Data Security in Review: What to expect in 2017
2016 was a year of major attacks on large corporate businesses. With some 500 million Yahoo user accounts breached, revealing names, emails, encrypted security data and other sensitive information, it was the largest publicly disclosed cyberattack in history. More worryingly, it took place in 2014 but did not come to light until last September.
Then, 6 million customers at mobile phone giant Three were breached by an internal attack using an employee login to access the customer database.
Tesco Bank also became subject of a hacking scandal that was described as the worst cyberattack in British banking history when hackers defrauded 9,000 customers of £2.5 million. The sophisticated and coordinated attacks of 2016 have caused much angst within the cybersecurity industry.
Predicted Cyberattacks in 2017
Major cyber breaches in 2016 have created great uncertainty amongst organisations and their approach to data security. However, as technology advances, methods of criminal activity will inevitably become more sophisticated, so it is vital that businesses tighten their belts and implement a data-centric approach to security.
There’s an increasing number of vulnerabilities that organisations need to secure themselves against, from contactless payments to Cloud services and increased insider attacks.
Digital and Touchless Mobile Payments
As digital and touchless mobile payments become increasingly accessible, cybercriminals are set to capitalise on their popularity. Hackers may attempt to exploit flaws by tapping into near field communication (NFC) and radio frequency identification (RFID) payment systems, such as Apple Pay, Android Pay and other systems. Banks, credit card groups, vendors, manufacturers and of course customers will all be the victims of these breaches.
Internal threats will continue to be an organisational vulnerability. With trusted employees, contractors and third-party partners having access to high profile security, internal breaches are unfortunately inevitable. However, it is anticipated that there will be a surge in improved internal security with the new EU GDPR legislation being implemented in 2018.
Cloud sharing has become an increasingly popular method of distributing and accessing data across multiple platforms. At the 2016 RSA cybersecurity conference in San Francisco, over 700 vendors boasted various Cloud platforms for file sharing and data collaboration – and the market is predicted to grow into 2017.
However, the growing use of Cloud services and lack of visibility in sensitive data can lead to damaging data breaches. Increased Cloud backup and storage of confidential data increases the probability of cyberattacks. Many organisations already lack confidence in the Cloud infrastructure’s ability to protect sensitive information. Going forward, the challenge will be protecting sensitive data, as IT teams will need to adopt a more robust and intelligent solution to combat data from breach or loss.
The primary motivation for hackers is profit, and with Ransomware being one of the simplest ways they can achieve this, attacks became increasingly common in 2016 and are predicted to escalate in 2017. However, as technology develops, the associated malware is expected to become more sophisticated.
What Can Help?
With the impending EU GDPR coming into force in 2018, organisations must implement secure data protection strategies to ensure the handling of EU citizens’ data adheres to the new legislation.
The development of options for the application and use of file ‘meta data’ have redefined how data is controlled by organisations. Therefore, the first and one of the most fundamental steps to a better data protection strategy is the implementation of data classification software. This enables organisations to classify and label their files and data by its sensitivity, subsequently reducing the risk of breaches and focusing protection on the most the most confidential information.
Furthermore, a User Entity Behaviour Analytics solution utilises existing and typical user behaviours to identify threats to data quickly and accurately. Securonix’s UEBA solution is emerging as the most promising solution to rampant cyber threats.
Identity Access Management solutions enables organisations to close loopholes in online security by identifying and securely managing data access. This technology works as an automated control panel and is used to initiate, capture, record and manage user identities and related access permissions.
In short, the severity of the 2016 cyberattacks, in addition to the predicted security hacks for the coming year, highlight the importance and need for better organisational data security.
For more information on implementing a more effective cybersecurity solution successfully, contact us or call +44 (0)845 643 4063.