Following the well-publicized mass looting of data from Target Inc. in late 2013, most companies are devoting renewed energy to bolstering their cybersecurity measures. The awareness that digital information is at risk extends across businesses of all sizes as well as to private citizens, who have become much less complacent over the past year.
A sense of urgency about digital security is fueled not just by the widespread occurrence of data theft by hackers, but also via the ongoing concern for privacy issues driven by disclosures of extensive National Security Agency (“NSA”) information gathering.
In response to these threats, companies are taking a variety of steps, and the digital security industry is seeing strong growth and innovation. CRN has talked with security firms across the industry, and reports the following trends in 2014 surrounding data protection and cybersecurity.
- Enhanced use of encryption, and more careful attention to the maintenance and proper configuration of existing encryption systems, is one of the first lines of defense used to thwart would-be attackers.
- Increased scrutiny of internal data use is another common response to Target’s woes. Behavioral analytic technologies allow firms to monitor users within the company as well as end users, remaining alert for suspicious behavior that accompanies theft or attack with malware.
- Resistance to cloud technology is growing. While this area offers huge rewards for companies and end users in terms of efficiency and access, the security liabilities that accompany cloud technology create a drag on the speed with which many firms are willing to adopt it.
- Risk assessment and software analysis to screen for vulnerabilities is gaining a front seat at many organizations. Keeping software up-to-date to avoid known weaknesses and testing proprietary software for unnoticed vulnerabilities are both front-line defensive maneuvers that are receiving more attention in 2014.
- More destructive attacks that damage computer systems and stored data could become a problem, as political and cause-focused hacktivist groups target particular corporations or government sites.
- Rising levels of smartphone malware means more security efforts directed to Android and other mobile platforms, as well as the individual apps businesses use to interact with their customers. Apps that were originally harmless but then changed ownership, much like the Chrome extensions Google recently pulled from its Play Store, pose a similar type of new threat.
- Old fashioned phishing and hacking of individual users is gaining in popularity as cybercriminals seek access to account credentials, while avoiding sophisticated security measures.
- More sophisticated malware and better encryption of malicious code allow cyberattackers to evade virus detection and removal tools.
- Active defense is a relatively new concept in computer security that is garnering extra attention these days. The idea is to convince hackers that they are into their target area, when they’ve actually been diverted and trapped in a shell where they can be easily identified and in some cases, retaliated against.
- Following up on network threats is a necessity that requires manpower organizations don’t always have available. Active monitoring and maintenance by managed service providers and hiring forensics experts to respond to threats are two popular solutions.
- The end of the internet as we know it sounds extremely dramatic, but it may actually be a possibility. CRN says that “NSA surveillance revelations could cause the Internet to break up into ‘national segments,’ which would have serious consequences for the security industry,” according to Alex Gostov, who works researching security issues at Kaspersky Lab. As countries attempt to protect their sensitive government data and that of their citizens, new restrictions on foreign access may have serious impacts on security and the functioning of the system itself.
Data theft, damage to databases and other types of cybercrimes pose an immense threat to businesses and organizations of all kinds today. A successful attack can cost huge sums of money and destroy reputations, along with years of work. With so much at stake, it is imperative that leaders acknowledge and respond to the new and intensified threats of computer security flaws.