THIS year has been another busy year in the infosec market, with fresh developments changing the priorities for many practitioners and their clients alike.
To give you an idea of what progress has been made and what new challenges have appeared, here is a look at the trends that defined the past 12 months.
Cloud Growth Shapes Security Policy
The popularity of cloud-powered platforms, especially SaaS (software as a service), has given businesses a different set of priorities when it comes to data security.
In most cases, offloading data to the cloud can make it more secure, since providers can spend more on protecting it than the individual organisations that use their services. However, there are good and bad approaches to security in this context, which is why it pays to be discerning rather than simply looking for the lowest price platform.
Specialist firms like Fidus Infosec can empower smaller businesses that are thinking about migrating to the cloud but are cautious about choosing a vendor as a result of security concerns.
The Internet of Things Poses Problems
The convenience of having a web-enabled fridge, security camera, smart speaker and even lighting system is obvious to consumers and commercial users alike. However, with more and more devices joining the Internet of Things (IoT), the potential for widespread exploitation by cybercriminals is growing.
Stats show that 80 per cent of connected devices are not properly secured, with almost a third of people showing a reluctance to take steps to address this.
The IoT is especially problematic because it can be harnessed to create world-spanning botnets capable of running spam email campaigns and carrying out DDoS attacks which can hobble internet access for entire nations.
Supply Chain Exploitation Grows
Some savvy cybercriminals have been bypassing the information security efforts of businesses and consumers by going to the source of the hardware and software they use, rather than waiting until later to launch their attacks.
Compromising code and kit within the supply chain, before it has even reached the end user, gives hackers an immense level of power and control with relatively low risk of being detected, let alone stopped.
This has caused many companies to rethink their procurement strategies and to take more care when choosing which hardware and software firms they use, rather than assuming that a freshly purchased piece of kit or a newly installed platform will be free from malicious entities from day one.
Accidental Exposure Proliferates
Organisations which are tasked with keeping sensitive information safe not only have to worry about how they use the data internally, but also how any third party partners who have access to it handle security. 2018 has seen an unfortunate spate of data exposure incidents in which leaks have occurred effectively by accident, with private info erroneously turning up on public platforms.
Addressing defects like this is relatively straightforward, but still creates a lot of embarrassment for those involved and could harm the reputation of a business just as much as a genuine breach. Add to that the fact that there is uncertainty hanging over whether or not the exposed data was snatched by malicious outsiders and this is clearly something that creates a lot of consternation in the information security community.
Ransomware Remains Rampant
One of the most devastating types of malicious software that has spread internationally this year is ransomware. Organisations and individuals have had to fork out huge sums to get data unlocked after an infection, which only gives criminals more incentive to push their campaigns further.
Like the other trends mentioned above, ransomware does not look set to disappear any time soon, so knowing about its existence and understanding how to avoid it will put innocent parties in a better position.
