The Future of IT Security: Futureproofing your Business
In an increasingly digital world, criminals have the information and the means to ensure that high profile security breaches involving major household names, continue to make the headlines. As technology evolves, so do the threats being developed by hackers who have a whole host of motivations for wanting to disrupt businesses of all sizes. It’s a constant battle but thankfully one that has resulted in a drive to create more sophisticated security tools available for the market.
In many ways the hackers have more opportunities to attack, given the proliferation of devices being used to access systems and data remotely - all of which can potentially leave the door open and result in vulnerabilities.
Due to their success, we will inevitably see an increase in the sophistication of Ransomware attacks and the data available to those who carry out the attacks. The likes of Maktub Locker, Cryptolocker and Teslacrypt are becoming an uninvited norm in the digital world, and I fear that the emergence of the much heralded Quantum Computing will only enhance the power of the hackers’ toolkit - as much as it will the technologies designed to thwart them.
Hosted services will also provide cyber criminals with details highlighting specific organisations and their unprotected channels, allowing them to choose the most effective route to exploit. These will be provided as a chargeable, anonymous, service.
Looking forward, I’d like to think that if we are to prevent cyber-crime, IT security must be treated much more seriously than it is currently. This means not going through the motions, just doing the basics. All too often, it’s only once a business suffers the damage and downtime from an attack that they then consider more advanced protective measures. That’s why solutions like Sophos Intercept X are a real breakthrough in IT security, as they genuinely stop Ransomware in its tracks before damage can be done.
It’s no use just thinking that it only happens to the big brands either. Very often, the hackers’ route into larger organisations is through smaller, more easily compromised, companies. Hacking has fast become a lucrative industry with a genuine recruitment drive taking place to build up teams of the most prolific cyber criminals. So notching up as many SME security breaches as possible improves a hacker’s reputation before they are trusted with taking on larger organisations.
New EU legislation, in the form of the NIS agreement, is coming into force in the next few years. It’s the first proper piece of cyber security law, since the Data Act of 1998 and is designed to stop countries ‘doing their own thing’ when it comes to IT Security. There will be protocols to adhere to and presumably governmental auditing to check how seriously we are treating our IT Security. This will hopefully help re-focus the mind-set of businesses so security is firmly placed on boardroom agendas.
In addition, we will see the introduction of the GDPR regulations set out by the EU, although Brexit somewhat complicates this. Talking to many businesses it is clear there is a lack of understanding and very few are working towards the compliance which comes into effect in May 2018. Click here for more information.
More security savvy staff
Your staff are, and will continue to be, your first line of defence when it comes to IT security and this won’t change. As almost 80% of cyber-attacks can be apportioned to human error, IT security training will become a regular part of new employees’ induction process. Knowing the simple things - such as how to use external storage devices and cloud services safely - can make a massive difference.
Over 50% of spear phishing attacks carried out last year were against SMEs, so raising security awareness amongst your personnel is absolutely crucial if you are to avoid anyone trusting a spoofed email that appears to come from a colleague. As legislation continues to evolve it’s likely that businesses completing internal security audits will become as commonplace as filling in tax returns and staff cyber security training may also become mandatory.
New security solutions on the horizon
A once thought secure world protected by pin codes, passcodes and memorable words is soon to be a thing of the past. With increased threats and intelligent malicious tools accessible to the public via social engineering, they are already becoming unreliable and can be compromised relatively easily in a ‘brute force attack’.
Saying this, technology evolves at such a rate, it’s sometimes hard to know what is around the corner, and unlike 10 years ago most of us now use multiple online services. The advice is always to use different passwords for each of your logins and make them as complex and random as you can. But when it comes to remembering them all, we need a change. As we’ve seen from recent devices such as the Apple iPhone, the likes of fingerprint scanning technology is now being adopted across applications and devices as a new means of identification. Although already in use, biometric authentication using fingerprint, facial or iris recognition will become the authorisation norm. For key services, we will see a wider adoption of multifactor authentication technologies including using mobile phone based token software like Azure Authenticator. Will we see car keys being replaced by our finger tips? Will there be eye scanners on public transport for policing purposes? If any of you have seen the film Minority Report, this will all sound very familiar.
The latest update of Windows 10 will allow you to not only log on to your machine with facial recognition, but also securely log in to some websites and applications. We will also inevitably see more and more hardware that supports this technology, which overall will advance the security of consumer products, with the backing of intelligent security services.
Although there is a rise in cyber-attacks via phishing scams, Ransomware and other intelligent malicious tools, empowering your staff with confidence and knowledge of what the means of defence are against these attacks. Sophos Intercept X is a prime example of what shielding can be adopted to any endpoint solution, removing human error when mistakenly interacting with invasive cyber-attacks.