Cyber Security is very important as it protects all the internet-connected systems including software, data, and hardware from cyber attacks.
What is a cyber attack?
Simply put, it is an attempt to obtain unauthorised or illegal access to a computer or computer system, networks, internet-enabled applications or devices, to cause harm, destroy, or damage a computer system or network.
According to CNN, three of the biggest data breaches of all time were with Equifax, Yahoo, and Target. Last September, the credit-reporting company (1) Equifax experienced a data breach where information such as social security numbers and addresses of approximately 145.5 million people were exposed, along with an additional 209,000 U.S. customers’ credit card numbers. Another scenario (2) Yahoo, had passwords and personal information of 1 billion accounts exposed in a 2013 cyber attack, and 500 million accounts were compromised in 2014. Lastly (3), in 2013, the second-largest department store retailer in America, Target, disclosed that 40 million of their customers’ data had been exposed by hackers.
So, will this year be better or worse? Here are the new trends for 2018:
1. Failing to Comply with General Data Protection Regulation (GDPR)
Many companies have failed to comply with the GDPR which came into effect on the 25th of May this year. GDPR obliges companies to secure clearer permissions and agreements for using other people’s data, and introduces resilient charges for failing to protect people’s information.
Charges for non-compliance reach up to US$23.3M, or 4% of annual worldwide turnover -- whichever is greater. It has been months since the GDPR has been enforced yet, one third of organisations have not taken any action in light of the EU’s revised data regulations. According to Forrester, “80% of companies will fail to comply with GDPR”. And here’s the catch, 50% of these choose not to comply, as costs of compliance is more important than the risks.
2. The Increase of Attacks Sponsored by States
The rise of state-sponsored espionage is threatening, as the number of incidents are steadily increasing. These attackers are usually attempting to gain data about their targets, or trying to gain access to targets through trusted relationships with third-party companies. These kind of attacks will make a lot of noise and that makes it noticeable, because it causes sufficient disturbance to trigger detection or to permit suspicion.
3. Attacks Powered by Artificial Intelligence (AI)
Yes, AI can be used in cyberattacks too. CSO magazine called 2018 as the year of the AI-powered Cyberattack. Future AI’s do not wait for orders. They are uncontrollable, they make their own decisions, and can learn while they are enclaved in the opponents. To get inside the opponent’s territory, cyber-attackers not only infiltrate the IT infrastructure using AI technology, but also remain on that network for years without getting caught.
AIs can also imitate people, act as your Executive Assistant, and send emails and appointments on your behalf. The scariest part is they know the schedule of the security team in the office, the analytics models, and the firewalls to detect and protect the attacks. Stay tuned, as we will be talking more about AIs.
4. Internet of Things (IoT) Ransomware
IoT works when smart devices with sensors and processors are connected to the web, to communicate with other related devices to get information from one another. IoT helps us save time and money as it generates huge revenue, improves customer experience, and makes better decisions for the business. However, according to Tech Republic, last year showed a massive spike in ransomware attacks. The shift to targeting IoT devices this year is due to the large amount of exploitable data available coupled with weak security systems or none at all.
5. Multi-Factor Authentication (MFA) Important Standards
MFA is a security method that establishes the correctness of the user’s claimed identity, and confirms that it is in fact the user’s account. A computer user must successfully present two or more verifications to gain access.
Data breaches are caused by passwords that were either unchanged for months, weak in nature, and/or stolen. It may seem tedious to enable MFA, but it is worth taken seriously as protecting your accounts should always be a top priority. Sparing a minute or two in setting up MFA for your accounts could possibly save your identity and hard earned assets.
In relation to these trends comes the threats. Here’s the Cyber Security Threats to look out for in 2018, and steps you can take to stay safe:
1. Cryptocurrency Mining
Cryptocurrency is a currency in a digital form with cryptographic underpinning and is used as a secure medium of exchange. In cryptocurrency networks, mining is a validation of transactions. In other words, it is the act of attempting to compute a hash value by producing a set value and when hashed along with the block ledger, it produces a specific result.
If you own cryptocurrency, one way to stay safe is to store your private keys in a physical device or hardware wallet, like a flash drive, where it would be in local currency, and disconnected from the internet.
We have written some great articles about cryptocurrencies - go check those out too, and stay informed!
Phishing attacks are one of the most serious and harmful problems that people are prone to become victims of, on the Internet. The financial loss from such attacks, globally, is estimated to be around $9 billion in the year 2018 alone.
In order to prevent such attacks from happening to you, it is vital to keep your computer and web browser up-to-date, examined, and remember never to click on a link sent in your email when the link directs you to sensitive website. Another tip is to think before you act, and report to your IT department if you are not sure of its authenticity.
Check out our Phishing Scams blog post written by another one of our fellow tigresses, Jiyeon.
3. General Data Protection Regulation
The GDPR was implemented for safeguarding information and records. Relating to the first trend aforementioned, if companies do not comply to the GDPR, they would be vulnerable to attacks. This compliance puts your employees and clients first in terms of safety and protection.
To check if your company is complying to the EU’s GDPR laws, use this free compliance check from Sophos.
Malicious software, also known as ransomware, is the use of encryption to extort money from victims, with promises of restoring their encrypted data. It finds its way to devices by exploiting a security gap in vulnerable software or by tricking users to install something they should not be installing.
If you are asked to pay for ransom, do not pay. This is the most important piece of advice as there is no guarantee that you will retrieve your access. Also, do not provide personal data and always use an antivirus and firewall. Additionally, ensure that all your systems are up-to-date and use a Virtual Private Network (VPN) when accessing public Wi-Fi.
5. Online Data Storage
Otherwise known as cloud storage, it is used to store data on remote servers that can be accessed on the internet. Files stored in the cloud makes our lives easier as we do not need to bring flash drives or external hard drives with us, everywhere we go. We should still be cautious, nonetheless.
To prevent cloud security threats, you need to secure a data backup plan and limit the users who can access the data. Your company should also be educated and informed about the possible threats around the corner. For sensitive data, always ensure that the data is encrypted and change passwords as frequently as possible.
Still think you want to know more? Check out these highly anticipated InfoSec Events and Conferences coming up in the next few months:
1. Hacker Halted - Atlanta, GA (Sept. 13-14, 2018)
As the issuer of Certified Ethical Hacker certification, this year’s conference is themed as “The Ethical Hacker’s Guide to the Galaxy” and is focused on topics about ethical hacking with four days of technical training courses (Oct. 5-8, 2018).
The cost of the conference is US$199, but if you want to attend the courses (as seen below), it costs US$2,499 each, inclusive of the conference ticket:
- Certified Ethical Hacker (CEH)
- Computer Hacking Forensic Investigator
- Certified Security Analyst (ECSA)
- Certified Chief Information Security Officer (CCISO)
- Certified Network Defender (CND)
2. BSides Perth 2018 - Perth, Australia (Sept. 15-16, 2018)
Security BSides is a hacker convention. The name and event derived from a large group of presenters who were unfortunately turned away during Black Hat 2009. This created an opportunity known as BSides.
This year’s event should not be missed because it is bigger and better with both technical and non-technical talks, career workshops, and debates on everything from software development to law.
3. RootCon 2018 - Tagaytay, Philippines (Sept. 27-28, 2018)
Onto its 10th year now, RootCon is the largest Information Security Conference in the Philippines and is closely modeled after DEFCON. It is organised by reputable leaders in information security and hacking communities in the Philippines.
Below are some of the activities from the past conferences:
- Technical workshops and training
- Capture The Flag (CTF) competitions
- Hacker Jeopardy
- Two days of guest speakers focusing mostly on topics about cyber security
- Parties for networking
- Booths for promotion
The Horangi Tigers will be attending this event too, so we hope to see you there!
4. SecTor Canada - Toronto, Canada (Oct. 1-3, 2018)
Canada’s premier IT Security conference is around the corner. Celebrating their 12th year, SecTor is bringing experts from all around the world to share their latest research findings and techniques. Their tickets are nearly sold out with only Last Call tier available. To find out more information, head over here.
5. Horangi Customer Appreciation Event - Singapore, Singapore (Jan. or Feb. 2019)
Horangi Cyber Security has been in the cybersecurity industry for almost three years now, thanks to our amazing clients who have stood with us and value the work that we do. To express our gratitude, we will be hosting an inaugural customer appreciation event at our official Horangi Headquarters, #TigerDenSG. More details to be revealed soon!