About Us | Contact Us
View Cart

T7 – The Trend of Trends 2018

By Vigilize | Monday, February 19, 2018 - Leave a Comment

The seven best trend articles in 2018 . . .


For ISO’s of small financial institutions.


Sometimes, in spite of seemingly everything changing at an accelerated pace, you find things that are familiar. In Dan’s Magnificent Seven and R7: The Top Seven Risks pieces, for example, you’ll find several new developments of interest to Information Security professionals…but you’ll also find some things, like employees clicking phishing links, to be more familiar. In light of this observation, this year we have decided to use our annual T7 piece to look at how our previously selected trend articles, and the subjects they were based on, have evolved over time.

As we’ve said before in our previous takes on this article (in 2015, 2016 and 2017), it’s important to consider when reading these pieces whether they are discussing current trends or if they’re making predictions. While both kinds of articles can be interesting to read, we try to consider them differently: by basing tactical plans on current trends, and longer term strategies based on predictions.

  1. Internet of Things/Wearable Tech: A perennial favorite in trend articles by ourselves and others, the proliferation of internet connected devices shows no sign of slowing down…and still worryingly few signs of proper security. The continuing inattention to security comes as organizations such as CIO Magazine predict increasing adoption of internet-connected technology in the industrial sector, where equipment often remains in use (and vulnerable to attack) decades longer than in homes and offices.
  2. Encryption: Whether it’s being used by your average consumer to protect their smartphone or by the bad guys to hold your company’s data hostage, encryption and how we implement it is another trend that we’ve been following (and will continue to follow) for years. We are also seeing encryption being employed as a way to reduce certain compliance burdens, in the European Union at least, with new legislation absolving businesses of the requirement to notify consumers about data breaches–as long as the data that was lost was encrypted.
  3. Mobile Malware: In 2016 we looked at the growing trend of malware aimed at mobile platforms, and noted that the once-impervious iOS was starting to see attacks as well. In the intervening two years smartphones have become an even more inviting target, with examples of cryptocurrency-mining malware spotted in the wild. On the Android side, examples of infected applications are easy to come by through the official Google Play store, despite efforts to screen submissions for threats. If that wasn’t enough, experts are warning of the rise of Ransomware-as-a-Service: ready-made kits which allow those with no technical ability to deploy an attack.
  4. Open Source Vulnerabilities: Open Source Software’s ability to be examined by the public is one of its selling points, but that presumes that there will be someone there to examine it: with billions of lines of open source code across thousands of projects, problems can lie in plain sight for years before being scrutinized. Open Source Software must also still be patched in a timely fashion to remain secure, as Equifax recently discovered.
  5. Cloud Security: Data storage and virtualization continue to make computing cheaper, while wireless and wired broadband continues gets faster. Put them together and you have an ever-growing incentive to shift resources to the cloud…but just how well do you know the organization on the other end? Between Software-as-a-Service, Platform-as-a-Service, internet of things devices and data storage, the vast majority of businesses now have at least some of their information in the cloud, making this an increasingly attractive target for financially motivated attacks.
  6. Ransomware: Touched upon in both 2016 and 2017’s installments, ransomware is as big a threat as ever, in part because of how profitable it can be. While experts believe most victims fail to pay their digital hostage-takers, it doesn’t take many ransom payments to make such an enterprise profitable. If that weren’t bad enough, a look at 2018’s tech threats from the MIT Technology Review says such attacks striking major cloud services seem to be only a matter of time.
  7. Password Problems: A problem practically as old as computing itself, the issue of password security is one that offers no simple solution. On the bright side, this means that there’s always a new selection of articles discussing the problems, and their possible solutions, to choose from…but don’t expect to get out of those mandatory password changes any time soon.

 


This article is now a collaboration of several infotex team members.  Original T-7 article concept by Dan Hadaway CRISC CISA CISM, founder and Managing Partner, infotex


same_strip_012513


 

Posted in Articles, Infotex News

Latest News
    Dan’s Semi-Retirement . . . Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . If you follow my blog, you may have already surmised that I am starting to get ready for retirement.  This is actually a result of a long process we have been […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS Dateline: Lafayette, IN, December 5th, 2022 infotex, the Managed Security Service Provider, announces that Dan Hadaway, Founder and Managing Partner of the company for the last Twenty-two years, plans to semi-retire at the end of 2023. Prior to founding infotex in 2000 to serve community banks, Dan Hadaway […]
    A new study highlights the benefits of looking at your network from the other side… An article review. If you were trying to attack your organization’s network, how would you start?  That’s a question you may not have asked yourself, but experts say it’s something that can help you strengthen your security.  That’s according to […]
    Google Ads, Gitlab and OneDrive have been used to distribute the BATLOADER malware… An article review. We’ve always believed that “watch where you click” has always been good advice when it comes to security online, however Microsoft is tracking the spread of malware that has been using legitimate websites to help facilitate its spread, counting […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]
    Thanks for being interested in our Technology Planning Webinars! The 2022 annual webinar update on technology planning includes a review of the previous years’ movies that are available, as well as alternative tactics that have arisen from recent conferences, forums, and industry experience. Feel free to invite your entire technology committee! Click the Button to […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! In the spirit of October and Halloween we have put together a gallery of our “spooky” Awareness Posters at halloween.infotex.com. Use them to help decorate for the holiday! Check […]
    Microsoft, Cisco and Uber are among the companies hit by this new threat… An article review.  As more organizations adopt multi-factor authentication to help safeguard their systems hackers have adapted, and several major corporations have been among those hit by this new style of attack.  This new technique, called MFA Fatigue or Push Spamming, involves […]
    A Webinar Movie This presentation is intended for those who are planning to participate in an infotex incident response test. Please let us know what questions you have, when we have our Plan Walkthrough and Test Plan Approval meeting!