IT and Data Security: What does the Future Hold?

posted in: Security | 0
News stories about the many security incidents that are occurring have made us all aware of the threats we face. But which threats await us in the future? If we do not learn lessons from these incidents, history will continue to repeat itself. Our ever more digitalized world is, and will remain, vulnerable. In addition, regulations are tightening, which means responsibility for customer data is increasing. Even now, existing threats are difficult to keep track of, and cybercriminals are constantly developing their skills and technology. What can you expect in the near future?

Earlier this year, Global Knowledge published a white paper with predications regarding security. In the following, three predictions are discussed:

1. Data breaches will occur in wearables.

Wearables are becoming increasingly popular. Smartwatches, FitBits, sensors in shoes, Google glasses; these are all types of wearables. “Smart” versions of necklaces, bracelets, belts and even helmets are already available. All of these devices collect data on such aspects as GPS location, stress level, heartbeat, movement, speed, altitude, and more. Normally wearables are configured to automatically store the data they collect in an online user account, so that analyses of the data over time can be presented. Think of the progress made by a runner. Many of these services also compare your data with that of other users. For example, you can see how your accomplishments compare to those of your friends, all users, and sometimes based on group attributes such as location or age.

Wearables and the cloud services they are linked to could pose a risk factor. The businesses that provide this equipment are primarily concerned with their own market share. In other words, security and data protection are often not their primary concern. It is not unlikely that significant data breaches related to wearables will occur in the near future. These could result in identity fraud, spear phishing (a form of phishing that uses personal data to generate a sense of trust), or as the starting point for a whole range of social engineering attacks.

2. Businesses continue to underperform.

Many of these future scenarios result from the fact that businesses are not focused on security. It seems that, even after all the data breaches and threats that occurred in the past two decades because of lack of security, businesses simply carry on as if nothing is the matter. As long as the business itself has not been hit, people behave as if it is of no concern to them. We are not good at learning from the mistakes others make. In the near future, many businesses will face security incidents that could have been avoided if they had looked at security with a common sense approach. The following aspects, all easily resolved, are just some of the ones that are not well organized at many businesses:

  • Protect websites against injection attacks such as Structured Query Language (SQL) injection
  • Adjust default configuration, settings and login data
  • Update software to the latest version or run patches. Certainly it is advisable to test a new version in advance, but continuing to use an older version is usually less secure
  • Log all activities and events, such as system events, software activity and user activity
  • Encrypt both stored data and communication
  • Separate different kinds of data in individual storage containers. For example, it is not recommended to store login data together with billing data or profile settings
  • Separate OS files from data storage

These and other security measures are fairly standard, but not actually applied everywhere, even though much can be gained from doing so.

3. Increase of social engineering attacks on employees to compromise businesses

Even if a business has its security set at a technologically high level, this does not mean all vulnerabilities have been avoided. The most complicated aspect, and in many cases also the weakest link in the security chain, is the human component. People are intrinsically vulnerable to social engineering. By creating a common interest, bribing, blackmailing, threatening, and peer pressure, hackers will discover the employee who can be compromised.

After this initial success, hackers will either try to further penetrate the business through other employees, or they can enter a vulnerable system through the compromised individual. This technique is already in use, but we think it will gain in popularity as systems become more secure. The focus on technical implementation of security solutions will probably be blamed for the increase in incidents.

Leave a Reply