Andy Samsonoff, CEO of Invinsec, shares his predictions for the year ahead
Protecting an organisation from cyber crime is a relentless task, as both security solutions and means to attack continue to evolve. The repercussions of a security ‘incident’ can be costly, in terms of financial loss, data recovery and damage to reputation.
As we near the end of 2018, many of us will be looking ahead to 2019, identifying what developments may impact our personal and business security, and how we can best prepare for them. We have therefore drawn upon our extensive knowledge of IT security, to bring you our predictions for next year’s cyber security landscape.
Nature of attacks
Threats to security come in two distinct guises: deliberate and accidental. It may be tempting to only consider threats coming from ruthless cyber criminals with sophisticated software, but the reality is that much damage can be done via carelessness. A sloppy approach to securing hardware, or having predictable, shared passwords, makes organisations extremely vulnerable and easy to compromise.
That said, even the most robust security infrastructure can be subject to attack. The means and motives for committing cyber crime are evolving, as criminals find new ways to bypass or break into systems. Below are five key areas to consider:
This carries two inherent risks:
- Criminals may try to con people into parting with real money (e.g. via crowd funding), in exchange for crypto-currency that has little or no value.
- Cryptocurrency mining is a costly business: an attacker may attempt to inject mining scripts into a business network, thus hijacking their server / computer power and making it run more slowly and more expensively.
#2: Phishing attacks
The practice of Phishing often using email, will continue to be a problem. It is used to extract personal or company data, usernames or passwords to gain improper access often through the insertion of malware using bad links or documents.
#3: APT’s (Advance Persistent Threats
These are complex, multistage attacks designed to collect data (social engineering), download more malicious code, move through and around your network, make initial infections and extract data with the ability to silently leave your network(s).
#4: Cloud Application and Data Centre Attacks
The ability of having faster and more reliable internet connections has allowed for the growth and expansion of cloud applications and cloud data centres. With every new application that moves to the cloud, it requires you to trust another vendor, their software and their security to protect your information.
The inherent risk is that users can access applications as well as your data from almost anywhere as long as they have the user’s credentials. It becomes a bigger risk when those users connect to free or public wi-fi.
#5: Shadow IT Applications
We are going to see an increase in shadow IT applications being used, we can see that over the next few years these applications are going to cause serious damage. Industry professionals sometimes refer to them as renegade applications, where employees download non-corporate-approved (and potentially insecure) applications to the same devices used to access company data. Companies should consider whitelisting applications and restricting the ability to download new software.
And one for 2020:
Predicted security trends for 2019/20 show that AI is poised to help forecast, classify and potentially block or mitigate cyber threats and attacks.
One fundamental idea to AI is machine learning. Over the past few years it is being incorporated into many security applications. Machines will battle machines in an automatic and continuous learning response cycle and this is will continue to enhance security postures.
Don’t be scared, protect yourself
As the opportunities to commit cyber attack evolve, so must your security provision. Expert advice, round-the-clock monitoring and competent recovery software will offer the best chance of achieving ‘business as usual’ in the event of a cyber attack.
To talk to us about how we protect our customers and their businesses, or to discuss any specific security concerns. Contact us to find out more.