Throughout the globe and every day, individuals are inundated with cyber-attacks. Nearly in every single place on the planet, no one is spared; companies, governments, and people are singled out by cybercriminals.
Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them, while others use computers or networks to spread malware, illegal information, images or other materials. The age of cyber warfare is upon us, and the threat of cybercrime to businesses continues to multiply by the day. Simply having cloud antivirus is no longer enough. The imperative to defend is stronger than ever. But what are the likely implications for 2020, and what new cards do cybercriminals hold in their deck?
How often do cyber-crimes take place?
According to McAfee’s Economic Impact of Cyber Crime (February 2018), cybercriminals adapt at a fast pace. The scale of malicious activity across the internet is quite astounding. The figures are frightening on a monthly or yearly scale, let alone daily! Cybercriminals are constantly finding new technologies to target victims. With the introduction of Bitcoin, payment, and transfers to/from cybercriminals are untraceable. The cyber-attack effect can be very devastating, as you can lose financially. Sometimes you lose the trust and loyalty your customers rely on you. The huge loss is why every hand has to be on deck to make sure we fight cyber-crimes to their knees by 2020. You may not have experienced the desolation from cyber-attacks because you were not a victim. You may be the next target, so for this reason, the following strategies are what you need to put in place to stop the activities of these cyber attackers.
Strategies for 2020
- Blockchain technology
Blockchain, which began to emerge as a real-world tech option in 2016 and 2017, is poised to change IT in much the same way open-source software did a quarter-century ago. And in the same way Linux took more than a decade to become a cornerstone in modern application development, Blockchain will likely take years to become a lower cost, more efficient way to share information and data between open and private business networks. Based on a peer-to-peer (P2P) topology, blockchain is a distributed ledger technology (DLT) that allows data to be stored globally on thousands of servers – while letting anyone on the network see everyone else's entries in near real-time. That makes it difficult for one user to gain control of, or game, the network. A blockchain is, in the simplest of terms, a time-stamped series of immutable records of data that is managed by a cluster of computers not owned by any single entity. Each of these blocks of data (i.e. block) is secured and bound to each other using cryptographic principles
We know that the volume of data being created is increasing, but it will surprise most people to discover how rapidly data is being created in 2019. It has been mooted that 90% of all the data that has ever been created globally has come into existence in the past two years and that potentially ten times the volume of data that exists today will have been created within the next two years. At that same pace, we could see 100 times the volume of data in existence in four years.
For most people who have heard of blockchain, it is about cryptocurrencies, and more specifically Bitcoin. And the media narrative surrounding Bitcoin is often negative. It is often portrayed as the currency of choice for the dark web and a facilitator of criminal activity online such as the Silk Road illegal drug distribution ring. In particular, critics state that the ability to pay anonymously is the major difference between cryptocurrencies and fiat currencies, so it’s the only benefit would be to conceal who is transacting and avoid prosecution. The lack of global regulation of cryptocurrencies is also a significant concern; many jurisdictions have no cryptocurrency regulation at all, and where there is regulation this varies widely between jurisdictions. So making the case that blockchain is a tool to help prevent financial crime rather than being the facilitator of it is problematic. That case begins by stating that cryptocurrencies are constructed using a blockchain, but that blockchain has far more use cases than supporting cryptocurrencies. Where a strong-willed hacker may attempt this almost impossible feat, some other features of the blockchain ensure your information remains secure. Unfortunately for any would-be hacker that may wish to attempt hacking your records, they are secured through cryptography.
- VPN technology
Virtual private networks, or VPNs, extend the reach of LANs without requiring owned or leased private lines. Companies can use VPNs to provide remote and mobile users with network access to connect geographically separated branches into a unified network and enable the remote use of applications that rely on internal servers. One of the most common types of VPNs used by businesses is called a virtual private dial-up network (VPDN). A VPDN is a user-to-LAN connection, where remote users need to connect to the company LAN. Another type of VPN is commonly called a site-to-site VPN. Here the company would invest in dedicated hardware to connect multiple sites to their LAN though a public network, usually the Internet.
Wireless connections, especially public access points, are particularly vulnerable to sniffers, or computer programs that are used to decode data to make it readable. This includes places that offer free Wi-Fi, such as airports, hotels, and coffee shops. VPNs like News hosting can be an invaluable tool for taking a proactive approach to protecting yourself against cybercrime. When making online bank transactions or sending private e-mails, especially using a wireless network, sensitive information can easily be obtained by individuals with a little cyber know-how. VPNs help to prevent this situation by encrypting any information you send over the Internet. Even if a hacker can obtain some of the pieces sent through the network, the heavily encrypted information will be completely useless to them. This extra layer of protection goes a long way toward protecting your sensitive data.
A VPN encrypts, or scrambles, data so that a hacker cannot tell what a person is doing online. Essentially, a VPN makes a type of tunnel that prevents hackers, snoopers, and internet service providers (ISPs) from looking at your instant messages, the browsing history, credit card information, downloads, or anything that you send over a network. This tunnel cannot be penetrated, and your transmissions cannot be viewed. Connecting to secured internet access with VPN is easy. First, you will need to connect to your company's system similar to how you would with a free wireless network. Then you will start up a VPN connection based on the set VPN server for your company. This is usually done if you have free or paid software. Once done, you are already in a safe and secure internal network for your work.
No matter where you use your device, you're at risk of a data breach. Unencrypted data is very vulnerable, as is any info that comes through your browser that isn’t secure.
- Zero-trust security
The Zero Trust Network, or Zero Trust Architecture, model was created in 2010 by John Kindervag, who at the time was a principal analyst at Forrester Research Inc. Now, seven years later, CIOs, CISOs, and other corporate executives are increasingly implementing Zero Trust as the technologies that support its move into the mainstream, as the pressure to protect enterprise systems and data grows significantly, and as attacks become more sophisticated.
Zero trusts is a comprehensive approach to securing all access across your networks, applications, and environment. This approach helps secure access from users, end-user devices, APIs, IoT, microservices, containers, and more. It protects your workforce, workloads, and workplace. In Zero Trust, you identify a “protect surface.” The protected surface is made up of the network’s most critical and valuable data, assets, applications, and services – DAAS, for short. Protect surfaces are unique to each organization. Because it contains only what’s most critical to an organization’s operations, the protective surface is orders of magnitude smaller than the attack surface, and it is always knowable.
With your protect surface identified, you can identify how traffic moves across the organization concerning protecting the surface. Understanding who the users are, which applications they are using, and how they are connecting is the only way to determine and enforce a policy that ensures secure access to your data. Once you understand the interdependencies between the DAAS, infrastructure, services, and users, you should put controls in place as close to the protected surface as possible, creating a micro perimeter around it. This micro perimeter moves with the protect surface, wherever it goes. You can create a micro perimeter by deploying a segmentation gateway, more commonly known as a next-generation firewall, to ensure only known, allowed traffic or legitimate applications have access to the protected surface.
The Zero Trust approach depends on different technology and governance processes to achieve their goals. This model mainly focuses on improving the security of the IT environment of enterprises. This approach varies based on who (the User) is accessing what (SaaS or In-house Applications), as well as from where (Location or IP), how long (Time Restriction), and how (granularity) they want to access it. There are multiple ways an organization can adopt the Zero Trust Model, and one of the best ways to do so is to integrate with an IAM. For example, a well-designed application supports IAM integration and provides MFA by default. Today, all applications have begun to adopt the Zero Trust Model at the design level itself. You must assume that all users in your organization, devices, and transactions have already been compromised, without minding if they’re inside or outside of your organization and place them on zero-trust.