Trends, opportunities and threats

A constant state of war

Guess what? The risks from malware, data breach and other cyber attacks are here to stay. It’s a sobering thought to realise that when it comes to the online world, we’re effectively in a constant state of war. Cyber crime is on the rise – with increasingly sophisticated methods of attack revealing themselves on an almost daily basis. To keep your business safe in 2019, you need to have your security ducks in a row.

The threat landscape is constantly evolving – and it’s increasingly difficult to predict. But in order to stay one step ahead, predict we must. Here’s a look at some of the hot topics for the year ahead.

Outsourced ransom ware – no skills or money needed

First up – Ransom ware. Or ‘a type of malicious software designed to block access to a computer system until a sum of money is paid’ (thanks Wiki).

In itself, ransom ware is nothing new. But like every other threat out there, it’s evolving. You’ve heard of software as a service. How about ransom ware as a service? Rather worryingly, non-technical hackers are now effectively ‘outsourcing’ the task in hand to ransom ware developers, on a no-win no-fee basis. Or to put it another way, creative freelance hackers receive a proportion of the takings as payment for their efforts, with no fee paid upfront. It’s not surprising that many companies keep defence against ransom ware high on their security agenda.

Blockchain – exploit the trust

For the record, blockchain is ‘a growing list of records, called blocks, which are linked using cryptography. It is typically managed by a peer-to-peer network, who follow a protocol for inter-node communication and new block validation.’ You don’t need to use a bank or a middleman to trade in blockchain, you don’t even need to know who you’re dealing with. There is real scope to develop and enhance blockchain methods to actually shore up our security, to properly verify and sign our transactions. With blockchain trust is key, and that in itself can be exploited. Rest assured, the professional cybercriminals out there are doing whatever they can to crack and disrupt blockchain.

Deception technology – a two way street

We’ve all heard of phishing and some of us have even fallen for the fake emails purportedly sent from our banks asking for our account details or our supermarkets offering great bargains. But historically, these have been easy to identify thanks to their relative lack of sophistication. You really need to be on your guard though, because the hackers out there are upping the ante and trying ever more sophisticated ways to con you.

That’s where deception technology comes in – ‘the aim of deception technology is to prevent a cybercriminal that has managed to infiltrate a network from doing any significant damage. The technology works by generating traps or deception decoys that mimic legitimate technology assets throughout the infrastructure.’

It’s becoming an increasing part of cyber security strategy – some companies are trying to beat attackers at their end game by enticing them on to a deception network, flagging up that an attempted attack is underway. Ultimately deception is largely used as a stalling, or rebuttal technique – unfortunately, it very rarely results in finding, prosecuting or incarcerating cyber criminals.

Cloud

Our appetite for cloud isn’t waning. In fact, despite previous hesitation about cloud security, there’s a scramble to use services such as those provided by Rackspace. This is partly cost-related, but a platform like Rackspace offers businesses more secure power, storage, content and other functionality than they can provide themselves.

That doesn’t mean they can give up on their own defences. Cloud security providers such as Rackspace, Amazon, Google etc. take care of security for their physical data centres and the hardware the virtual machines run on, but individuals need to protect their own hardware and applications. So the challenge is ongoing.

Managed security services

One of the ways to address this ongoing challenge is to hand over your entire security operations to a managed security provider. This is a growing trend, especially for SMEs who don’t really require a full time security specialist but who are anxious about keeping their in-house security intact, especially given the growth of complex cyber security threats. Gartner predicts that spending on security outsourcing services will grow significantly this year.

AI – artificial intelligence

What is AI? According to the Oxford Dictionary, ‘AI is the theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.’ Our understanding and definition of AI continues to vary, and people are genuine concerned about robots taking their jobs. But detailed research about AI is largely reassuring – robots are likely to enhance rather than take over the workplace. And when it comes to security, the word on the street is that AI will help us deal with an increasing volume of security threats. It’s not just about identifying the threats – AI can help trigger programmed incident responses, even on a quite basic level.

On the flip side, cyber criminals can – and do – use AI to maximise the efficiency of their attacks, find vulnerabilities and improve their phishing campaigns.

Upskilling

There’s a well-documented talent shortage in cyber security. It’s taken a while for the focus to shift from seasoned analysts to new talent but things are changing. The world of cyber crime is a fascinating one, and the experience of thwarting a criminal attack can heady. Enthusiasm for the job may be more important than experience; in fact it’s often behind the selection of an individual as a potential network security analyst.

Security by design

One response to the constant state of cyber war that companies increasingly find themselves in, is to take their security concerns into account when developing, purchasing or integrating software and hardware. Security as a fundamental component – ahead of firewalls and anti-virus – is becoming embedded in design, rather than being tacked on to legacy infrastructure. Systems integration requirements are far more strongly focused on security from the start.

Contract Insight from Four

This is where Contract Insight – our contract management software – comes in. Contract Insight is a state-of-the-art contract management software tool that is easy to use, simple to install and reduces your total cost of contracts. It offers multi-level cyber security from the start, to protect your contract records and documents. Additionally, it’s infinitely flexible when it comes to in-house security, with access control allowed by person, group, location, business unit or companywide.

In detail

• It’s a Windows PC based contract management software solution, with systems hosted on Microsoft Internet Technologies, utilising Windows Servers, .NET technologies and Microsoft’s MS SQL Server Database to store and retrieve data faster and more reliably.
• Security features include dedicated firewalls, monitored ports, monitored logs, backups, failover facilities, private web, private databases and server scans; all with username and password authentication.
• Contract Insight Enterprise can be either installed on your company’s servers or hosted as a Cloud-based SaaS solution. On-site help is available from our team, or you can allow Four Business Solutions to manage the solution via our cloud deployment. Either way, the result is an extremely high level of security, suitable for most organisations.
• Our cloud solution fully complies with ISO 27001 certification (Information Security Management Standard), and we keep our standards fully up to date.

If you’d like a free trial to understand how Contract Insight can boost your cyber security, please call us on 0800 6250 025.

One final thought

Today a lot of our security processes are based upon the intelligence of machines, and the intelligence of humans remains silo-ed to a greater or lesser degree. IT professionals in general and security professionals in particular continue to be suspicious of sharing their ideas and their successes at repelling cyber attacks with their counterparts at rival companies.

Threat intelligence sharing could make all the difference to our success at repelling cyber attacks but it’s still predominantly intellectual property. Which is good news for all the hackers out there.

John O’Brien is CEO at Four Business Solutions, global business consultants and software integrators providing business processes improvements in Finance, Supply Chain & Operations, across a broad range of industries.