A new year with new challenges in the security, networking and data protection
2018 has only just started and with Meltdown & Spectre the tone is set immediately. They literally call this "starting with a bang! We are sure that none of the thought leaders and other predictors expected 2018 to be the year of vulnerabilities in processors.
Undoubtedly we will see a number of similar vulnerabilities in the coming months. If that happens, we will assist you in word and deed.
What about the rest of 2018? SpotIT Security Team has joined forces and summarized what we see as important focus factors for most clients.
On the 25th of May the General Data Protection Regulation (or GDPR) will be initiated. This regulation will be an important evolution for companies, organisations and government services in the field of data protection of citizens. Many companies are working hard on the preparations to implement the various measures: mapping personal data, making them more secure, appointing a DPO if necessary, etc.
Meanwhile, the establishment of the Belgian Data Protection Authority (DPA) became official. The DPA is the successor of the Privacy Commission with a new structure and more authority.
It looks as if the DPA will share a lot of information about the approach for companies and the impact of GDPR in general in the following weeks. It is certainly worth following these publications.
The employees at SpotIT are no pessimists. Our wool is a little too dyed for that. We do expect that examples will be given at the beginning of GDPR. The advice is to respond proactively to the legislation and to take care of the data entrusted to you as a good family father.
For the record, we are not talking about BitCoin, LiteCoin, Ethereum, or other so-called cryptocurrencies. We are talking about the underlying technology that is interesting for transparency and security in the supply chain, for concluding and managing contracts, and for any transactional activity between entities (B2B and B2C).
A distributed ledger comes with specific risks and security requirements and the knowledge around it is still in its infancy. What about personal data "on a blockchain"? How do you protect the ledger? These are all questions to which we will receive more answers in 2018.
We do not like to participate in the so-called buzzword bingo. Mobile applications, Internet of Things, open source security, software supply chain, ... Today's world runs entirely on software and it goes without saying that we ensure that it is as secure as possible. The implementation of a Secure Development Lifecycle and the training of developers is an important step in this. We also need to pay attention to the external code we add to our applications. More and more external software components are being reused by many companies, often without the necessary review and documentation. These components can contain vulnerabilities that are exploited by attackers. It is essential to pay attention to this during the test phase of a development process.
Where in the past it was sufficient to perform a risk assessment once a year, we now live in a world that is constantly changing when it comes to security. That is why we see companies evolve towards an approach in which risks are constantly evolving. Risks are no longer expressed in High, Medium, and Low. Companies should take information security into account as a necessary component in their decisions. A thorough security strategy that is supported by the entire organization is essential. Risk management is no longer a function in a dark corner of IT Operations but a fundamental decision factor of an organization.
Malware and Ransomware
2018 will undoubtedly bring with it another stream of new malware variants. The same technologies that enable our organizations to innovate are used by attackers to achieve efficiency in their practices. We see this through the use of free SSL/TLS certificates (e.g. LetsEncrypt), but also through the use of mainstream cloud services (Amazon Web Services, Azure, Google Cloud, CloudFlare, ...). Where we also saw an advance in malware customization in recent years, 2018 will undoubtedly produce the first malware families that use Artificial Intelligence and Machine Learning. This will undoubtedly lead to more effective malware. On the "defence side" we focus on building and improving the capabilities to detect and classify attacks. At the same time, we provide the means to react efficiently when networks are attacked.
2018 will be another exciting and challenging year. SpotIT is already prepared to assist you in all your security & network projects with vision, experience, and knowledge, but especially with a pragmatic enthusiasm.
Time to talk?
Do you want to know how your security and network are doing?
With an in-depth audit we map out your security challenges and your entire network.