At any given point in time, there are numerous trending topics in cybersecurity. Change is one aspect of technology that we can always depend on, and that’s a good thing. We’re able to do more in less time than ever before. Of course, advancements in technology goes together with the cybersecurity landscape. As someone who has a key role in IT, keeping up with changes in technology and cybersecurity should be a routine task. However, there trending topics that are just beginning to emerge that you may not yet be aware of.
Here are seven cybersecurity trends you may have overlooked:
7: Insider ThreatJTVCaHVic3BvdCUyMHR5cGUlM0RjdGElMjBwb3J0YWwlM0Q2NzI5MTgzJTIwaWQlM0RjMjEyZDZhMC0xZTI5LTRiYjUtOGUzYi1iMDE2ZDBmYjE4ZWUlNUQ=
1: Bring Your own Device (BYOD)
BYOD programs that allow employees to use their personal devices to access business assets on the job have been accepted by IT programs for a while now. They can be a bit unwieldy in terms of control, but the benefits to production and costs are difficult to ignore. Unfortunately, the security concerns are increasing. The main concerns with allowing personal devices to access a corporate network is that IT personnel are usually not aware of their connection to the network, there is usually minimal security features, they are easily stolen or misplaced, it is difficult to control how employees use them (they can easily download apps).
History has proven that the concerns listed above are serious. In 2017, the cryptocurrency firm Bithumb experienced a data hack that was traced to an employee’s home PC. That data breach exposed the personal information of 30,000 of the Korean company’s customer base.
If your organization supports a BYOD program, you can mitigate your risk by first developing a policy that outlines the requirements for use in the organization. It is a good idea to add controls to your organization’s Wi-Fi. These are often easily accessible by anyone who knows the password. There should be an acknowledgement before a device can connect to the organization’s corporate network. This could consist of requiring employees to register any device they want to connect to the network and implement security safeguards such as multi-factor authentication. You might also consider implementing a Mobile Device Management System (MDM) that functions like a global positioning system (GPS). These toe a fine line to privacy infringement, but there are MDM systems available that are less invasive.
2: Internet of Things (IoT) Devices
Wikipedia defines Internet of Things (IoT) as a “network of physical objects—’things’—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet.” While IoT devices include many of the popular smart devices that individuals use on a regular basis (watches, fitness trackers, alarms, biometric scanners), there is a growing use of these by organizations. For example, the healthcare industry uses IoT-connected sensors to improve the services they provide to patients.
The main security concern for IoT devices is the amount of data that is shared among interacting devices. According to a report by KPMG, 84% of IoT adopters have experienced a security breach. The advisory and audit firm offers the following three best practices for securing IoT devices:
- Asset management – know the devices that connect to the organization’s network and the path they travel once they are outside the organization’s network.
- Device Security – In addition to granting only authorized users access to business data using IoT devices, make sure these devices are protected by antivirus and encryption software, are kept updated with the lasts security software, and are monitored for suspicious activity.
- create a vulnerability management program – “identify and fix weaknesses with a device”
3: Fifth Generation (5G) Technology
The growing use of IoT is stressing our mobile capabilities. The good news is fifth-generation wireless technology has arrived! Just as with its predecessors, this advancement in mobile communication offers faster download speeds, decreased latency, and more network capacity. The transition to 5G is just beginning and is predicted to reach full evolution by 2022.
Many of the cybersecurity risks associated with 5G networking will be addressed through the network’s builders. However, there are more responsibilities of IT departments. The increase in bandwidth that 5G provides also increases network monitoring tasks for IT departments. With data traveling much faster on the network, new strategies for monitoring the traffic will be necessary. 5G also transitions from a network that is based on hardware switching to one that relies on software digital routing. IT departments that are unable to keep up with the 5G advancements can expect an increased threat of distributed denial-of-service (DDoS), man-in-the-middle (MiTM), and botnet attacks.
4: Social Engineering
According to Verizon’s 2019 Data Breach Investigations Report, social engineering threat actions in data breaches have increased significantly more than any other type of threat in the past seven years. In the past, phishing (pretending to be someone else to persuade an individual to disclose their personal information) has been the most used form of social engineering.
The social engineering threats that are trending now include the following:
- Smishing – Phishing via phone calls or text messages
- SIM Swap – Fraudulently switching another individual’s mobile account information to gain access to bank and credit card accounts
- Harpooning – Phishing by impersonating executives and using information from social sites
- Pharming – Fraudulently installing malicious code on a PC or server. The code redirects any click to another fraudulent website without the user’s consent.
- Deepfakes – Editing (using advanced AI technology) a legitimate video or voice clip for the purpose of acquiring personal information.
- Vishing – impersonation via phone calls or voice message
Hopefully, your organization has already implemented email safeguards to detect and block suspected phishing communications.
Social engineering involves human interaction. The best safeguards are educating employees about the different types of social engineering tactics and how they should be cautious before responding to any type of communication, even if it appears to be from someone reputable. If possible, employees should use an alternate method to verify suspicious communications.
5: Bitcoin Ransomware
Using malevolent software for the purpose of blocking access to another’s system and requiring payment to unblock it is referred to as ransomware malware, or ransomware for short. This type of attack is often carried out by someone clicking a bad link that installs the ransomware on the system. The sophistication of the ransomware can vary. The most advanced types use encryption to prevent access to systems or files and require a decryption key. The latest form of requested payment for ransomware attacks is bitcoin because it is a digital currency that is quickly exchanged.
Ransomware is a serious problem. This was highlighted with the 2017 WannaCry ransomware attack that involved computer systems all over the world that had not applied a Microsoft software patch. Unfortunately, the trend is continuing. The most significant ransomware attacks as of June 2020 cost the victims more than $100 million to recover from the incidents.
Network and security monitoring software maker NetFort recommends the following five tasks to protect and recover from ransomware attacks:
- Back up your data regularly
- Make sure all systems that connect to the network have the most recent security updates
- Implement anti-intrusion detection systems
- Monitor network traffic for unusual activity
- If a system is infected with ransomware, disconnect it from the network immediately and rebuild it
6: Smart Contracts
Blockchain, the technology that powers bitcoin, is being used in a variety of methods of exchange. Smart contracts are one of those. A smart contract is a daisy chain of encoded actions that are saved within a blockchain and digitally self-executing without the assistance of a third party such as a bank or attorney. Smart contracts are gaining popularity because of their transparency, speed, permanency, and non-editable characteristic. Although smart contracts are inherently secure (the data they contain are encoded), they are comprised of program code that is susceptible to vulnerabilities. The main security concerns with smart contracts are access control and undiscovered bugs in their programming code. One of the most newsworthy incidents occurred in 2017 when the code of a multi-signature wallet was exploited by a user by accident. The incident caused users of the wallet to lose more than $280 million because they were unable to withdraw funds from the digital wallet.
The best way to mitigate your risk with smart contracts is to:
- Make sure the smart contract is 100% encoded (every record from start to finish). Access via private key should only be distributed to specific users.
- Don’t lose your private key! Even better, your organization should consider engaging in smart contracts that use multi-access so that there is more than one point of failure.
- Ensure the underlying code is bug free. This means to test, test, and test some more to make sure there are no vulnerabilities that malicious actors could take advantage of.
7: Insider Threat
An unfortunate trend that is increasing is that people who have or previously had legitimate access to an organization’s data may intentionally or unintentionally cause destructive actions. Insider threat occurs through multiple methods. An example of the significant damage an insider can cause is the ex-Cisco employee who caused $1.4 million in damages. The criminal left the company in 2018 and shortly thereafter installed malicious code from his old Google Cloud Platform account and subsequently deleted the nearly 500 virtual machines hosted by Cisco WebEx applications. Within two weeks, 16,000 WebEx accounts were deleted. In this case, the ex-employee somehow managed to maintain his access to Cisco’s cloud infrastructure after he left. It is not known how.
The Insider Threat Mitigation Guide published by the Cybersecurity and Infrastructure Security Agency provides the following tips for establishing an effective inside threat mitigation program:
- Identify and focus on those critical assets, data, and services that the organization defines as valuable
- Monitor behavior to detect and identify trusted insiders who breach the organization’s trust
- Assess threats to determine the individual level of risk of identified persons of concern
- Manage the entire range of insider threats, including implementing strategies focused on the person of concern, potential victims, and/or parts of the organization vulnerable to or target by an insider threat
- Engage individual insiders who are potentially on the path to a hostile, negligent, or damaging act to deter, detect, and mitigate
Is your IT department equipped to address the emerging cybersecurity threats? If you’re unsure, now is the time to determine your level of vulnerability and implement the necessary safeguards to ensure your organization’s assets are fully protected.
If you require assistance with assessing your needs and implementing the “right” IT security solutions for your organization, BACS can help. We are an experienced team of IT service professionals that work closely with clients to assess, develop, and implement security solutions that offer an ideal level of protection.