The computer security world is constantly changing. Everywhere you look, you can see trending new headlines and statements about the latest data breach at HBO, or a respectable healthcare facility losing 100,000s of patient data records. You blink your eyes and the FBI is now involved in a breach investigation, and world leaders are passing policies on data security protection. The reality is criminals are getting ahead of industry leaders at the security game. These are harsh realities that business, IT and security professionals have to work through on a daily basis.
As we’ve seen so far in 2017, malicious criminals are finding new ways to access company data. The avenue of attack is staying the same with denial-of-service (DDos) and malware attacks leading the hunt for data exploitation. Criminals, as a majority, still look to make a profit. However, this year has seen a change in the methods criminals use to exploit information.
The methods are changing. Technology advances have given criminals new avenues to test their crafty skills. With technology advances in Internet of Things (IoT), cloud storage and mobile, technology advances have created new vulnerabilities and holes in the system that traditional methods of data security isn’t patching. A new door of possibilities have been opened for criminals to enter and exploit data. Be mindful of these current and developing trends.
Criminals look to exploit human vulnerabilities, not just system vulnerabilities. The next generation of attacks will use data and analysis to emulate the behaviors of specific users. With the amount of data that we as everyday users are pushing out into the internet, criminals can begin to formulate a backbone story to our job and daily life. This is where social engineering comes into play. Social engineering is the exploiting of human vulnerabilities to gain access into critical systems. The most common form of social engineering is phishing.
This information can be gathered through our social media profiles that we’ve made public, or data gathered from our browsers and sold to third-party companies. All in all, criminals have enough data to create very sophisticated phishing campaigns that trick us into giving over sensitive password data and login credentials. This has been seen with sophisticated phishing campaigns targeted at Google Drive, DropBox and Verizon customers. Company reputation and brand identity is at stake as criminals aim to use social engineering to gain entrance into systems through employees. This is a heavily talked about topic in 2017, and we expect it to continue as a strong topic in the coming year.
- The Victim Click: The Psychology Behind Making Employees Click
- 6 Ways to Identify a Phishing Campaign
- Two-Factor Bypass: Real Time Phishing and How to Protect Your Company
Cloud Security and IoT
Interconnection. Easy accessibility. We enjoy having these abilities in our daily lives, because they simply make our lives easier. I personally enjoy accessing my photos from my DropBox via my iPhone, computer or iPad. That’s a pretty great deal. If I want to share an important company file, I only need to write it into a Google Document and share via email. Cloud-based services are making our lives easier, but security questions need to be considered. According to a Netwrix 2016 Cloud Security Survey, cloud technology is gaining in popularity, and technology usage jumped from 43% in 2015 to 68% in 2016. Criminals feed off of these technology trends, and look for ways by social engineering to trick you into giving over important information. The same can be said with IoT. Interconnection is a fantastic idea, until somebody’s data gets stolen. Interconnectability aids in our lives, but the right security measures are still not in place to protect against malicious activity. Heated IoT topics have been vulnerabilities in smart cars, smart houses and even medical devices.
- Overconfidence in Cloud Vendors
- IoT Products: Your Everyday Insiders
- The Security of Things: How will IoT impact data security?
How do we control our information when it’s outside of our company? This is the growing security concern with outside vendors. With companies turning to remote workers and outsourcing tasks, company data is exiting the brick and mortar walls and into unprotected regions. The key is to utilizing software-based monitoring and tools to automate and continuously monitor vendor security.
Rethink: Data Prevention, not Data Protection
Companies still rely heavily on traditional technology approaches to safeguard company data. Traditional methods, such as the security firewall, are still the main pillars and sometimes only pillars in the information security strategy. These traditional methods have traditionally worked, but in order to be successful in the future, companies will need to develop a new mindset on data protection. This mindset is looking at data loss as preventative, and not reactive. Companies lack the methods to analyze and utilize the amount of user data that’s being generated. Through user-based analytics, management can create guidelines of normal company behavior, so when malicious activity does occur the reaction time it quicker and directly at the source. Reinforcing healthy security habits, like safe passwords and safe employee sharing of information, can help further this prevention mindset. These little steps will benefit the company in the long run.
- Technology Developments in Data Security, Say Goodbye to the Firewall
- Is implementing User Analytics Right for Your Company?
New trends are developing in the information security industry, and companies need to be on board to adopt and improve their current approach. Other topics that are being discussed and will be discussed in 2018 involve encryption problems, industry regulations and artificial intelligence. Be at the forefront of these trends by signing up for our E-Newsletter below.