In 2017, some of the worst data incidents of recent years have occurred. Whether Equifax, Uber or Maersk, organizations have had to admit, sometimes too late, that their customers’ personal data have been stolen. To some extent, companies’ tactics to cover up the incidents have seemed almost as criminal as the data theft itself. All industry insiders and security software companies that dare to make forecasts for the coming year agree that ransomware in particular seems to be developing into a threat that companies cannot currently handle.
A Virtual Private Network (VPN) is a useful tool that encrypts data before it passes across the public Internet and then decrypts it when it reaches its destination. Rather like shutters on the windows of a house, it shields what goes on inside even though the outside can be seen by everyone in the street. The process, often referred to as tunneling, is particularly useful for businesses whose workers have to use the Internet in public places like coffee shops or airports. It is also helpful for those who want to keep confidential customer information or intellectual property safe from the prying eyes of hackers and spies. In 2017, the U.S. Trump administration overturned regulations preventing ISPs from making money from users’ browser data. At the same time in the UK, the Investigatory Powers Act served to increased government surveillance of Internet activity in response to a heightened threat of terrorism. Both led to a surge in interest in VPNs. A VPN is an established technology that has traditionally been seen as the province of technical specialists. Perhaps because of this, and in spite of VPN services becoming easier to deploy, a number of enduring myths persist.
Two of the biggest technology trends today – IoT (Internet of Things) and M2M (machine-to-machine) communications – are changing the business world beyond all recognition.
Companies of all sizes, from major manufacturers to small-and medium-sized services companies from all sectors, now have a golden opportunity to derive new revenue streams from managing and servicing their customers’ equipment remotely.
According to leading industry analysts, the IoT market already accounts for hundreds of billions of dollars in 2017 – a figure that is set to be in the trillions by 2021. But new research reveals IoT is also a major headache for enterprise everywhere because of limited information and inadequate security measures. Legislators in the U.S. and in Europe are working to bring in standards compelling designers to do more to make their devices secure. But the signs are that even then they may be limited in scope. The good news at least is that remote connections can be reliably secured so that M2M communications remains private and confidential using virtual private networks (VPNs).
Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.
A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.
Sometimes it’s hard to believe the stories we read. In the case of CEO fraud incidents, cybercriminals earn double-digit sums in the millions by persuading employees that they are acting on behalf of the CEO or another senior manager. Employees then transfer the required amount to an alleged account of a partner or supplier, based only on an e-mail or telephone request without seeking reassurance. CEO fraud follows a similar method to telephone cons targeting the elderly but causes significantly higher financial damage. In mid-2016, an international network was unraveled which was alleged to have earned USD 60 million through the cybercriminal methods of Business Email Compromise (BEC) and CEO fraud. Similar attacks are now occurring on a daily basis in Germany, with similar dramatic consequences.