“How safe is my organization?” That’s the question many IT leaders will be asking themselves as the new year approaches. While an IT infrastructure health check can shed some light on areas needing security improvement, some executives may not want to perform or pay for one. For these organizations and others, there are a few trends to watch for and some security tactics to consider for 2019.
Six IT Security Factors for 2019
1. Organizations Embrace Multi-Factor Authentication
Single-factor authentication (SFA), which requires nothing more than one password to access an account, no longer has a place in a world where we are constantly under attack by cyber criminals. Far too often, individuals use the same or similar password across dozens of accounts, making it extremely easy for hackers to gain access to sensitive information. Moving forward, more organizations will embrace multi-factor authentication (MFA), which requires two or more of the following to access an account:
Something you know. This may be a password or PIN number.
Something you have. This is a server-generated, one-time code given to a user that must be keyed into the device being accessed.
Something you are. This consists of fingerprints, facial recognition, eye scans, and other biometrics.
A recent survey reveals that 38% of large corporations and 62% of small to mid-size organizations do not currently use MFA, arguing that extra layers of security means extra layers of complexity that could burden the infrastructure or staff. Expect this figure to change by the end of this decade as companies decide it is worth it to offset the risk of data breaches.
2. Government and Healthcare Get Serious About Compliance
2018 was a bad year for both healthcare data breaches and government data breaches. Hackers love these industries due to the sheer amount of data they possess, and the likelihood of securing ransom demands (after all, lives may be at risk, which often forces an organization’s hand). Many breaches, however, are not the result of a malicious attack, but the result of human error. The Health Insurance Portability and Accountability Act (HIPAA) and the Criminal Justice Information Services (CJIS) division of the FBI have put organizations on notice, letting them know that compliance with regulations is mandatory—no excuses—and that those found in violation will face harsh penalties.
Consider this: A recent attack on the California-based Gold Coast Health Plan (GCHP) exposed the personal records of 37,000 individuals; even at the low end of the HIPAA fine spectrum ($100 per record), the breach could cost GCHP $3.7 million. But compliance regulations are always evolving, and they can be difficult for organizations to keep up with. So, to ensure they remain current, many will be looking to a reputable cloud provider that offers compliance in these areas.
3. Organizations Adopt the 3-2-1 Backup Rule
Organizations are wising up to the fact that it’s no longer a question of if a disaster will strike, but when. To be proactive, more and more are expected to heed the 3-2-1 backup rule, which states:
3 copies of data should be maintained. This involves a primary plus two backups.
2 independent storage mediums should be used. This may include an internal hard drive, plus a removable medium (tapes, external hard drives, or a USB) or two internal hard drives stored at different locations.
1 backup copy should be stored offsite. Physical separation between copies (often with one back up in the cloud) is ideal and protects against physical security threats.
4. The Internet of Things Brings New Challenges
It wasn’t that long ago when we only had to worry about the security of our computer and our smartphone. Now, the Internet of Things (IoT) is connecting—or at least, has the potential to connect—just about every device we use, from our cars to our coffee makers. By 2020, it’s estimated that tens of billions of devices will be connected. But all this connectivity can raise security issues, leading many to believe that 2019 will be the year that major challenges come to light.
Expect companies leading the IoT charge to take the security threat more seriously by thoroughly investigating vulnerabilities. As a consumer, prepare to do your research before installing connected devices to every piece of your world.
5. Business Email Phishing Increases
While some people still take the bait when it comes to phishing emails, many have wised up to these deceptive emails and know many of the telltale signs, including:
Poor spelling and grammar
Links that don’t match text
An odd sense of urgency
But, phishermen aren’t going to give up that fast. Instead, their emails have grown more sophisticated, and today the biggest phishing threat is Business Email Compromise (BEC) phishing. Rather than send out bulk emails posing as a Nigerian prince, for example, these emails target specific individuals, and are designed to look like they were sent by someone the recipient knows, or is at least familiar with. This gives people a false sense of security, and often leads them to click a malicious link or attachment.
6. Cryptojacking Reaches Record Levels
Ransomware will continue to haunt organizations for years to come, but as more and more refuse to give-in to ransom demands, cyber criminals will look for new ways to achieve financial gain—and they’ve found it through cryptojacking.
Cryptojacking is the secret use of a computing device to mine cryptocurrency by stealing a computer’s processing power. Most users won’t notice anything unusual except that their computer might be running a little slower, or the fan might be working a bit harder. The longer a cryptominer can remain undetected, the more illicit cryptocurrency it can mine. This leaves the victim bearing the costs (like electricity) that are necessary to mine cryptocurrency, and the criminals get away with the tokens. From 2017 to 2018, cryptojacking incidents rose from 1.9 million to 2.7 million, and there’s no reason to believe it won’t continue to increase.
Those are just some of the IT security threats and trends expected in 2019. We’ll continue to post forward-thinking stories to get you geared up for what’s to come next year. If these security issues have you concerned or wanting to learn more, contact the IT experts at DSM today.