Publications

Follow us on social media

Information security in 2017: time to enhance your data protection

14 April 2017

This year companies may face new and sometimes veiled cyber threats. Hackers develop their skills and introduce more and more sophisticated means of cyber attacks. Moreover, businesses move towards being more vulnerable to mobile hacking and IoT breaches. Falcongaze Analytics Center examines threats for organizations and individuals in 2017 and considers factors mitigating cyber risks. 

Internet of Things as the biggest threat

As more and more smart devices emerge on IoT market, chances of hacking attacks are growing rapidly and can cause electronic failures and even threaten lives. According to Steve Durbin, Managing Director of the Information Security Forum (ISF), the main risks for cyber security in 2017 are connected exactly with Internet of Things.

IoT is the technology of the future: it will change the way we live and work and make our lives much easier and comfortable. But if for individuals IoT is a real pleasure and relief, corporate security may suffer irreversible harm as hackers may easily access devices connected through IoT. For instance, in October 2016 cyber attackers hacked cameras and routers of those users who haven’t changed passwords set by default. Using infected IoT devices they carried out DDoS attack on DYN domain names servers. As a result an access to Twitter, Spotify, Paypal,  Amazon and other popular services was restricted for several hours.

Unfortunately, DDoS attacks and sensitive data thefts are not the only threats. Cyber criminals can remotely switch pacemakers off, cause traffic accidents, hit electrical grid, avionics or railway electronics.

Hacking and espionage via mobile devices

Smartphones used by employees to access corporate data pose the greatest cyber threat. Cyber attackers may use weak mobile devices security and get into corporate network. Additionally, users frequently take cyber security lightly and share their personal data when download mobile applications or access communication services.

Recent Ponemon Institute research states that smartphones data leakages cost enterprises tens of millions of dollars.  According to this research, 67% of the respondents told they suffered sensitive data losses while accessing corporate networks via mobile devices.

Using mobile devices attacks, cyber criminals can spy on users’ location, his contact details, photo and video files as well as his personal communication. Mobile hacking is complicated but profitable business. Hackers mainly focus on the development of malicious software for Android devices. They have more customers and it is easier to distribute software in Google Play than in AppStore. However, Apple devices are also vulnerable to cyber attacks.

Hacker groups, cyber terrorism and security services

Information security professionals do worry about organized cyber crime growth. Hackers move to offices, create complex hierarchies and develop mutual cooperation with other hackers cells while security measures lag behind the advancing technologies.

IT industry is evolving so quickly that it creates new opportunities not only for software developers but also for cyber criminals who improve their cyber weapons. Any device connected to internet is vulnerable to cyber thefts, blackmail threats or cyber diversions. Take for example Stuxnet, malicious computer worm created by the US and Israel security services to combat Iran Nuclear Program. The worm affects automated technological processes management systems of power plants and airports.

Recall last year’s US election scandal which is clear proof of how severe can the impact of cyber attacks be.  In 2017 even a higher growth rate of such data breaches is expected what compromises politicians and has a direct impact on public opinion.

Using machine learning to prevent cyber attacks

Thanks to machine learning computers have cognitive skills and don’t use deterministic algorithms. They act just like an artificial intelligence and carry out processing tasks following no particular pattern.

Machine learning processes accompany us every day sometimes largely unnoticed. These processes make things easy on, for example mobile phones can recognize voice commands, search engines present the best search queries, emails distinguish and filter spam off. Machine learning is the essence of ambitious high-flying projects which transform our world and facilitate our lives such as pilotless transportation or robots assistants.

Eric Ogren, analyst at 451 Reseacrh claims that machine learning that analyzes user behavior is the key trend of information security in 2017. It gives chances to prevent additional damage from cyber attacks undetected by common security means. It is machine learning which makes it possible to set statistical profile of normal user, device or website activity and detect potential threats. Behavioral analytics allows to prevent security breaches or unauthorized access to confidential information.

Tightening of legislation

Government entities try not to lag behind the global threats in security industry. In March 2017 the head of the Russian Ministry of Foreign Affairs suggested that the convention on information security should be established. The convention will be proposed for the UN consideration and regulate basic rules of behavior in cyber space.

ISF director Steve Durbin notes that tightening of legislation in the information security industry is a growing trend worldwide. So, in May last year a new General Data Protection Regulation came into force, adopted by the European Parliament after three years of discussions. The regulation will be applied not only in the EU but in the CIS as well.

By May 2018 companies are expected to submit information about data breaches that have already taken place. Regulatory authorities, in turn, will determine amount of fines that should be imposed in case of requirement violation.

Hackers use vulnerabilities which emerge not only as a part of product development process but also when owners misuse them. People are just unaware of cyber threats and so don’t think much about security of their devices at the appropriate level.

However, ignorance does not release from the responsibility. Users are just as guilty of hacks as developers.  Quite often we disregard security and set common widely-used passwords. If people are apprised of the risks of flippant attitude towards cyber security rules, they will use their smartphones, cameras and  routers more responsibly.