How the IT Threat Landscape Will Change in 2018 – Part 2 of 2

Posted by & filed under List Posts.

<<< Go to Part 1


#6 – Competition with government for identity verification


One thing that should be learned from the compromise of Equifax, according to the Forrester report, is that individual organizations should not be put in the position of providing reliable verifications of identities and protecting the information of consumers – particularly when people are using digital environments for more of their day-to-day needs.


Big banks will get into the identity verification market in 2018, suggests Forrester. Users will also start having the option to use login details from financial institutions to access government systems. Utilizing integrated data from online payments, blockchain will become more prominent as a technology that can aid with verification.


The researchers suggest that reviewing possible services you could use for identity verification is urgent in 2018. The key characteristics that you want in the institution you choose are credibility; data protection protocols and compliance; coverage; and support.


#7 – Victimization of POS systems by ransomware


End-to-end encryption has been more broadly deployed within transaction platforms; thus, point of sale (POS) systems are not as reliable a source to target for credit card information. With that option blocked, attackers are switching to ransomware so that they get money through extortion rather than selling the data. Someone who gets targeted with ransomware might pay the ransom simply because they cannot get into their system.


Forrester urges businesses not to pay any ransom to cybercriminals if you find yourself in this situation. To protect yourself, prioritize your disaster recovery plans. Daily backup should be one key element of your preparation.


#8 – Discrepancy between board understanding & actual situation


The board of the company may not completely have a sense of the technologies that are needed, even if its members acknowledge that digital security is one of the highest priorities.


Durbin notes that a board often feels the CISO is managing everything appropriately. Board members often are not able to communicate exactly what they want because of lack of familiarity with the approaches and options. From the other side, the CISO may not be able to convey exactly what they want or need to the board.


Company boards often think that the information security team and CISO have been able to make strides after confirming boosts to security budgets in recent years. However, it needs to be understood that a 100% rock-solid security approach is impossible. Beyond being clear on the idea that a defensive stance will always have weak points that could be improved, there is also a tendency to set unreasonable timeframes (regardless what the knowledge level that you currently have in-house).

According to Durbin, when the board does not have a good handle on security in these ways, a breach that occurs could have negative impact on the business – but also on the members of the board.


Since the threat landscape is becoming increasingly complex, an information security chief needs to go beyond maintaining a firewall to predicting and being prepared. Data security leaders should be aware of the influence of internal and external issues on the organization and be able to communicate the situation to the board. In that sense, the ISF sees it as critical that the CISO be both a salesperson and a consultant, able to give solid information and to be convincing; just don’t hard-sell so much that you become Alex Baldwin in Glengarry Glen Ross.


#9 – Transition of focus & venture capital from AI to blockchain


Transactional integrity, policy tamper detection, and guarantees of distributed integrity are avenues in which dedicated architectures and cloud technology are being leveraged to better encrypt and secure data using blockchain.


There will be various ways that blockchain is a valuable method for business, per Forrester. Four of the key ones that will be top use cases during 2018 are integrity and authenticity verification for documents; binary reputation checks to defend against ransomware and malware; identity verification (IDV); and certificate provision/authentication.


Back in 2016, security providers all were concerned that there offerings fully incorporated artificial intelligence (AI). In 2018, blockchain will be a similar technology, says Forrester. This year, many tech startups will offer blockchain security. These new organizations will challenge established organizations to adapt and implement blockchain so that the new wave does not have a competitive advantage.


Forrester advises talking with your security providers about their implementation of blockchain.


#10 – Increasing sophistication of security within business


One way that companies are changing to better protect users is that passwords are no longer seen as the ideal way to authenticate access, notes Wayne Rash in his 2018 trends piece for PC Magazine. Use of biometrics will become more common for authentication in business settings. Iris recognition and facial recognition can be used in isolation or as components of multi-factor authentication (MFA).


MFA is a standard approach that is only becoming more widely adopted. In 2017, the basic way MFA took place was with codes transmitted to people’s phones; in 2018, biometrics will become core to these processes. Software that steals user login info will be less effective at organizations that use codes transmitted to phones, smart cards, or biometrics as a means of multi-factor authentication.


Rash points to what he sees as another, somewhat controversial way that security is improving: the declining value and popularity of cryptocurrency such as Bitcoin. Some of the blockchain formulas currently used in cryptocurrency have weaknesses, and law enforcement is finding methods that allow them to monitor the finances as they pass from account to account. In late 2017, a story broke about the cryptocurrency Monero: hackers were using tools devised by and leaked from the National Security Agency to make their efforts more efficient and rewarding. After entering and assuming control of Linux and Windows servers, these attackers were using the NSA programs to distribute their currency mining across the target networks.


Criminals require the stability of cryptocurrency in order for it to ultimately serve their purposes, getting the money into their accounts through ransomware and other tactics –so incidents such as that with Monero are effective in reducing the allure of fraud that uses cryptocurrency as a component.


While there are elements of the security landscape that are brighter than they have been, there continue to be a large volume of diverse and increasingly sophisticated threats. The number of hacks that take place in 2018 will be greater than in 2017, forecasts Rash. Criminals will continue to come up with workarounds that get past protections. Security will become more challenging all the time.


Given the rise in security incidents and its paramount role in supporting the safe growth of your business, it is critical to have a clear and consistent path forward.


In that sense, says Rash, it is key in 2018 to “focus your resources on prevention and on supporting the security efforts of [your company’s security chiefs].”


A secure, high-performance infrastructure


Do you want to protect your internal systems and customers from data breaches? It all starts with an infrastructure that is third-party-verified to meet top-tier security standards. At Total Server Solutions, our SSAE 16 Type II audit is your assurance that we follow best practices for keeping your data safe and available. See our SSAE 18 / SSAE 16 security commitment.