In this era, the digital era or the digital age, information is considered to be an economic resource, a key factor in the concept of evolution, it is an essential tool for the success or the failure at the individual, organization, societal, national and international level. Therefore, data or information security has become a very important issue and a growing concept that literally affects all sectors without the slightest exception.
In simpler words, the importance of data security nowadays is as crucial as the amount, content and sometimes confidentiality of the information put out there.
Cyber security has simultaneously evolved with the way businesses and structures work.
Nowadays, pretty much everything is displayed on the internet: from social media to online banking to digital hospital records, every piece of our lives is available on the internet. Hackers and other nefarious characters can fight to gain access to this information and use it for their own purposes. In essence, everyone needs cyber security. Because just about everyone has personal information available via the internet.
The frequency and severity of cyber-attacks and data breaches has risen significantly in the last few years. The attacks are indeed increasing in volume and variety. This exponential growth of the cyber threat is confirmed by figures from multiple institutions studying the current situation of cyber-attacks.
In UK for example, a research on cyber security shows that the average cost incurred by cyber-attacks in 2018 is close to $1,000,000.00, thus security professionals confirmed being more and more approached for consultancy regarding networking hardware and software by mainly Government entities, healthcare institutions, financial services and manufacturers building either their brand reputation or putting together their intellectual property.
The scale and sophistication of cyber-attacks/breaches is intensifying. Firms cannot afford to sit back and take the importance of cyber security lightly. As firms now remain reliant on an online ecosystem to conduct business, they must realize their websites, portals, apps and digital communications could be easily be targeted and exposed to cyber-attacks and breaches if they are not up-to-date with the cyber security practices and procedures. So key decision makers need to put an urgent spotlight on cyber security by placing it high on their agenda. This includes investing a sufficient amount of money to ensure their IT estate has the capabilities to consistently get basic defenses right and establishing adequate governance on cyber security for employees to thoroughly follow.
Cybercriminals are using more advanced techniques and tools to breach user privacy, and they are getting results. Here are the most pressing cybersecurity issues in 2019, as well as rising trends into 2020.
- Advanced phishing kits:
Four new malware samples are created every second. Phishing remains one of the most successful attack vectors due to its speed. 2020 will be known for advanced phishing attacks, due to the number of new phishing kits available on the dark web.
- Remote access attacks:
Remote attacks are growing in number, as well as becoming more sophisticated. One of the main types of remote access attack in 2018 was cryptojacking, which targeted cryptocurrency owners. Another popular type of attack threatened perimeter devices. Hackers target computers, smartphones, internet protocol (IP) cameras and network attached storage (NAS) devices, since these tools usually need to have ports open and forwarded to external networks or the internet.
- Attacks via smart devices (Phones, Tablets etc.):
One of the most common attack vectors to smartphones are related to unsafe browsing (phishing, spear phishing, malware). More than 60% of fraud online is accomplished through mobile platforms, according to RSA, and 80% of mobile fraud is achieved through mobile apps instead of mobile web browsers.
- Utilizing artificial intelligence:
Most of the biggest industries already use machine learning (ML) and artificial intelligence (AI) to automate their processes and improve overall performance. Cybersecurity and cybercrime are no exception. While more cybersecurity companies are implementing AI-driven algorithms to prevent threats, hackers are also taking the opportunity to become more effective.
It is very important to be aware of the impact of cyber-attacks from the bottom till the top of the entity ladder. Educating people within the organization is crucial.
An information security committee has to be put in place. It is charged with the design, implementation, and day-to-day oversight of cybersecurity compliance efforts. Entities have to inquire about business continuity, disaster recovery, incident response, and insurance as each relates to information security. It also has to ensure critical suppliers and vendors have management processes and agreements in place to address information security, including the availability of alternate suppliers.
Information security risks has to be included in any due diligence of a proposed target corporation, key new customers, and business partners.
In practice, we can fold the procedure into 7 points:
- Set an incident management checklist: “Incident Management” refers to people, processes, and technologies triggered by a security breach to resolve the breach and mitigate risk.
- Ensure Users education and awareness by providing understandable security policies and procedures and training the users
- Managing users’ privileges: Rationing users’ accesses and rights, periodically performing audits and reviews, having the users sign confidentiality agreements or otherwise acknowledge their confidentiality obligations to the entity.
- Adopting the most appropriate removable media controls policy to the company activity.
- Equipping the company with a malware protection and ensuring it is updated. Training the users to avoid high-risk activities that may give rise to virus transmission, including licking on attachments or hyperlinks in email from unknown third parties, installing software from vendors the company has not specifically approved, or connecting non-company supplied removable media to company systems.
- Securing the network: Ensuring that the company security policies and procedures address protection of its networks from both internal and external attack, including use of firewalls and malware detection technology, installing install all updates and patches to its operating system software and all security-related software, conducting penetration testing to assess the strength of your network protection against external attacks, securing wireless networks by using industry best practices, for example, changing default router passwords, avoidance of insecure encryption protocols like Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), firewalls, and not broadcasting its Service Set Identifier (SSID).
- Adhering to a cybersecurity insurance: Cybersecurity insurance that protects it against security incidents, including hacking, viruses, data theft, and inadvertent loss of personal information.
Cybersecurity is tightly connected to the future of information technology. It is clear that the role of cyber will become even larger in our personal and business lives. Today, most of our critical systems are interconnected and driven by computers. In the future, this connection will be even tighter. More decisions will be automated. Our personal lives will be reliant on virtual assistants, and IoT connected devices will be part of almost every function of our daily lives. The complexity and connectivity of these systems directly affects their level of vulnerability.
Cyber security defense systems will need to become more sophisticated in order to cope with huge amounts of data. We will need to interconnect our defense systems to be able to act and respond to potential threats in real time. The human analyst will not be able to cope with all this information and we will rely on more artificial intelligence to help us in making decisions. We will also need to cultivate the next generation of cyber experts who know how to develop and drive those systems. New professions and domain expertise will be formed. Last but not least, we will need to shield all our systems. Countries and states will have a bigger role in protecting large scale environments like their critical infrastructure (power grids, water supply, traffic control etc.).
So overall, we will see systems that are smarter, sophisticated, able to handle large populations and large amounts of data, systems that can update themselves rapidly, that can take decisions in real time and that connect to shared-intelligence centers that will keep us guarded.
Finally, keeping “cyber secure” will become as commonplace as maintaining physical safety. If today we all know to lock our doors at night and put on our seatbelts when driving, in ten years from now the same level of awareness will be given to ensure we are also digitally secure.
You can contact us for more information