By Ricky Magalhaes, Head of Offshore Security, Logicalis
From Equifax to Uber, Wannacry and NotPetya, data breaches and malware have all made the headlines.
If you didn’t know what spear phishing was at the start of 2017, there’s a good chance you will now. And if you haven’t, it’s possible you’ve been a victim of it without realizing … or soon will be.
If 2017 was the year people woke up to cyber security, 2018 will be the year people have to start taking it seriously to stay ahead of cyber criminals.
The Internet of Things (IOT)
Nearly a quarter of homes already use IoT devices such as fitness wearables, smart fridges, wi-fi connected lights, gaming consoles and children’s toys. As usage of Internet of Things (IoT) devices grows, the risk of becoming a victim of cyber crime rises.
Unsecured IoT devices can be hacked, giving cybercriminals access to data stored or logged by the device, and control of the device for malicious purposes, e.g. spying on you, or using the device in a Distributed Denial of Service (DDoS) attack.
In one of the biggest DDoS attacks, against the domain name server Dyn, tens of millions of unsecured IoT devices were infected with the Mirai botnet, turning ISPs against the Dyn website, causing denial of service to users such as Twitter, Amazon, and Netflix.
Anyone using IoT devices should check security settings and change default passwords and PINs to prevent unauthorized access. For businesses, this includes devices such as printers, otherwise hackers may be able to download confidential documents, potentially leading to a data breach.
According to Europol’s 2017 Internet Organised Crime Threat Assessment (IOCTA) over two billion records belonging to EU citizens were breached over the past year, mainly due to poor digital hygiene and practices.
With EU General Data Protection Regulations (GDPR) taking effect 25 May 2018, organisations should be entering the final stages of preparation, auditing data they have and defining how they will process it. Anyone processing or storing personal data of EU citizens (including people in the Channel Islands and UK) has certain obligations regarding security and data access.
If an organisation cannot give people legitimate access to their data as a result of cyber crime, e.g. because files are encrypted by ransomware, it will breach EU GDPR. This means organisations need to step up security to prevent hacks, and have sufficient back up to maintain access to data.
Organisations will also be obliged to report data breaches within 72 hours, so 24-hour monitoring of systems to detect and repair data leaks as quickly as possible will become essential.
EU GDPR is about protecting data rights and privacy of individuals and ensuring data is stored and processed to certain standards. The new regulations should help individuals understand the value of their data and their ability to hold organisations to account if they fail to protect it.
As machine learning and AI become more sophisticated they are more viable as a way of detecting threats and anomalies in real time – before humans can spot them.
In the era of Big Data, the volume of data available for analysis is too great for humans to interpret, making AI important in making sense of trends.
By analyzing data patterns of users over a period of time, machines will be able to predict if the person accessing data or applications is the legitimate user, potentially providing an extra layer of authentication.
Firewalls, patching and other protection can only go so far against giant attacks by bots. As hackers incorporate AI into making their attacks faster, and better than a human brain alone, AI is likely to gradually become part of the security process.
Once cyber criminals get into a system, they may be able to read and modify documents for significant periods of time. It takes companies an average of 206 days (over six months) to identify a data breach, and another 55 days to contain it.
Encrypting documents is one way to protect important files or emails if you’re hacked. According to the Ponemon Institute 2017 Cost of Data Breach Study, the average data breach costs $3.62 million and extensive use of encryption can save $385,000 per data breach.
While many people entered 2017 thinking encryption wasn’t necessary, high profile data breaches and leaks of client data such as the ‘Paradise Papers’ mean many more people will be considering it.
The European Commission has singled out encryption as an area of focus for the EU’s new cybersecurity centres. End-to-end encryption is already used by many messaging services, however, user-encryption, encrypting emails so they can only be read by people with the encryption key, is becoming more popular.
No matter how good your security, users remain the weakest link in a system, an issue best addressed by constant training and testing, to ensure good security habits become top of mind.
Expect phishing, and spear phishing to rise as cyber criminals use information gleaned from social media and company websites to create socially engineered emails (Business Email Compromise) to trick users into handing over credentials.
Once inside a system, cyber criminals can access everything a user can so it’s good to restrict access through the principle of least privilege. Compromised credentials allow cybercriminals to read emails and impersonate a user (CEO fraud) – sending emails from their account – potentially leading to erroneous payments.
Malware can be hidden almost anywhere – in adverts on legitimate websites, in messages, and in phone apps. Being vigilant, checking the URL of links and not clicking anything that looks too good to be true are simple ways of reducing risks.
Every year, security gets more challenging as cyber criminals find new ways of getting around defences. The optimal security solutions involve a blend of traditional methods, such as good maintenance, monitoring, and management, coupled with cutting edge detection.
Cyber security is one of the fastest moving areas of IT and nothing is foolproof. It’s always worth asking yourself what the worst case scenario could be and working back from that, closing loop holes and ensuring anything valuable that could be removed from your system is backed up safely elsewhere.