Is it just us, or does it seem online hacking crimes are on the up?
It was only last week that The Guardian reported the entire US political system was ‘under attack’ by Russian hacking. This following on from the news being awash with Russian hackers acquiring and posting the private medical notes of Olympians.
Or, maybe it is just the Russians?
Whatever the movement, you can ensure the cyber security industry as a whole battles relentlessly to stay ahead of the bad guys through constant innovation and knowledge sharing. Here, in an attempt to balance out the recent swarm of unnerving news, we look at the key advancements that keep our digital world safe.
Easier (and more) encryption
We spoke to Security Researcher Scott Helme to ask his thoughts on the biggest development in IT Security over the last year. “For me this would have to be the launch of Let’s Encrypt, the free Certificate Authority that is now bringing encryption to anyone on the web who wants it”. Let’s Encrypt launched in April this year and it provides encryption via an automated process, which is designed to eliminate the current complex process of manual creation.
Essentially, it lowers the barriers for regular web users to help safeguard their online space. “Since their launch there has been a notable and proven increase in the rate of adoption of encryption which is likely due to the certificates being free and easy to obtain”.
Great stuff, but will they really protect us?
“With the ease and availability for the bad guys to obtain certificates comes the inevitable rise of malicious websites using HTTPS too”. Scott feels user education is required as a prevention mechanism; “Unfortunately there isn’t much that can be done to prevent this and users will need to continue to be on their guard for phishing emails that contain links to hostile websites. Do not use a green padlock and HTTPS in the address bar as an indicator that the website is ‘good’.”
Improvements in tools
Now, as opposed to the last couple of years, detection occurs more in the form of looking at unusual events on the whole. We have moved beyond simply being able to detect simple individual mishaps to more general occurrences that are out of character of the organisation. Companies now store and analyse billions of events a day that not long ago would have stored the world’s entire collection of digital content. This has allowed cyber security experts to evaluate the bigger picture by highlighting issues that don’t simply fall into a predetermined box. In short, tools are a lot more intelligent.
Quicker, more regular patching
Patching and updating is critical as you are never going to eradicate all potential future bugs first time around. Within the last decade we have seen patching updates go from about once a year, taking about a week or more, to at least once a month. Venders who aren’t regularly patching simply won’t survive.
The increase in awareness for the need to patch has now got to the point that hackers hardly ever target these previous vulnerabilities.
With the great advancements, we asked Scott what he sees as the biggest threat to IT Security over the next couple of years. “Complacency”, he said. “Organisations need to start taking a more proactive approach to security rather than the very reactive approach we regularly see with large cyber attacks in the headlines.”
To help businesses protect themselves from these threats we caught up with Javvad Malik, an IT security expert who was recently named 17th in the “Cyber Security and InfoSec: Top 100 Influencers and Brands”. He explains what small business owners should do if a dreaded security breach does strike.