The year begins with a mega-conference spring. You could find an event to attend every week, depending on your company’s area of expertise: there’s CES, Mobile World Congress, DistribuTECH, Parks Associates Smart Energy Summit and GTM’s CA Distributed Energy Future. (On a personal note, it’s my goal to find a reason to travel to the International Pizza Expo.) One that is important for every company, though, is RSA, the world’s leading security conference, which took place in San Francisco a few weeks ago.
Antenna was there, and here’s the major takeaway for all our clients: Be ahead of, and prepared for, the cybersecurity challenges ahead. There’s nothing more devastating than having a superior product or offering that gets crippled by a deliberate bug, or risking your customer’s personal information because you didn’t have the right security protocols in place.
The predominant themes from this year’s event:
- Ransomware, where hackers take over company computer systems and hold data/access hostage, continues to be a threat to businesses across industries and verticals. Reports noted that ransomware spiked 6,000% in 2016, and 70% of enterprise victims payed hackers to get their data back. If you’re a hospital unable to access your data, lives are literally on the line, and payment may be the easiest option. Consider what ransomware will do to utilities and industrial systems. Here are a few tips to avoid ransomware altogether:
- Make sure your business has a data backup strategy for all files, offsite. Hijacking is rendered irrelevant if you’ve got an up-to-date backup handy.
- Spam emails are a major source of ransomware – always avoid questionable, or unsolicited attachments. Flag suspicious emails to your IT team so they can properly evaluate and blacklist spam senders.
- Make sure your applications and operating system are always updated to the latest version. Ransomware often feeds on flaws found in old versions of software.
- The Internet of Things (IoT) isn’t going anywhere, and your connected coffee pot is a giant security vulnerability. RSA experts noted that if any security was built into today’s gimmicky IoT gadgets, it’s likely 10 or 15 years old. That makes room for a lot of unsuspecting devices to be recruited for botnet armies and network takedowns. To remedy this, security experts are pushing for government to step in with regulation of the overcrowded market. This may mean requiring a minimum level of security across all IoT devices. In the meantime, companies can protect themselves a few ways:
- If an IoT device on your network comes with a standard admin login and password, immediately change the password. This protects a device from being automatically detected and taken over by malicious software that’s programmed to attempt logins with standard ID/passwords.
- For an added level of security, IoT devices in a network should be segmented into their own network and have network access restricted. A connected coffee pot does not need the same level of Internet access as an employee’s laptop. An IT team should monitor the separate network containing all IoT devices and act if anomalous traffic is observed (reformat devices, remove potential malware, etc.).
- Security teams on the front lines are looking to artificial intelligence to help combat ever-changing threats. Alphabet’s Eric Schmidt, originally an AI skeptic, acknowledged at the conference how vital the technology is to the company’s mission and to the global economy. Thus far, AI and machine learning have been used to help improve an organization’s detection and response capabilities. Moving forward, the technology should be able to specifically help with threat identification, risk assessment and suggested remediation.