INTELLIGENT ENTERPRISE SECURITY
of dealing with them. The dangers of
DDoS for smaller companies are that it
will leave them unable to do business.
For larger organisations, DDoS attacks
can overwhelm systems. Remember that
DDoS is significantly under-reported, as
no-one wants to admit they have been
under attack!
manufacturers are not yet routinely building
security into IoT devices and 2018 will see
further problems generated through the use
of insecure IoT. IoT is a major threat and
possibly the biggest threat to businesses in
the coming years.
Unfortunately, it is not easy, and in
some cases impossible, to bolt on security
as an afterthought with IoT, and many
organisations will find it challenging
to deal with the consequences of such
breaches. As IoT cascades through an
organisation’s infrastructures, it is likely to
become the ultimate Trojan horse.
More from Shadow Brokers
The Shadow Brokers, a hacker group
which stole hacking tools from the
American National Security Agency,
created havoc in 2017 with the Wannacry
ransomware episode. The group has
already stated that it will soon release
newer NSA hacking tools, with targets that
might include vulnerabilities in Windows
10. There will certainly be further episodes
from them in 2018, so patch management,
security and regular backups will be more
crucial than ever. A major target of these
hackers is the data that organisations
hold, including Personally Identifiable
Information and corporate data. So
protecting the data crown jewels inside the
network will become ever more crucial.
Cloud insecurity is up to you
Ian Kilpatrick, Executive Vice-President, Cyber
Security, Nuvias Group.
As IoT cascades
through an
organisation’s
infrastructures
it is likely to
become the
ultimate
Trojan horse.
GDPR, have most businesses
missed the point?
The arrival of GDPR in May 2018 will,
of course, be a big story. However,
many organisations are missing the
main point about GDPR. It is about
identifying, protecting and managing
Personally Identifiable Information - any
information that could potentially identify
a specific individual. This will become
more important in 2018 and there will be
considerable focus on identifying, securing
and, where required, deleting Personally
Identifiable Information held on networks.
GDPR blackmail, the
new ransomware?
Unfortunately, GDPR will give a great
opportunity to criminals, hackers,
disgruntled staff and anyone who might
want to do an organisation harm. They
simply have to ask you to identify what
data you hold on them, ask for it to be
erased, and ask for proof that it has been
done. If you cannot comply, they can
threaten to go public – exposing you to the
risk of huge fines – unless you pay them
money. Watch out for that one!
DDoS on the rise
It is now possible for anyone to rent a
DDoS attack on the Internet. For as little
as $5, you can actually pay someone to
do the attack for you! This is just one of
the reasons DDoS threats will continue
to escalate in 2018, alongside the cost
Problems with cloud insecurity will
continue to grow in 2018 as users put
more and more data on the cloud,
without, in many cases, properly working
out how to secure it. It is not the cloud
providers’ responsibility to secure the
information, it is down to the user. With
the introduction of GDPR in 2018, it
will be even more important to ensure
that PII stored in the cloud is properly
protected. Failure to do so could bring
serious financial consequences.
The insider threat
Historically, insider threats have been
underestimated, yet they were still a
primary cause of security incidents
in 2017. The causes may be malicious
actions by staff or simply poor staff
cyber-hygiene; that is staff not using the
appropriate behaviour required to ensure
online health. In 2018, there will be
growth in cyber education, coupled with
more testing, measuring and monitoring
of staff behaviour. This increasingly
involves training and automated testing,
such as simulated phishing and social
engineering attacks.
Time to ditch simple passwords
In 2018, simple passwords will be even
more highlighted as an insecure secure
method of access. Once a password
is compromised, then all other sites
with that same user password are also
vulnerable. As staff often use the same
passwords for business as they use
personally, businesses are left vulnerable.
While complex passwords do have a
superficial attraction, there are many
challenges around that approach and
multi-factor authentication is a vastly
superior method of access.
39