For those of you who have been reading the EiQ Networks blog on a regular basis, you know that one of the most fundamental and unyielding tenets of the security world that we frequently point out is this: functionality and performance always – and we mean always – trump security. For developers of new software products, hardware technologies and the emerging world of IoT, the ability to get to market as quickly as possible is the most important thing a company can do, because it gets them a market position that turns into revenue. Because security isn’t generally perceived by companies that make commercial software and hardware as something on which people make buying decisions, it’s usually relegated to a last-minute “bolt-on”, or simply addressed after vulnerabilities are discovered by users and security analysts after the product is released. Even after disclosure of vulnerabilities, many companies either ignore these findings or back-burner patches and fixes until the next major release of their product. One of the “dirty little secrets” of the industry is that certain, specific vendors (we won’t name names here… but they know who they are) have had gaping holes in their products for months and sometimes even years. Sadly, this behavior among many companies is not likely to change.
Over the past two weeks, the security industry has seen some disclosures (or in one case, a half-disclosure) of vulnerabilities within their products. In at least two of these cases, we know that these vulnerabilities could have led to a significant compromise of data and systems. But what’s really interesting about these two vendors is how they responded to the discovery.
In the story of David and Goliath, an underdog managed to win a contest against a much larger, stronger foe. Looking at the state of information security today, a David-and-Goliath scenario is very much present; except David is the small and midsize business (SMB) market, and Goliath is the marauding horde of attackers, malware and other bad actors trying to break their systems and steal their data. And just like in the biblical tale, SMB organizations are dealing with an opponent who seems impossible to defeat.
Cybersecurity is an ever-changing field. A threat that was huge ten years ago might not even be on the radar today. While it's impossible to predict the future, there are certain trends that will most likely continue into 2017. Let's take a look at some predictions for the new year.
1. IoT-based DDoS attacks
One major threat that is looming on the horizon for 2017 is the use of distributed denial-of-service attacks. While these kinds of hacks have been around for quite some time now, the reason there will likely be a surge in 2017 has to do with the introduction of the Internet of Things.
When planning out a budget for the new year, finding a place for cybersecurity can be difficult. You want to put that money toward new ventures, but you also know that a major breach can forever damage your reputation.
To help those waffling between how much to put into digital defenses, let's review some of the biggest reasons having a plan is worth the time and money.
While credit and debit cards are extremely convenient, they've also opened up a whole new world of fraud. This makes the systems that retailers use to process these payments seem like great targets for hackers, and organizations from every corner of the globe are scrambling to secure themselves against these threats.
One big solution to this has been the Payment Card Industry Data Security Standard. The PCI DSS is a regulatory code that tells companies how they can better defend themselves against attacks levied to steal card data. It's an important tool in the fight against fraud and should be strictly followed.
Many business leaders feel as if IT security should be a service that's kept in-house. While it's true that internal employees do need to be able to take steps to ensure the safety of company data, there are a host of advantages to allowing an experienced outside company to take the reins.
So, what can your organization get out of outsourcing IT security?
1. Your team may not be experienced enough
Although your IT employees are obviously very talented individuals, there's a good chance that cybersecurity isn't their main focus. While these workers surely know a good deal about this topic, it may not be enough to stop an impending cyberattack.
Due to the fact that credit and debit card data can be used to anonymously purchase goods and transfer money online, this information has become highly sought after in the criminal underworld. Hackers are compensated generously for gaining access to these cards, and are therefore motivated to break into the systems that hold them.
But exactly how do these individuals go about getting a hold of this information? Let's dive in:
As more services continue to move to an online environment, the importance of cybersecurity is being emphasized in every industry in the market. That said, certain sectors are feeling the pressure of this concern more than others, with perhaps the best example of this being retail organizations.
The retail world has been repeatedly hit by cyberattacks in the past, and it doesn't look like hackers will be stopping anytime soon. It's imperative that company leaders in this field begin to prepare their businesses for the worst, so let's take a look at some reasons why retailers should beef up their current cybersecurity defenses.
Is your company spending more and more money on trying to keep up with the increased complexity of cyber threats?
You're welcome to be alarmed (it's a perfectly normal response). But don't be shocked. Cybercriminals, who often have plenty of time and resources to devote to their craft, are constantly becoming more sophisticated. And companies typically have to spread their resources out to various departments, limiting their ability to fully secure themselves. Sure, most have IT teams (or at minimum a dedicated IT professional), but that doesn't mean they're completely capable of handling the complexity and vast amount of threats bombarding their servers.