About Us | Contact Us
View Cart

T7 – The Trend of Trends 2018

By Vigilize | Monday, February 19, 2018 - Leave a Comment

The seven best trend articles in 2018 . . .


For ISO’s of small financial institutions.


Sometimes, in spite of seemingly everything changing at an accelerated pace, you find things that are familiar. In Dan’s Magnificent Seven and R7: The Top Seven Risks pieces, for example, you’ll find several new developments of interest to Information Security professionals…but you’ll also find some things, like employees clicking phishing links, to be more familiar. In light of this observation, this year we have decided to use our annual T7 piece to look at how our previously selected trend articles, and the subjects they were based on, have evolved over time.

As we’ve said before in our previous takes on this article (in 2015, 2016 and 2017), it’s important to consider when reading these pieces whether they are discussing current trends or if they’re making predictions. While both kinds of articles can be interesting to read, we try to consider them differently: by basing tactical plans on current trends, and longer term strategies based on predictions.

  1. Internet of Things/Wearable Tech: A perennial favorite in trend articles by ourselves and others, the proliferation of internet connected devices shows no sign of slowing down…and still worryingly few signs of proper security. The continuing inattention to security comes as organizations such as CIO Magazine predict increasing adoption of internet-connected technology in the industrial sector, where equipment often remains in use (and vulnerable to attack) decades longer than in homes and offices.
  2. Encryption: Whether it’s being used by your average consumer to protect their smartphone or by the bad guys to hold your company’s data hostage, encryption and how we implement it is another trend that we’ve been following (and will continue to follow) for years. We are also seeing encryption being employed as a way to reduce certain compliance burdens, in the European Union at least, with new legislation absolving businesses of the requirement to notify consumers about data breaches–as long as the data that was lost was encrypted.
  3. Mobile Malware: In 2016 we looked at the growing trend of malware aimed at mobile platforms, and noted that the once-impervious iOS was starting to see attacks as well. In the intervening two years smartphones have become an even more inviting target, with examples of cryptocurrency-mining malware spotted in the wild. On the Android side, examples of infected applications are easy to come by through the official Google Play store, despite efforts to screen submissions for threats. If that wasn’t enough, experts are warning of the rise of Ransomware-as-a-Service: ready-made kits which allow those with no technical ability to deploy an attack.
  4. Open Source Vulnerabilities: Open Source Software’s ability to be examined by the public is one of its selling points, but that presumes that there will be someone there to examine it: with billions of lines of open source code across thousands of projects, problems can lie in plain sight for years before being scrutinized. Open Source Software must also still be patched in a timely fashion to remain secure, as Equifax recently discovered.
  5. Cloud Security: Data storage and virtualization continue to make computing cheaper, while wireless and wired broadband continues gets faster. Put them together and you have an ever-growing incentive to shift resources to the cloud…but just how well do you know the organization on the other end? Between Software-as-a-Service, Platform-as-a-Service, internet of things devices and data storage, the vast majority of businesses now have at least some of their information in the cloud, making this an increasingly attractive target for financially motivated attacks.
  6. Ransomware: Touched upon in both 2016 and 2017’s installments, ransomware is as big a threat as ever, in part because of how profitable it can be. While experts believe most victims fail to pay their digital hostage-takers, it doesn’t take many ransom payments to make such an enterprise profitable. If that weren’t bad enough, a look at 2018’s tech threats from the MIT Technology Review says such attacks striking major cloud services seem to be only a matter of time.
  7. Password Problems: A problem practically as old as computing itself, the issue of password security is one that offers no simple solution. On the bright side, this means that there’s always a new selection of articles discussing the problems, and their possible solutions, to choose from…but don’t expect to get out of those mandatory password changes any time soon.

 


This article is now a collaboration of several infotex team members.  Original T-7 article concept by Dan Hadaway CRISC CISA CISM, founder and Managing Partner, infotex


same_strip_012513


 

Posted in Articles, Infotex News

Latest News
    Today we present a special BONUS awareness poster for YOUR customers (and users).  This update to the April 2022 Awareness Poster takes some cues from the Dan’s New Leaf article: Why Local? Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the […]
    Awareness is 9/11’s of the battle, if we use it! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . One of my old college buddies hates banks.  He was turned down for a loan a long time ago and just can’t let go.  I actually […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE SERVICE NEWS Dateline: Dayton, IN, June 22, 2022 We are proud to announce that infotex will now be supporting Endpoint Detection and Response (XDR/MDR)! We can manage/monitor solutions you already have or offer one as part of our service while still maintaining a segregated response posture. In recent years […]
    Over 85 percent of surveyed companies report having no  centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government.  […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    We always strive to bring you the best content that we possibly can. Your opinion on any content, presentation, service, or anything else you have received from us is important! Please click the button below to let us know how we are doing!  
    What to Expect in an Annual Information Security Report to the Board Webinar-Movie Information security ranks as a top risk to financial institutions, both in terms of likelihood and overall impact. It is important that boards receive annual comprehensive reporting from management about the information security risks and incidents, and the actions taken to address […]
    The Five Precepts of IT Vendor Management Webinar-Movie We’re going back to basics on Vendor Management. This webinar will give you a training tool to help out that new person that is starting to take on the gargantuan task that is Vendor Management.
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    The joint cybersecurity advisory includes the 15 most exploited vulnerabilities reported in 2021… An article review.  While a lot of attention is focused on previously undisclosed or “zero day” attacks, some of the most likely attack vectors are vulnerabilities that have been widely known for weeks or even months.  That’s according to a new joint […]