What might businesses expect to see in this year’s data and device security landscape? Here are a few ideas.
Artificial Intelligence keeping us safe online
Artificial Intelligence and machine learning isn’t just about robot dogs and self-driving cars. The latest anti-malware products being developed (which we should be using to help protect our personal and business devices and data) contain a number of sophisticated neural learning and cloud-data collection techniques designed to catch malware earlier and more often.
Increasing use of HTTPS
Many websites, especially banking or retail sites, now use https in their domain name e.g. https://www.gov.uk. The S in https stands for 'secure' and means all communication between your browser and the website is encrypted.
The encryption is initiated when an SSL certificate is transferred to the browser. When a trusted SSL certificate is used, the padlock symbol appears and if it’s an extended certificate, the address bar will turn green.
Using https can provide better security for a website, give more confidence to customers, and search engines such as Google can also give a rankings boost to websites using it.
However, every news story about SSL certificate mismanagement, security mishaps, and data breaches puts the authorities that issue SSL certificates under increasing scrutiny. For many small businesses, the website owners paying a Certificate Authority and submitting themselves to what can sometimes be an arduous verification and checking process, is cumbersome and unnecessary. This is where technical alternatives like Let’s Encrypt (currently in beta) are bound to flourish.
Additionally, Google’s Certificate Transparency project will continue to identify rogue SSL Certificates through detections built into modern day web browsers, as Google continues to hold Certificate Authorities to account – helping keep us all safer on the web.
Malvertising, Ad Networks: shape up or ship out
Malvertising is a term used to describe the spread of malware through online advertising, i.e. the injection of malicious malware-laden adverts into legitimate online ad networks and webpages. It’s happening all too frequently and is caused by questionable third party relationships and the poor security of some online advertising networks. At the root of this problem is the 'attack surface' of ever-growing, ever-complex advertising and tracking scripts provided by ad networks and included by publishers (often blindly) on their websites.
The scripts are slowing the browsing experience and anyone who has installed an ad blocker recently will tell you they can’t believe how fast their favourite websites are now loading. Research conducted by The New York Times showed that for many popular mobile news websites, more than half of the bandwidth used comes from serving up ads. That’s more data from loading the ads, scripts and tracking codes, than the content you can see and read on the page!
Whatever the solution, one thing is for certain, ad networks need to shape up and address their security, otherwise 2016 may well be remembered as the year of Malvertising.
Strong passwords with extra security steps
There were reminders last year that even having the world’s longest smartphone password doesn’t mean someone can’t figure it out. Using a strong password will be essential in 2016.
There will be growing use of extra steps to make accessing data safer. In 2015, Yahoo announced a security solution using mobile devices rather than a password for access, and we even saw Google include Smart Lock features that can use the presence of other nearby devices to unlock your smartphone.
Two-factor authentication – using 'something you have and something you know' to verify someone’s identity – will continue to be popular for use by many cloud-based providers looking to avoid data breaches. This type of authentication is already in use whenever anyone uses a bank card and a PIN number to access their accounts.
The Internet of Things needs security by design
You’re likely going to be using your smartphone as a lifestyle remote' to control a growing array of devices. Being able to set the office temperature remotely, or turn on the kettle in the communal kitchen without leaving your desk may sound helpful, but these devices have the potential to give up WiFi keys.
Every unprotected device that is connected to a network is open to hacking. Cyber criminals are probing hardware, scanning the airwaves, and harvesting passwords and other personal identity data from wherever they can. So the advice is simple: every connected device needs to be included in your business-wide security plan.
Update and upgrade or face the financial and legal consequences
Upgrading and updating all your software, devices, gadgets, and equipment will remain a business critical issue. The Internet of Things is raising new questions about who is responsible for what in a legal sense: Who owns the data? What happens when machines take 'autonomous' decisions? Who is liable if something goes wrong?
To take one extreme example, a police officer pulled over one of Google’s driverless cars last November for causing a traffic jam on one Californian highway by driving too slowly. Again, the lesson is clear. The simple rule this year is to ensure that your business software and systems are always using the latest update. Your life may not depend on it, but your livelihood might.
Tony Anscombe, Senior Security Evangelist, AVG Business
Image source: Shutterstock/Maksim Kabakou