Today, the computers and the internet are not only the toys to help people spend their free time. Above all, they are the most important work instruments. Their safety and effectiveness determine business success and prosperity of a large number of people. Thus, it is not surprising that today information security is the matter of interest to many.
What are the main information security trends of 2016? What challenges should we cope with in future? What mistakes can be avoided and, most importantly, in what direction to develop further?
Hackers hunt not only the big game
In the view of the majority of people, the main hackers’ objectives are large multinational corporations and high-level government agencies, such as the Defense or Finance Ministries. In fact, these objects are usually very well protected. Getting into their system requires the highest level of skills. It is much easier and often more profitable for the hackers to pay attention to smaller structures. As a rule, they do not have enough funds to ensure information security. At the same time, the data, stored on their servers, is often not less important.
Today hackers are strengthening their attacks on small businesses and, especially, healthcare institutions. If to think about it, you’ll understand that a registration office of the health center in the small town is a more attractive titbit than a bank database with the credit card numbers. The medical record of any person provides almost all the information about a patient. From his exact address and passport data to the same credit card and social security cards numbers. That’s why reliable data protection is necessary not only for financial institutions. In 2015, 3 of the 5 major leaks happened in the healthcare system enterprises. And it seems this trend will continue.
The vulnerability of megalopolises
A town-dweller depends on the benefits of civilization much stronger than a countryman. If there is a well in the yard, a water pipe accident will not scare a countryman. When the central heating is turned off he can always stoke a fireplace. And if the electricity is cut off – primitive candles are always in reserve. At the same time, life in a huge metropolis can be completely paralyzed with a failure of any part of the life support system. Thus, the cyber-attacks on the computer systems of large infrastructure objects are extremely dangerous and can become an attractive target for fraudsters of all suits. And, it is not about the material losses at all…
The importance of the human factor
Investing a lot of money into security does not guarantee a complete protection from all kinds of risks. A human factor also requires close attention. In a long-term fight with Trojans and bots the information security experts often forget that today hackers are armed not only with viruses but also with the latest achievements of social engineering.
A focus on the software and hardware improvement is destined to failure. It is because not a tricky virus, but a careless clerk can do more harm to the business. And he will do it not on purpose, but out of ignorance. Thus, not only technical staff should be taught the basics of the information security. But also the cleaning personnel, secretaries, managers, etc. It is necessary to bring to the employees’ understanding the importance of the two-factor authentication (sometimes also falsely called two-factor authorization) and secure password storage.
The IoT and smartphones need better protection
Mobile Internet and the Internet of Things are the most vulnerable points on the today’s information security map. Especially since the share of such devices is growing like an avalanche.
In today’s world, a concept of office as such is passing away. More and more employees work in planes, cafés or co-works and enter the database of the companies with their mobile devices. This can create extra risks. Especially if to take into account a well-known vulnerability of mobile operating systems to viruses and unauthorized intrusions. The latter fact applies not only to Android but also to iOS that was considered to be super-secure not so long ago.
Today, domestic smart devices remain almost unprotected against hackers. Only a few smart gadgets support two-factor authentication. Even appliances, designed specifically for the safety of our homes – CCTV systems – often allow logging to a control panel without entering a 2-factor authentication code!
Nowadays many people suffer from extortionate attacks. It is when the computer is blocked with an embedded virus asking you to pay some money to unlock it. In addition to the traditional hackers’ targets – Android and Windows – there are also cases of attacks on computers running Linux. This operation system earlier was considered fairly secure. It won’t be a mistake to assume that owners of the expensive Apple devices also won’t go unnoticed. After all, they can pay much more than other users to repair their devices. Perhaps, in the nearest future, the extortionists will master the expanses of the Internet of Things. How much will you agree to pay to unlock the car? And what if the hack happens when you are driving?
Looking for the new ways
The first barrier the network hackers face on the way to the data of any resource is usually the user authentication. Today the two-factor authentication with the help of one-time passwords can help to protect users from hackers, who try to get access to their accounts. This tool is quite reliable, but not always convenient. That’s why many users ignore it making a serious damage to the information security of the whole system. Specialists are aware of this problem and are working to develop such means of 2-factor authentication that will not cause any inconveniences.
The work ahead of the curve
Online criminals are always working ahead of the curve. While the information security departments of the companies usually work to protect their data from the existing problems. The main task for the data protection specialist is not the elimination of the consequences of the hostile intrusions into the system. He should think how to prevent the intrusions and create of information protection schemes which will complicate an attack or make it completely impossible.
Data protection experts do a lot to secure the network. But this does not mean that nothing depends on an ordinary user. It is necessary to consider the professional’s pieces of advice and follow their recommendations. In the end, everyone is interested in clean, hackers-free network space.