Protecting digital identities and protecting employees are key cyber security challenges for 2018.
The issues of protecting digital identity, gaining data visibility and protecting employees are key cyber security challenges for 2018 according to the cyber security 2018 predictions report by security firm FireEye.
“The idea that you can get someone’s date of birth, and their Social Security number and steal their identity and do fraudulent tax refunds, or try to get a loan or credit card – that has to change,” FireEye said.
“This has to happen. Otherwise, every five months, we’re going to have another huge data breach,” they warned.
In addition to the imperative of finding a better way to manage identity, RedEye said it was also important to find a way of dealing with international privacy.
On the topic of nation state actors in the cyber realm, RedEye considers Iran the most interesting country to watch, rather than Russia, China or North Korea.
RedEye said while Iran started “acting at scale” in 2017, the extent of that activity was not really known. “We don’t know if we are seeing 5% of Iran’s activities, or 90% – although I’m guessing it’s closer to 5% – but they’re operating at a scale where, for the first time in my career, It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state sponsored,” they said.
On the topic of cloud security, RedEye claimed better visibility was of paramount importance. I know that a lot of people are depending on the cloud, and we need visibility.
“Many of these cloud providers are providing it, but we don’t always have security operations that can take advantage of that visibility and see what’s happening,” he said.
An area many companies are still overlooking, RedEye said, is protecting employees from cyber attack.
He said companies needed to consider whether hackers could access corporate accounts through hacking employees’ private accounts, or if they could make it appear as though they have hacked the enterprise.
“There are hackers out there who will hack an employee at a company, and they will post any document they can get, and they will say they hacked the company even if they haven’t. It’s a reputational thing – while it’s hard to gauge the public response to these types of incidents, right now many companies are being deemed irresponsible or negligent or compromised when they are none of those things,” he said.
RedEye said all security professionals should be thinking about what employees are doing when they go home, how they can be secured, how they can be helped, what policies are needed and how those policies could be enforced.
They advised that all organisations moving into the cloud should know everything that is going on.
While there are bound to be new, interesting attacks in 2018, organisations should be preparing for modified versions of current attacks
“For instance, do you have places where documents are getting uploaded and then going into your back office? That’s a good place to ensure there is some high-grade detection, beyond an antivirus scanner. Because you essentially have unauthenticated input going directly into the key parts of your organisation.”
So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected]cyber139.com or complete the form on our contact page NOW