Websites dealing with security issues are more and more frequently reporting new threats in the IT field. Increasingly dangerous attacks are made in all business areas, which affect data security and process stability. Many organizations keep assuming that physical solutions will guarantee security. Unfortunately, criminals are increasingly using socio-technical and psychological strategies which allow data to be taken over as a result of human factors. Selected threats in 2017 are as follows:
Protection of Mobile Devices is Still Poor
According to the F-Secure report Internet Security, only 32% of mobile users use anti-virus software on their hardware.
Laptops, smartphones and tablets are the devices most easily taken over physically. We often store business-critical documents in the memory of such devices. As is well known, data in inappropriate hands can be used to gain a market advantage. End users frequently do not establish authentication passwords, do not use encrypted data transmission channels and use software unauthorized by the company security center.
Mobile devices should be centrally managed by the entity responsible for network security. Regardless of the company’s size, it should have a defined procedure for preparing hardware before its release to an employee. Such documentation should include, among other things, guidelines on pre-installed software, definition of a secure authorization password and methods to physically secure the hardware. When it comes to corporate network access from remote locations, devices should have a VPN channel defined, which will allow data transfer to be secured through dedicated communication tunnels. It is worth considering entrusting your mobile security audit to an external entity, consulting with such an entity on security procedures and implementing a solution based on VPN technology.
Ransomware
Ransomware is a type of attack that usually results in restricted access to system data by data encryption. The attackers usually attempt to extort money, telling victims “pay the ransom and your data will be decrypted.” Why have these attacks been so effective so far? Cyber-criminals often impersonate transport companies and send personalized emails about an uncollected parcel whose status can be found by following an attached link. Clicking on that link initiates the encryption of data. Payment of the ransom does not always result in data decryption.
Unfortunately, the problem of ransomware attacks is still increasing. In its report summarizing April 2016 to March 2017, Kaspersky Lab states that the number of such attacks has grown by 11.5% compared to the previous year. It is very difficult to fight such attacks because they exploit weaknesses in system gaps, or human carelessness. If the data is critical and the company's future depends on it, it is worth considering data hosting with an external provider. It is the provider's responsibility to secure the data that is critical to the functioning of the business. Another advantage of hosting services is data centralization, which allows data to be accessed from anywhere in the world, provided you have access to the internet.
"If you decide to implement IoT solutions in your organization, then unfortunately you need to change your way of thinking about system design"
IoT: There are Still Holes in the Internet of Things
Referring to the Cisco Mobile VNI (Visual Networking Index) report, a seven-fold increase in global mobile network traffic is forecast by next year – which is the result of the increasing popularity of IoT solutions, smartphones and mobile devices.
The human population has become accustomed to amenities such as intelligent home management systems and remote controlled washing machines. Remote automation allows us to better manage time and do a number of things at once. Unfortunately, most of us carelessly plug the device into the network. IoT devices collect very sensitive data. Based on logs from the room temperature management system, one can judge when there are people in the household. Unfortunately, a poorly designed IoT network is the key to potential hacking, which can result in the loss of material goods.
The internet, networks, automation – these are goods that allow people to lead a very comfortable lifestyle. Thanks to them we can do many things remotely, without leaving our home or office. Unfortunately, with the thoughtless use of new technologies, it is easy to fall into a trap and expose oneself to their side effects.
We should bear in mind that a company cannot afford to lose its key data, but that the number of such data losses is systemically growing. Therefore, the technologies that are responsible for data storage and management have become strategic assets that have a significant impact on business continuity.
If you decide to implement IoT solutions in your organization, then unfortunately you need to change your way of thinking about system design. This means that system design should be done comprehensively – from network architecture, through security and the subsequent use of devices. It is hard to deal with such a big issue single-handedly, and it is sensible to use the services of professionals. The management of ICT services through an external entity brings a number of advantages. Such external professionals can build a reliable solution that is monitored. In the event of failure, it is repaired according to the SLA. Thanks to the comprehensive service, you do not need to worry about single incidents and malfunctions. With a well-designed solution, failure frequency is very low, and often not noticeable by the end user.
Of course, this is not a permanent and complete list of threats. Every day, new threats are emerging which specialists are trying to fight. Unfortunately, every threat is designed for different purposes. Therefore, there is no one single way to solve all security problems. It is worth entrusting your systems to specialists who will secure the environment against potential cyber-criminals.
Comarch IT Risk and Security is a group of comprehensive IT security services within Comarch ICT services. With the knowledge gained by our engineers, we are able to tailor a solution to your specific needs so that your data is safe. We work comprehensively, beginning from an audit of current solutions, through a review of security procedures and ending with the preparation and implementation of comprehensive solutions to help secure your business. In addition, Comarch ICT not only deals with network security, but also provides data center services and IT managed services. Thanks to specialists in different areas of IT, we are able to implement reliable solutions for your company.
This content is authored, and sponsored, by Comarch.
