About Us | Contact Us
View Cart

T7 – The Trend of Trends 2018

By Vigilize | Monday, February 19, 2018 - Leave a Comment

The seven best trend articles in 2018 . . .


For ISO’s of small financial institutions.


Sometimes, in spite of seemingly everything changing at an accelerated pace, you find things that are familiar. In Dan’s Magnificent Seven and R7: The Top Seven Risks pieces, for example, you’ll find several new developments of interest to Information Security professionals…but you’ll also find some things, like employees clicking phishing links, to be more familiar. In light of this observation, this year we have decided to use our annual T7 piece to look at how our previously selected trend articles, and the subjects they were based on, have evolved over time.

As we’ve said before in our previous takes on this article (in 2015, 2016 and 2017), it’s important to consider when reading these pieces whether they are discussing current trends or if they’re making predictions. While both kinds of articles can be interesting to read, we try to consider them differently: by basing tactical plans on current trends, and longer term strategies based on predictions.

  1. Internet of Things/Wearable Tech: A perennial favorite in trend articles by ourselves and others, the proliferation of internet connected devices shows no sign of slowing down…and still worryingly few signs of proper security. The continuing inattention to security comes as organizations such as CIO Magazine predict increasing adoption of internet-connected technology in the industrial sector, where equipment often remains in use (and vulnerable to attack) decades longer than in homes and offices.
  2. Encryption: Whether it’s being used by your average consumer to protect their smartphone or by the bad guys to hold your company’s data hostage, encryption and how we implement it is another trend that we’ve been following (and will continue to follow) for years. We are also seeing encryption being employed as a way to reduce certain compliance burdens, in the European Union at least, with new legislation absolving businesses of the requirement to notify consumers about data breaches–as long as the data that was lost was encrypted.
  3. Mobile Malware: In 2016 we looked at the growing trend of malware aimed at mobile platforms, and noted that the once-impervious iOS was starting to see attacks as well. In the intervening two years smartphones have become an even more inviting target, with examples of cryptocurrency-mining malware spotted in the wild. On the Android side, examples of infected applications are easy to come by through the official Google Play store, despite efforts to screen submissions for threats. If that wasn’t enough, experts are warning of the rise of Ransomware-as-a-Service: ready-made kits which allow those with no technical ability to deploy an attack.
  4. Open Source Vulnerabilities: Open Source Software’s ability to be examined by the public is one of its selling points, but that presumes that there will be someone there to examine it: with billions of lines of open source code across thousands of projects, problems can lie in plain sight for years before being scrutinized. Open Source Software must also still be patched in a timely fashion to remain secure, as Equifax recently discovered.
  5. Cloud Security: Data storage and virtualization continue to make computing cheaper, while wireless and wired broadband continues gets faster. Put them together and you have an ever-growing incentive to shift resources to the cloud…but just how well do you know the organization on the other end? Between Software-as-a-Service, Platform-as-a-Service, internet of things devices and data storage, the vast majority of businesses now have at least some of their information in the cloud, making this an increasingly attractive target for financially motivated attacks.
  6. Ransomware: Touched upon in both 2016 and 2017’s installments, ransomware is as big a threat as ever, in part because of how profitable it can be. While experts believe most victims fail to pay their digital hostage-takers, it doesn’t take many ransom payments to make such an enterprise profitable. If that weren’t bad enough, a look at 2018’s tech threats from the MIT Technology Review says such attacks striking major cloud services seem to be only a matter of time.
  7. Password Problems: A problem practically as old as computing itself, the issue of password security is one that offers no simple solution. On the bright side, this means that there’s always a new selection of articles discussing the problems, and their possible solutions, to choose from…but don’t expect to get out of those mandatory password changes any time soon.

 


This article is now a collaboration of several infotex team members.  Original T-7 article concept by Dan Hadaway CRISC CISA CISM, founder and Managing Partner, infotex


same_strip_012513


 

Posted in Articles, Infotex News

Latest News
    Employees working from home may find it more difficult to follow security policies… An article review. The surge in employees working from home during the pandemic created many headaches for IT departments around the world, many of whom had no telecommuting policies or procedures before the start… but what about the employees who had to […]
    A Webinar-Movie infotex presents the 2021 update of a previously released webinar presented by our Lead Non-Technical Auditor, Adam Reynolds. This movie-short is intended for those who are planning to participate in an infotex Incident Response Test. Not sure about the importance of an Incident Response Test? Check out onetest.infotex.com for more information! Please let […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS INFOTEX PROMOTES BRYAN BONNELL TO DIGITAL MEDIA MANAGER infotex, the Managed Security Service Provider, announced Bryan Bonnell’s promotion from Senior Data Security Analyst to Digital Media Manager.  “He will continue his normal DSA duties on a limited basis, because we want everybody to stay in touch with […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS RYAN HENSLER OF INFOTEX, EARNS CISSP CERTIFICATE Ryan Hensler, Senior NOC Associate of infotex, Inc., recently received the CISSP certification. “Ryan has proven himself to be a seasoned security professional both in his work for infotex and now through achieving this certification.” said Sean Waugh, Information Security Officer. […]
    Dubious app store subscriptions bring in hundreds of millions of dollars in revenue… An article review. When it comes to malicious applications you’re probably familiar with things like malware and ransomware, and you have ways to avoid them.  Modern desktop and smartphone operating systems have built-in malware detection tools, and some web browsers even automatically […]
    Another Manifesto A supply-chain manifesto by the author of Never Say Never: A Password Manifesto! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . [Sssshh.  Turn out the lights.  Let’s lower our inner voices, as I have something to propose that might be a bit […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    While malware and security exploits continue to make headlines, the majority of reported security incidents involve phishing… An article review. With all the attention given recently to security incidents involving software exploits and high-profile malware attacks, it would be easy to believe that they represented the most likely incidents you may encounter in the wild.  […]
    Implementing Protective DNS could help your organization avoid attack… An article review. Noting the risks still associated with the Domain Name System (DNS), the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidance on the selection and use of a Protective DNS service (PDNS). The guidance, released in […]
    A Webinar-Movie In 2018 the NCUA started reviewing credit unions with $1 billion or more in assets using a tool known as the Automated Cybersecurity Examination Tool, or ACET. The expansion to smaller credit unions is inevitable. In the new year, credit unions should now think about how they can come into compliance with the […]