Or Login using BecomeGorgeous
Please fill the form below and follow the further instructions.
You are about to receive a email from us please make sure to check your spam or junk folder and add our email [email protected] to your contact list.
Published on: 20 Feb 2017 by francisjud
In the last year cyber crime has been firmly established
as one of the biggest threats to democracy, privacy, and health and safety.
Here, Simon Townsend chief technologist EMEA at Ivanti Software discusses this
threat and the possible ways to circumnavigate it
What cyber security trends
from 2016 did you see?
Ransomware, ransomware, ransomware! Not only
this, but 2016 was also year of insider threats. Email continued to be the main
route of entry, with phishing scams running rife in organisations.
Ransomware got its own stage in 2016: in 2015
many people were mixing the attack up with other methods of entry or it wasn’t
on the agenda for many decision makers. However, now it’s not something just
for certain high-profile organisations, it’s a problem for everybody.
What is the future of the
cyber security industry looking like?
One of the main trends that I’ve seen in 2016,
that I believe will be more prevalent in 2017, is the changing motivations of
cybercriminals. Previously, hackers have mainly acted in reaction to something.
The attack was usually in retaliation to if a public figure or company had done
something which had been perceived as morally incorrect, the attacker would
demonstrate that their community will make them pay for their actions.
Recently, cybercriminals have been
demonstrating that their activities are becoming more about financial gain and
recognition, rather than revenge. Although this was always a motivation, after
all one of the easiest ways to make money is to get hold of personal records
and sell them on the dark web, we’re now seeing a notable increase of attacks
for this purpose.
I also predict an unfortunate increase in
cyber-attacks in local government and healthcare. If we take the example that
personal records hold the most profit, which institutions hold a wealth of
these, and aren’t given a large budget for cybersecurity? Public sector
organisations. For example, we’ve seen 21 universities hit by attacks in the
last 12 months, and I see that public sector vulnerability continuing into
Finally, I believe that we are at a tipping
point with BYOD and mobile working as digitally minded businesses strive to
enable the user and deliver a great experience for employees. By blurring the
line between work and home, we’ve created a workforce that can be more mobile,
productive and comfortable by using hardware that they are familiar with as
consumers, such as having an iPhone as both a work and personal device.
However, we’ve seen an alarming rise of breaches caused by employee negligence, human error and
users being given access to files that don’t correspond to their role,
accessing huge chunks of the network they shouldn’t have sight of.
We may well be at a point where an
organisation could turn around and claim that the cyber security risk is too
great to give employees these permissions, and take a five-year step back in
user experience. Laptops will not be allowed off premises, admin rights will be
removed, consumer devices such as iPhones will be swapped for Blackberries, and
remote working will be prevented. This will be sad for the progression of
information technology as a whole.
How important will AI and
automation be in cyber security moving forward?
When it comes to AI and automation,
fundamentally we’re talking about threat prediction. At the minute, there are
plenty of players in the protection space. It’s like offering to give someone
the flu, and then offering an antidote – people would much rather avoid the flu
in the first place, which is where prevention and prediction are now coming
For example, if you were to log into Facebook
on holiday, or made a payment from an unusual IP range or location, your bank
or social account would contact you to confirm your activities. All of this is
intelligent automation based on certain rules, and is a large part of what will
make prediction and prevention the future of cyber security.
However, this could be a double-edged sword.
Using AI and automation in this sense, hacktivists could use the tools to block
people out of accounts and prevent access. Unfortunately, no level of
cybersecurity can block 100 percent of attacks.
How devastating will data
breaches be post-GDPR?
If we take Tesco, for example: The attack on
the bank cost them over £2.5million which was taken out of bank accounts.
Following that, you’ve got brand damage, on which you can’t put a price. What
you can put a price, however, is how much the EU GDPR law would have charged
them, either $20m, or 4% of their turnover, whichever is the highest. Looking
at Tesco’s 2015 turnover, 4% would be something around the £2.5billion mark.
Fines aside, GDPR is going to have a large
effect on organisations. Companies are going to have to report things quicker
and whistle-blowers are going to have to put their hands up. We may see more
data protection officer roles being created, who must let someone know if
something goes wrong, or if user data has been breached. This officer is
ultimately going to sit outside of the IT and security departments, taking
responsibility to report and analyse patterns.
Another way that GDPR will have an effect is
relocating resources to meet with the personnel demand. I’m not convinced that
everyone has budget assigned to this either, as there are two aspects to GDPR. It’s
not just about the cyber security element, but businesses also need to invest
in security hygiene, which is one of the biggest challenges.
This involves organisations making sure that
they’re aware of the data they’ve got and is stored in a clear, organised and
easy to access way. Due to this, I believe a future trend (and something we’re
seeing at the moment) is an emergence of data storage organisations talking
loudly about how they can aid this, and grow in the market space.
How do you advise the
industry educates employees?
Ideally what needs to happen is a culture
change. Prevention technology can protect you from most of what’s out there,
other technologies that can fill the gap, but ultimately there needs to be a
shift within organisations, with more education amongst the younger generations
that are moving into work. In the future, we may see working agreements and
employment contracts change to include tighter policies about cyber security
best practices, including where they work, how they work, and what is
acceptable use of company technology. Security companies have been doing this
for a long time, which also protects their brands, but now we need to see these
policies reach out to further industries and lines of work.
How can businesses face
the IoT and mobile threat?
As the Dyn DDoS attack (the cyber-attack that
brought down much of America’s internet in October) and the smart car system
attacks from 2016 have demonstrated, businesses need to ask themselves: ‘Have
we not taken the necessary cyber security steps that we should have in the face
of staying competitive?’.
If we look at the recent Tesco breach, for
example, we all know the brand as a supermarket, and potentially in a rush to
stay ahead of the curve, it has branched out into banking, insurance and mobile
phone policies. It’s interesting to look at the fact that the Tesco banking
division was attacked, where legacy banks (with most likely more valuable
accounts and data to access) weren’t. It’s this rush to market that poses one
of the biggest threats when it comes to securing IoT and mobile devices in 2017,
as cyber security isn’t considered at the design stage for most products. If
you’re going to create an IoT device, invent with security first.
Overall, it seems that IoT in 2017 is close to
becoming what cloud computing was in 2014 – a buzzword.
When the market suddenly grabs hold of a
technology or a new concept, you find the industry spending so long discussing
it, that the next thing you know is 500 companies have popped up and CISOs are
spending their time worrying about it, distracting from larger problems in the
My advice here is to not let IoT become the
noisiest topic of 2017 and draw your attention from larger cyber security
problems, such as ransomware and email phishing campaigns.
It will be of primary importance to those
companies or business units who can gain an edge by using IoT, but its just
another platform in the fight against cyber crime that needs addressing, not
the be all and end all.