2017 was a big year in terms of cyber security — or should I say cybercrime. It was the year of cracked Wi-Fi Protected Access II (WPA2) security protocols, named KrackAttacks, ransomware outbreaks like Petya/NotPetya/EternalPetya and the even bigger WannaCry and data breaches like the massive one of Equifax.
All of those is business as usual for our cyber security experts at SBA (Sustainabuild Alliance) and CSOs around the world. Our goal is to emphasize the importance of a good cyber & networking security strategy which is always starting with the education of people/employees before technically rolling it out.
With 2018 now being a few days old, we should have a look at this year’s challenges ahead of us and what their impact might be.
Internet of Things (IoT)
The hype around IoT, smart devices and Industry 4.0 is still unbroken with more and more vendors offering devices which are connected with other devices and of course the world wide web. Unfortunately, most of those devices aren’t secure or the vendors roll out new security features only by update — or in worst case just with a completely new device, leaving the early adopters with an insecure device.
This scenario isn’t just for end users & consumers but also for companies that don’t want to be left behind in a moving world of digitalization. Big players like Siemens already prepared themselves but with a massive base of small and medium sized businesses (SMBs) new to digitalization there will be new incidents for sure.
With WannaCry being the biggest ransomware outbreak in history, it wasn’t the only ransomware attack in 2017. There were plenty of others. Even though the majority of tech-savvy people thought ransomware isn’t that effective anymore these incidents have proven them wrong. The size of this attack has been enormous showing everyone that it’s not only important to protect the company’s servers but also the endpoints aka clients (i.e. laptops, smartphones, etc.). And more importantly, educating users to prevent social engineering. The combination of a great firewall, advanced malware protection & endpoint protection plus good end user training will improve the IT security in companies tremendously. This factor is especially important for companies with valuable intellectual property as there’ll be more targeted ransomware attacks.
Meltdown and Spectre — Processor Architecture Flaws
These two processor architecture flaws are just a few days old — or out in the public. Discovered by the team of Google Project Zero and independent researchers, Meltdown allows other processes to read private kernel memory and only Intel processors are affected. Spectre affects all other major processors — manufactured by Intel, AMD and ARM — and allows user-mode applications to extract information from other running processes. Both attacks allow information leakage and can even be the start to some massive exploitations and breaches when used by criminals in the cyberspace.
General Data Protection Regulation (GDPR)
Trying to give control back to citizens and residents over their personal data, the General Data Protection Regulation (GDPR) will be a huge challenge not only for companies but also states inside the European Union (EU). From 25 May 2018 it will be enforceable and comes with a two-year transition period. So far, Germany is the first & only EU Member state to enact new Data Protection Act to align with the GDPR. Other countries haven’t began yet to align their state-level data protection acts which is leaving companies in the dark and a potential grey-zone.
One if not the most hyped and talked about technology in 2017 was the Blockchain. The term pops up almost every time when someone talks about Bitcoin or cryptocurrencies in general. The technology has great potential but unfortunately it’s still “new” and according to a new Forrester report, there are bugs & risks caused by quantum computing.
While the immutability of blockchains make them natively more secure than any other networking technology it’s the software and cryptography dependency which can cause some serious issues in the future. Software vulnerabilities, code exploits and not established/proven algorithms are the number one target inside the blockchain technology.