Cyber security was a huge topic in presidential platforms during the election. It remains one of the most important issues in America today. You don’t have to be political to see that the need for secure solutions for handling sensitive information is increasing. We’re going to take a look at what went wrong in 2017 and how 2018 might be different.
Cyber Security threats in 2017
Last year, corporations faced some of the biggest security breaches we have ever seen. Yahoo’s revelation that all of their user account data had been stolen was jarring, to say the least. Three billion user accounts were hacked in 2013. Yahoo was unaware of the extent of the breach until 2016 and didn’t report it until last year. That was nothing compared to the massive Equifax security fiasco. 145 million user accounts were discovered by the criminals, but because of the nature of the sensitive information, this attack was considered much worse than Yahoo’s. Hackers discovered exposed social security numbers among the compromised data.
Government breaches were just as damaging in 2017 and 2016 as corporate hacks. Both government-run Amazon Web Servers and Windows servers were accessed by criminals. GOP voter registration was stolen and disseminated by hackers. And the NSA (what some would assume is among the most secure US government agencies) reported that an anonymous group of hackers had stolen key hacking and anti-hacking tools used by the NSA and the CIA. A second group of cyber criminals then turned around and used these tools as ransomware to trick businesses and hold their files hostage.
Cleaning up after 2017’s mess
Neither Yahoo nor Equifax claim to know who was responsible for their data breaches. As for the government breaches, in some cases hackers have taken credit and in others the agency has released information about the suspected parties. When Uber was hacked in 2016, they were able to track down the criminal and offer them a significant bonus as a sort of “bug bounty”, normally awarded to benign third party coders. This turning a breach into a bounty has been seen as an attempted cover-up. Obviously, the best way to deal with a data breach is not to sweep it under the rug. And most companies and organizations do not have the cyber security or hacker hunting resources of a federal agency.
Predicting the unpredictable for 2018
As we march into 2018, several new technologies and trends take shape as the year’s big hits. Among the most popular advancements is the Internet of Things, a broad concept that fits easily into many companies’ plans for this year’s growth. It is tempting smart switches and smart speakers to make one’s home or workplace more high-tech and luxurious for clients. Or making your software accessible via laptop, desktop, tablet, phone, and MFP. But with so many devices accessing and operating over the web, there are that many more possibilities for hacking attempts.
Private data is already a hot topic this year, with the General Data Protection Regulation (GDPR) coming out of Europe. These rules not only affect countries in the EU but also any country that does business with EU citizens and manages their private information. Obviously, the GDPR was instituted as a way to safeguard the European Union’s own citizens in light of last year’s overwhelming data breaches. Companies will now have to navigate these guidelines moving forward and put content security first.
What can be done to prevent future attacks?
Blockchain is going to be a significant too for information security in this year and many to come. The technology that runs most cryptocurrency is receiving a lot of buzz. If you apply the blockchain principle to file tracking and auditing, as well as authentication, you solve multiple problems at once. Many companies and agencies are already working on ways to implement this technology in their current architecture.
Despite Uber’s mishandling of their breach, bug bounties are encouraged. By incentivizing hackers to sell their findings back to the company legally rather than ransoming information, security researchers argue that exploiting breaches will become less valuable. Large businesses handling personal data will have the GDPR to answer to if they mess up significantly.
Whether a large or small business, or somewhere in between, it is wise to spend time on choosing a respectable content service or content management solution with which to manage sensitive information. The right content management services will encrypt files both on the server and from the station where you are accessing them. ECM solutions built to protect will create audit trails, employ special permissions, and allow administrators to construct workflows to handle sensitive data appropriately.