Cyber security

Cyber crime threats are evolving. This article provides insight into which emerging techniques and technologies will mitigate these risks.

In an increasingly digital world, criminals have the information and the means to ensure that high profile security breaches, involving major household names, continue to make the headlines. As technology evolves, so do the threats being developed by hackers who have a whole host of motivations for wanting to disrupt businesses of all sizes. It’s a constant battle but thankfully one that has resulted in increasingly sophisticated security tools coming to the market.

Security threats

In many ways the hackers have more opportunities to attack, given the proliferation of devices being used to access systems and data remotely – all of which can potentially leave the door open and result in vulnerabilities.

We will inevitably see an increase in the sophistication of ransomware attacks (due to their success) and the data available to those who carry out the attacks. I fear that the emergence of the much heralded Quantum Computing will only enhance the power of the hackers’ toolkit – as much as it will the technologies designed to thwart them.

Hosted services will also provide cyber criminals with details highlighting specific organisations and their unprotected channels, allowing them to choose the most effective route to exploit. These will be provided as a chargeable, anonymous, service.

Getting serious

Looking forward, I’d like to think that if we are to prevent cyber-crime, IT security must be treated much more seriously than it is currently. This means not going through the motions, just doing the basics. All too often, it’s only once a business suffers the damage and downtime from an attack that they then consider more advanced protective measures..

It’s no use just thinking that it only happens to the big brands either. Very often, the hackers’ route into larger organisations is through smaller, more easily compromised, companies. Hacking has fast become a lucrative industry with a genuine recruitment drive taking place to build up teams of the most prolific cyber criminals. So notching up as many SME security breaches as possible improves a hacker’s reputation before they are trusted with taking on larger organisations.

New EU legislation, in the form of the NIS agreement, is coming into force in the next  few years. It’s the first proper piece of cyber security law, since the Data Act of 1998 and is designed to stop countries ‘doing their own thing’ when it comes to IT Security. There will be protocols to adhere to and presumably governmental auditing to check how seriously we are treating our IT Security.  This will hopefully help re-focus the mind-set of businesses so security is firmly placed on boardroom agendas.

More security savvy staff

Your staff are, and will continue to be, your first line of defence when it comes to IT security and this won’t change. As almost 80% of cyber-attacks can be apportioned to human error, so IT security training will become a regular part of new employees’ induction process. Knowing the simple things – such as how to use external storage devices & cloud services safely – can make a massive difference.

Over 50% of spear phishing attacks carried out last year were against SMEs, so raising security awareness amongst your personnel is absolutely crucial if you are to avoid anyone trusting a spoofed email that appears to come from a colleague. As legislation continues to evolve it’s likely that businesses completing internal security audits will become as commonplace as filling in tax returns and staff cyber security training may also become mandatory.

New security solutions on the horizon

  • Passwords will be a thing of the past. They are already becoming unreliable and can be compromised relatively easily in a ‘brute force attack’.
  • Although already in use, biometric authentication using facial/ iris recognition will become the authorisation norm.
  • The latest update of Windows 10 will allow you to not only log on to your machine with facial recognition, but also securely log in to websites and your applications. We will also inevitably see more and more hardware that supports this technology.

 

By Paul Burns, chief technology officer at TSG