The cyber security landscape is rapidly evolving, and businesses across the board need to take new measures to secure their most valuable assets.
By Simon Campbell-Young, MD of Credence Security
Information security is a growing concern for all South African businesses, particularly in the light of an increasingly determined adversary, and a slew of new threats raising their heads on a daily basis.
The security landscape this year is what we witnessed last year, but on steroids. Ransomware attacks such as Petya and WannaCry aren’t going anywhere, and no-one will be safe. It’s no longer the case that only global giants are targets of these attacks; no country or business is safe.
Moreover, with the event of POPI and the GDPR, privacy and data protection will be more in focus than ever before. More and more businesses are now handling, storing or processing personal customer data, and will need to be on top of data security. I believe that more and more businesses will look to encryption technologies to secure their data.
Another trend is the increased use of machine learning in information security. Although relatively new, machine learning (ML) will come closer to maturity over the next year. As businesses look for new technologies and solutions that can help them anticipate and predict and prevent security events in real time, ML will be incorporated into more and more security solutions.
In addition, there will be a focus on tailored security solutions. The threat landscape is becoming increasingly complex, and attackers more sophisticated. Gone are the days of hackers in basements. Attackers today are no longer motivated by money alone, or by proof of concept. Industrial espionage and politically motivated attacks are on the rise too. Businesses are becoming the target of advanced persistent threats, and realise that they need to add security layers tailored specifically for them or developed in-house if necessary.
Another trend on the rise is cybercrime-as-a-service. Back in the day, when cyber crooks wanted to launch cyber attacks, they had to be tech savvy, and know how to write code. This is no longer the case. Attackers can now browse dark markets to buy or even rent nefarious tools.
DDoS booters go for as little as $60 for the day or around $400 for the whole week. Ransomware kits for around $1,000 a month. It may seem expensive, but the return on investment is huge, and the income, passive. For bigger orders, attackers even offer discounts and they offer a full customer service for after sales too. This has opened a wide door for anyone looking to make quick and easy money on the internet.
All in all, over the next year, we are going to see some interesting activity in the cyber security market. The complex nature of attacks and their increasing frequency will see a lot at stake, and organisations will have to focus more efforts on cyber security. It will be a delicate balance between securing crucial information assets, without stifling innovation, and hampering ease of use.