As we move into the start of a new decade, we can be sure that the world of IT security isn’t going to stand still. There will be new and emerging threats as well as existing ones to challenge IT departments. But what are some of the key developments that we can expect to see affecting the security landscape?
CCPA
Europe has had tougher privacy regulations for over a year in the form of GDPR. 2020, however, is the year we will see the United States catch up with the introduction in January of the California Consumer Privacy Act (CCPA). Although this only applies to the state of California, the absence to date of any nationwide privacy legislation in the US is likely to see CCPA rules applied across the country – indeed some companies such as Microsoft are already committed to doing this. [1]
Like GDPR, CCPA places restrictions on how companies can use personal data relating to individuals. One of the side effects of this, as we’ve seen in Europe, is that people more aware of the value of their data and how it’s being used. This puts pressure on businesses to take privacy seriously and show that they are taking steps to safeguard information.
Ransomware goes cloud
Ransomware is already a massive industry for cybercriminals, locking up systems in order to extort payment to release them again. While in the past it has taken a rather scattergun approach, more recently there have been signs that particular industries such as healthcare and finance are being targeted because they represent lucrative opportunities.
As more businesses move their precious digital assets to the cloud, many security experts believe that it will become a prime target, with cloud servers and databases coming under threat. Guarding these assets means implementing effective cloud security and not relying on service providers to do the heavy work.
Remote working threats
The last decade has seen a shift towards more mobile working. But while this is good for productivity it also brings with it a range of new security threats. Putting devices outside the business network perimeter means that they can miss out on some of the protections it provides.
Companies need to ensure they implement proper remote device management, and that they use the full range of tools available including VPNs and multi-factor authentication to ensure that both devices and data are kept properly protected.
End of the password
The death of the password has been predicted for some years, but the 2020s may well be the decade in which we finally see it being recognised as being inadequate to protect modern systems. Multi-factor authentication has become far more widely available in recent years and new technology such as authenticator apps have made it less of a hassle to use than relying on text messages. We’re also becoming more accustomed to the use of biometrics such as fingerprints and facial scans which are much harder to crack even if the data falls into the wrong hands.
It won’t have escaped your notice that the faster 5G mobile network is being rolled out around the country and indeed the world. What you may not know is that in public places where both Wi-Fi and cellular signals are available, operators often seek to save bandwidth by ‘handing off’ traffic to a Wi-Fi network. You may not even be aware that this is happening but security researchers believe that hackers could exploit the process to allow them to access voice and data traffic from mobile phones. [2]
Mobile interfaces
It won’t have escaped your notice that the faster 5G mobile network is being rolled out around the country and indeed the world. What you may not know is that in public places where both Wi-Fi and cellular signals are available, operators often seek to save bandwidth by ‘handing off’ traffic to a Wi-Fi network. You may not even be aware that this is happening but security researchers believe that hackers could exploit the process to allow them to access voice and data traffic from mobile phones. [2]
Most mobile devices don’t allow the switching process to be disabled – although Windows 10 does – so users should consider using VPNs to ensure their data is safe from interception.
If you are looking to protect your business from the latest threats, then give Cloudworks a call. We are specialists in cloud technologies, cyber-security and support. In addition, we continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.
Call us on 0115 824 8244 or email info@cloudworks.co.uk
[1] https://blogs.microsoft.com/on-the-issues/2019/11/11/microsoft-california-privacy-rights/