As security experts, we are frequently asked what we expect the year ahead to hold, in terms of IT trends and threats, and our subsequent advice. Part one of our two-part blog series on our expectations for 2018 is as follows:
1/ Enforcement of information security policies and controls from the top
The General Data Protection Regulation, which comes into force fully in May 2018, and the associated fines, bring about even more of a need for information security to be taken seriously from the top. As part of the GDPR, organisations must demonstrate that they are taking all reasonable security measures to keep personal data safe across the organisation.
- Seek guidance from your IT partner, in conjunction with legal/compliance specialists, to understand the IT related steps that make sense for your organisation.
- Consider commissioning a third party security audit of your infrastructure, which would include identifying the risks that any legacy systems and applications may leave your organisation exposed to.
- Work with your IT partner to review your IT policies, IT systems/controls in place and ongoing training procedures.
- Consider gaining certifications and accreditations to demonstrate your commitment, for example Cyber Essentials and ISO 27001.
Over 2017, we saw a rise in large-scale ransomware attacks making the headlines, namely, WannaCry and Petya. The impact of such attacks was wide ranging for organisations infected – from operational to financial and reputational. In 2018, we expect ransomware criminals to exploit even more sophisticated methods. With GDPR looming, lost data has broader implications for organisations, and cybercriminals are sure to maximise the opportunity this presents! As a payment for the return of data, cryptocurrencies are becoming an increasingly popular demand of hackers, as a method of payment that is difficult to trace.
- Make sure all system patches are promptly deployed and that this process is as automated as possible.
- Ensure all data is backed up off premises, and that backup tests are carried out regularly.
- Provide regular staff security training, including what to do if somebody suspects they have been a target of a ransomware exercise.
3/ Biometric authentication
An increase in biometric authentication for mobile devices has been seen over the last 12 months, with Samsung and Apple taking this a step further with facial recognition authentication. We expect to see this grow across more devices and organisations as another layer of authentication. Although this may appear be a more secure method of entrance protection, new technology also brings with it new vulnerabilities, which may require a different set of considerations.
- Avoid the attitude that your method of access is bulletproof.
- Seek guidance from your IT partner before switching to a new authentication method, for advice on testing undertaken and any risks that you may need to consider and mitigate.
If you like what you’ve just read, look out for part two of the blog series coming next week!
Contact us for: Cloud Services, IT Security, Infrastructure Consultancy, IT Management & Support