly getting increasingly sophisticated.
So, where are the pinch-points going to be this year?
Internet of Things
Your fridge can now let you know when you’re out of milk and add it to your online shopping list. Your car knows when something is wrong and can send a signal to your phone to let you know. If your dog runs off, a ‘smart-collar’ will let you know where he or she is.
The IoT is ostensibly a good thing but with more and more devices becoming connected (estimates suggest something close to 10 billion by the end of 2019), routers and cameras will be popular targets for attack.
VP of Security Technology at Synopsys Gary McGraw puts it pretty bluntly: ‘IoT remains a security disaster waiting to happen.’
The takeover of individual accounts represents ‘one of the biggest threat vectors in the cybersecurity industry’, so says Asaf Cidon, VP of Email Security at Barracuda Networks.
He continues; ‘Attackers are moving away from the relatively standard phishing emails, as they are finding that strategically targeting business executive accounts is much more lucrative.’
As we get more savvy in recognising phishing emails, so the cyberattackers get more savvy in how they are distributed…
A growing number of businesses are adopting multifactor authentication as standard and with the proliferation of online collaboration, especially on mobile devices, 2019 will see a huge increase in adoption.
Stacy Stubblefield, co-founder of secure comms platform TeleSign says that ‘The increasing prevalence of SIM swap fraud and porting fraud (where attackers take over an end-user phone number so they can intercept one-time passcodes) has led to more collaboration between online businesses and mobile network operators, who can tell those businesses (in real time) when a SIM swap or porting change has occurred.’
The AI Fight From Within
More and more businesses and organisations are using AI so it’s the natural breeding ground for a new strain of cybercriminal.
Jason Hart, CTO of Data Protection at Gemalto thinks that an AI-augmented attack is a very real possibility and may already be in place. ‘Creating a new breed of AI-powered malware, hackers will infect an organisation’s system using the malware and sit undetected, gathering information about users’ behaviours and organisations’ systems.’
True to it’s name, the malware will have the ability to adapt to it’s surroundings and unleash attacks that will be specifically programmed to bring down a company from within.
As more and more companies migrate their critical business systems into the cloud, the assumption is that protection is guaranteed but as many have found out to their (quite considerable) cost, it’s not always the case.
Larger IT teams are now hiring cloud migration security specialists to not only oversee the transition but, more importantly, to continuously moderate and monitor how it’s being used. The most common vulnerabilities are misconfiguration, mismanaged credentials and insider theft and ‘cloud hygiene’ – yes, really – will play an increasingly important role, particularly to avoid the one thing no business wants – a data breach.
Gary McGraw said that ‘The ‘inventory’ problem (that is, what is running where, who made it, what its constituent parts are) is exacerbated by the move to the cloud and massively distributed architectures.’
It seems like every day, employees are being asked to adopt a new software for collaboration, messaging, efficiency or productivity and new versions are being released all the time. The trouble is, with so much pressure on the software designers to release new and updated versions before the competition does, design flaws are much harder to find and fix that straightforward bugs and as such, even the designers can miss things.
This is when the attackers pounce…
The thing about cybersecurity is that it’s not just the reserve of the biggest companies with the deepest pockets. Regardless of how many employees you have, it should be regarded as important to your business as having customers, premises and hardware and the best bit is – contrary to popular opinion – it doesn’t cost the earth.
Talk to us about cybersecurity before you have to talk to us about cleaning up a mess that might not be cleanable…
Email us today on firstname.lastname@example.org or call 020 7078 0789. It may well be the best call you make this year and it’s only week two.