Slideshow 10 top trends impacting data security

Published
  • April 17 2018, 5:53am EDT
11 Images Total

10 top data security threats & how to beat them

Today, nearly every device can be hacked, and routinely are. The number of attacks is also rising dramatically, and cyberthreats are becoming increasingly professional and tailored. The question is no longer if an organization will be attacked, but when, and how quickly and completely can an organization recover. With more than 350,000 threats detected per day, Information Management spoke with Andrey Pozhogin, a cybersecurity expert at Kaspersky Lab North America, about 10 top IT security trends organizations should watch for now.

Uptick in Targeted Attacks

“Targeted attacks are not going away, causing significant reputational and financial damage to companies who fall victim to such attacks,” Pozhogin says. “Specifically, wiper attacks are on the rise under the guide of ransomware, a favored new method used by cybercriminals. Wiper malware is capable of destroying data on victims’ computers and can also sweep away traces of a threat actor’s presence on the network, further complicating expert analysis of the attack. The best ways to protect against targeted attacks is to be proactive about looking for gaps in your defense system rather than waiting for threat actors to expose them.”

Content Continues Below


More Clouds, More Problems

“When enterprises talk about clouds, they usually mean hybrid cloud environments – a mix of private, public and on-premises infrastructure,” Pozhogin explains. “Therefore, there’s a sky full of different clouds with data and workloads traveling among them. The adoption of cloud services makes it hard for organizations to achieve a well-defined security strategy given the uncertainty around who is responsible for the security of corporate sensitive data in the cloud. Seven out of 10 (70 percent) businesses using SaaS and cloud service providers have no clear plan in place to deal with security incidents which could affect their partners.”

Major Ransomware Outbreaks

“In 2017, the ransomware threat suddenly and spectacularly evolved,” Pozhogin explains. “Three unprecedented outbreaks transformed the landscape for ransomware, with attacks targeting businesses via worms and leaked exploits. The cost to victims of these three attacks ran into hundreds of millions of dollars. Ransomware is not going away anytime soon; in fact, we can continue to expect similar infection methods this year, meaning businesses of all industries and sizes should prioritize proper IT security to help prevent against ransomware outbreaks.

Higher Costs of DDoS Attacks

“It’s no secret DDoS attacks are popular amongst cybercriminals – DDoS attacks are cheap (from $50 per day) and can be organized easily,” Pozhogin says. “Most attacks are performed with botnets which consist of computers, public servers or IoT devices, and there are three key types of attacks: to the link, to the infrastructure and to the application. The cost of a DDoS attack continues to rise globally – and will be a trend to watch for throughout the year.”

Content Continues Below


Financial Cyberthreats on the Rise

“A wider attack surface in finance means an increased trend of cybercriminals leveraging these point of entry methods,” Pozhogin explains. “For instance, ATMs are increasingly under attack, with hackers getting remote admin access to extract cash and even going as far to turn stolen credit card data into functional plastic cards – allowing cybercriminals to make fraudulent transactions in any store, online or offline. Enterprises with a Point of Sale terminal are also becoming an increasingly popular target, along with cryptocurrencies and blockchain-based financial systems. Successful security strategies for financial organizations lie in a balanced approach to allocating resources and considering multidimensional risks.”

Internet of Threats

“The average home now has around three connected computers and four smart mobile devices,” Pozhogin says. “The number of IoT devices is growing rapidly – according to Gartner data, by the year 2020, there will be over 50 billion devices activated. As perimeters begin to include more connected smart devices, new threats will emerge, targeting unique technologies like connected car apps, medical devices/implants, ride-sharing apps and more. In addition, more traditional devices – such as home routers and webcams – will continue being top targets for botnet infections.”

Go Time for GDPR

“On May 25, 2018, the General Data Protection Regulation (GDPR) becomes enforceable, meaning companies that collect data on citizens in European Union countries will need to comply with these new rules around protecting customer data,” Pozhogin explains. “Compliance will become even more of a priority this year, given GDPR enforcement and other changes, creating new expectations for security teams not just in Europe, but worldwide.”

Content Continues Below


The Human Factor

“Uninformed or careless employees are one of the most likely causes of a cybersecurity issue (only second to malware), causing nearly half of IT security incidents each year,” Pozhogin warns. “In 2017, for example, Business Email Compromise (BEC) attacks based on fooling people into thinking a payment demand has come from the CEO or a key supplier were on the rise. In addition, last year, one spear-phishing attack hit 500 industrial companies in 50 countries – all via inside staff. Consider this a reminder to regularly train and test employees on cybersecurity best practices several times per year.”

Artificial Intelligence and Machine Learning Improving Security

“With the proliferation of artificial intelligence (AI) and machine learning, expect the two technologies to be implemented in IT security strategies for businesses of any size,” Pozhogin explains. “Through AI and machine learning, organizations are not only able to prevent security incidents, but also predict, detect and respond to them – flexibly and reliably. As these technologies play a larger role in consumers’ everyday lives, they will be rolled into IT security strategies for businesses, as well.”

Increased Skills Shortage Awareness

“It’s no secret that in the IT security industry, there is a talent shortage, especially when it comes to recruiting women to the field,” Pozhogin explains . “In fact, in the IT security sector, only 11 percent of women make up the workforce. Additionally, before the age of 16, most young women have already decided against a career in cybersecurity – one of the most in-demand sectors. After years of facing the problem, industry influencers are starting to raise awareness around this skills shortage.”