Cybersecurity Trends And Their Implications For The Future
We have all heard about the recent cyberattacks on Equifax, Bitcoin, Chipotle and many more. And, yet, it is predicted that cyberattacks will continue to rise, despite the fact that this year, we have already spent $93 BILLION globally on cyber and information security.
It makes us wonder if anything is safe anymore, especially if we are using the internet more and more to store our personal information.
Let’s look at where security breaches and hacks are actually occurring so that we know what to worry about and what not to worry about.
The Biggest Cybersecurity Trends For Today
Cybersecurity trends are always changing at a very fast rate, and unfortunately, this has only opened the door to new opportunities for criminals and cyber hackers.
What does the future hold for us? The best way to figure this out is to take a look at some of the biggest cybersecurity trends today in order to try and understand their implications for the future.
Ransomware Is A Growing Threat To Cloud Based Data
Even though storing data on the cloud may come with a number of important benefits, it’s also a prime target for cybercriminals. One such method cybercriminals will use to hack into cloud-based data is ransomware, in which they target a certain amount of data and then hold it for ransom. In 2017, this is exactly what happened to higher profile victims such as Meltdown and Petya.
As ransomware continues to become a larger threat, bigger companies in the cloud market such as AWS and Google are taking steps to make it as difficult as possible for cybercriminals to be successful, but smaller victims end up having to pay their customers for any data breaches.
Performing regular backups and updating security patches are the best ways to protect cloud based data against ransomware attacks. If only organizations and companies would take these sorts of steps regularly, it would go a long way to reducing the frequency of ransomware.
Internet of Things (IoT) Continues To Have Low Security
Applications and social media allow you to login by one login (such as FB or Gmail). Therefore all your information, banking, credit cards and personal information can be stolen with just that one login.
As we roll out with more internet-connected devices, IoT remains a significant vulnerability when it comes to cybersecurity. Too often, our devices that are connected to the internet lack simple security features, or otherwise are not configured properly.
This is what enables bot nets to conduct volumetric attacks to launch brute force attacks, or to exfiltrate unauthorized data.
It is predicted that soon cyberattacks on IoT will begin to be sold to the highest bidder. The hackers will no longer be doing hacks on mobile devices just to prove that they can; they will soon began to sell the information they are stealing.
Financial Sectors and Websites Are A Huge Weak Point
Obviously, hackers want to gain access and control the financial sectors. During 2017, attacks on financial institutions took $1.17 billion in net worth. It is predicted that this trend will continue to go up, despite the increased securities put in place to prevent hacking of banks, investors and other financial institutions.
Cryptocurrency Is Always Fair Game
Although the Bitcoin hackers of 2017 raised awareness of how quickly a hacker can take over cryptocurrency, security around cryptocurrency still remains very relaxed.
Currently, the trend is for hackers to attack for “altcoins,” (types of cryptocurrencies other than Bitcoin) or to attack utility services for the sake of getting extra CPU power so they can exponentially continue to grow their cryptowealth.
The reason hackers will commonly target altcoins is because many such coins will have significantly easier cryptographic algorithms. There’s simply a higher chance of hackers succeeding with cryptocurrencies in contrast to government-issued currencies.
Artificial Intelligence Is Now Playing A Major Role For Both Sides
Cybersecurity is just one of many applications impacted by artificial intelligence.
A.I. can learn from past events to predict vulnerabilities and anomalies inside of a software system. It’s for this reason that 9 out of every 10 cybersecurity professionals utilize A.I.
But just as A.I. can be used for cybersecurity to identify and protect vulnerabilities, it can be used by cybercriminals to exploit those vulnerabilities as well. We can expect A.I. to continue to be extensively utilized by both cybercriminals and cybersecurity professionals heading into the future as well.
Zero Trust Security Is Moving Into The Mainstream
Zero trust security is the concept that companies and organizations should verify absolutely everything trying to connect to the system before being granted access.
In other words, it truly does mean trust absolutely no one, and the more sophisticated cybercriminals are becoming, the more organizations are being forced to turn to the zero trust security model by only granting users access to systems once absolute trust has been established.
This means that companies will be applying far more rigorous authentication measures and further requiring users to verify themselves through several layers of credentials. It’s also likely that companies will be turning to managed security providers as well to effectively augment their online security.
What Are Some Cyber Security Tips You Can Follow?
What can you do to prevent yourself or your company from falling victim to a cybersecurity breach and all the headaches, struggles and problems that will be associated with it?
- Get faster internet speed. Hackers are able to hack because they were faster. They got into your computer or the password screen between the last letter of your password and when you hit enter. This is where they are getting information from. Along these lines, artificial intelligence or machine learning should also be able to out pace the hackers and prevent cyberattacks in the future. In the meantime, getting faster internet will help prevent the attackers from getting in.
- Create levels and zones of security within a site or app. Just like normal ‘security,’ you need to be aware of where attacks can come from and how one thing can lead to something else being breached. You need to make sure that you are zoning areas off and creating firewalls that do not allow all information to be breached at the same time.
- Comply with GDPR requirements. GDPR has set up guidelines and requirements of disclosure for any and all stored information. This stored information is called cookies and allows for faster loading speeds, since the website or app does not require you to input information each time you access it. However, more than a disclosure for stored info, you need to make sure that you ARE properly storing and saving confidential and sensitive information. If it is found that your site or app does not protect your users, there will be heavy fines leveled against you.
For reference, the GDPR stands for General Data Protection Regulation. It was implemented by the members of the European Union (EU) on May 25th of 2018, and is designed to give citizens of the EU greater control over their personal data. The GDPR redefines what personal data is, and what it isn’t, and sets strict rules in place for how businesses are able to gather data from customers (for example, the regulation requires all businesses to obtain explicit consent from EU customers before gathering any data from them). - Use artificial intelligence. Being able to work a computer against a human to prevent cyberattacks is one of the best uses of artificial intelligence. A computer can create, change and adapt faster than the incoming danger of a hacker. As such, it is a good idea to create more secure internet and passwords; just let the computer do it for you.
- Be up front about security breaches. Data breaches can happen fairly often. The biggest concern is whether confidential information was breached and used. If this happens, the people whose information was taken need to immediately be made aware of the situation and what steps the company is doing to fix the problem and get the information off the web again.
- Grow your skills and awareness in cybersecurity. There is currently a shortage of skilled people who can take on these attacks. Even if you do not chose to make a career out of preventing cyberattacks, it is always a good idea to learn more how serious a cyberattack can be. Finding books at the library, taking courses or talking to people who design and build apps and websites can help you know what to be on the look out for.
- Watch Out For Security Leaks On IoT. Make sure your apps and patches are up to date and are not allowing securities breaches. Try not to store card or personal information within your apps or websites. Do not share your mobile devices with others, unless it is someone who already has your banking information (like a spouse). Change your passwords frequently, and do NOT use the same password over multiple logins.
As you can see, there is a lot to consider to make sure that you, your company and your clients are well protected. It is best to always be cautious, remembering that sometimes cyberattacks can be prevented by paying attention to changes or problems early on.
This was interesting (and a bit scary). I have a recurring nightmare where someone hacks into Evernote and deletes everything on their servers. At last check I have close to 1,000 notes stored there and it would be very disruptive to my world. Same for Google Drive. I make quarterly backups of both, but at the rate that i add to them that would still be a big loss of data.Report
I am older and more paranoid than you, and worry less that a company storing my structured data will be hacked than that they will go bankrupt and shut down abruptly, screw up backwards compatibility, be acquired and jack up the rates with no export capability, etc.
Not all that long ago a friend of mine had need to go back to a 20-some year old MS Word document. Nothing would read the format it was in, including MS’s own tools. All that effort to move the file from medium to medium over the years, wasted. Shortly thereafter I needed to revisit a 30-some year old document done with Unix troff. Flat ASCII file so the text was available even if the software hadn’t been; as it turned out, GNU groff would correctly format the contents.Report
Evernote backups are in ENEX format, which I believe is unique to them. Not sure if it can be read by other software or not.Report
Good news, bad news.
Good news, ENEX is a mostly text format. Evernote appears to have made some light documentation available. So, if Evernote were to disapper with your data tomorrow; enterprising folks would likely be able to quickly write translators into other formats. They may already have. I did not look.
Bad news, ENEX is a mostly text format. This also means most if not all the data is available to things that can read text, even if they do not know ENEX specifically. Be careful what you do with those files. Treat them essentially the same you would a sheet of paper with those things written on them. As a general rule, I would recommend considering encrypting them.Report
The IoT terrifies me. We have a new TV, and I haven’t decided if I’m going to let it connect to our household network or not. I may finally get around to setting up a separate subnet for it and future gadgets that doesn’t let them (easily) talk to the computer gear with important data.Report
Security is a
pondcesspool I too find myself swimming in.Security = Safety in the compute/networking realm. However, we do not treat it as such. In every other engineering/technical discipline safety is the first thing taught and is integrated into every facet of it. Safety in CS is bolted on to a project, at best, and left for the next version at worst. We really do not even have good tools to create computing things safely. Think of a modern circular saw: deadman switch, blade guard, warnings about eye protection and blade sharpness, all sorts of indicators on correct usage. You have to try to injure yourself with that thing, outside of dropping it on your foot. There is nothing like that in computing, esp software.
I had an opportunity to chat with the head of one of the most prestigious CS programs and asked how close they were to fully integrating computing safely into their program. His response was extraordinarily disappointing. Security is an optional elective for freshmen and the subject of some really interesting post-doc projects they have. They don’t really touch it in between. They have it as an elective for freshmen because “every one wants their topic in the 101 classes, and it’s not very exciting like parallel computing or AI.” Until we have at least a generation of engineers that safety is ingrained from the very start and have the safety mindset in everything they touch, we won’t even come close to building the tools we need let alone make them automatic.
Ask anyone in the field about what they work on. Is it safe/secure? Would you bet your fingers that it is? I have no qualms about betting my fingers on a circular saw or my life getting in an elevator or airplane. The safety of that stuff is built in from the start and always present in design, maintenance, and destruction. That is not true about virtually every bit of computing gear. (The closest there is to meeting this standard is probably slot machines, but I bet even those engineers would not put their fingers on the line.)
The sad truth is that it is worse than you think even after you take in to account that you know it is worse than you think. It is not hyperbole to say that people are gonna have to die before we really start addressing these issues. The only question is how many. What is the triangle shirtwaist fire of IoT?Report