As security experts, we are frequently asked what we expect the year ahead to hold, in terms of IT trends and threats, and our subsequent advice. Part two of our two-part blog series on our expectations for 2018 is as follows:
The past year has seen more sophisticated, innovative and targeted phishing attempts, making them increasingly hard to distinguish from legitimate emails. Having the technology in place to limit the number of suspicious emails reaching your inbox in the first place is key but, even with this in place, workarounds are always being developed and some – inevitably, those which are harder to spot – will therefore make it through. A growing number of organisations are coming to us, having experienced the consequences of a phishing attempt first hand; once somebody has access to your email account, the intelligence they can gleam and the damage they can cause can be huge. The risk of being phished is only set to increase in 2018, as artificial intelligence is increasingly used by cyber criminals to establish user behaviour patterns and help them make their content more convincing.
- Ask your IT partner to review the security measures you have in place – both to limit the chances of you receiving phishing emails and to protect your account credentials if somebody in your organisation falls a victim.
- If you haven’t implemented multi-factor authentication, don’t delay any longer.
- Incorporate phishing awareness, including tips on how to recognise the latest attempts, into your regular training schedule.
5/ Sophisticated alerting
Even with appropriate IT controls in place, your organisation may still be vulnerable to a security breach. Breach handling procedures are a key requirement under the updated data protection legislation, with all data breaches required to be reported within 72 hours. 2018 is set to see an increase in affordable options for alerting to behaviour which is out of the ordinary, such as unusual login times, locations and activity. If an attack is under way, time is of the essence; you will want your IT team to have the tools to identify a time critical risk to your business as soon as possible, to be able to investigate act immediately and to therefore be able to prevent damage and limit the loss of any data.
- Engage with your IT security partner to explore your cyber security options, especially in terms of breach alerting.
6/ Industry wide exploits are increasingly being discovered.
In the early days of 2018 came Spectre and Meltdown, hardware vulnerabilities permitting programs to steal data processed on a device or in the cloud, for example personal data and emails, without the user knowing. Hardware providers quickly responded with software updates, however, these vulnerabilities are capable of affecting almost all modern devices with huge impact and, with our lives becoming more and more dependent upon interconnected technologies, the potential impact is only set to increase.
- Mitigate the risk of your organisation being hit by speaking to your IT partner to make sure you have systems and processes in place to control the download of applications from unknown/untrusted sources.
- Make sure you also have processes in place to deploy the latest system patches as soon as they are available.
With all of the key trend areas we have outlined for the year ahead in our two-part blog series, the role of technology and the responsibility of people within the organisation go hand in hand. 2018 is undoubtedly going to be a critical year for IT security: it’s time to make sure you are optimising technology AND making sure your people receive appropriate training on a regular basis, to protect your data and your business.
Contact us for: Cloud Services, IT Security, Infrastructure Consultancy, IT Management & Support