The threats and challenges of recent years seem to have made IT security more and more a top priority and many companies are reviewing their security strategy.
So in a have independent survey (pdf) recently fewer than 89 percent of the companies surveyed indicated that they due to attacks as Wanna Cry their security policies have changed and processes or planning to do so in a timely manner.
And the DSGVO is also raising budgets: three out of four companies have increased their investments in data security and management. Almost more important than rising budgets, however, is the increased awareness outside the IT departments, especially in the executive floors.
In the meantime, data is seen as a true corporate asset that needs special protection. While hackers will continue to find new ways to challenge IT security leaders in the coming year, the recent trends in this area will at least make them aware of some threats.
“Are you starting a new medical centre ? or starting medical practice” We can help you or provide you complete Medical IT Support.
Multi-layered attacks outsmart security solutions
Blended Attacks, ie malicious software that works laterally across different attack vectors through the networks and infected so in 2017 played an important role.
Your advantage from the hackers point of view: Although some parts of the malware are recognized by the well-known defense mechanisms, not all of them, so that they reach their overall goal.
For this reason and as long as the defense has nothing to oppose, this tactic will pay off and criminals continue to cling to it. In this respect, these hybrids will continue to occupy us in 2019.
Successful business models are in no industry – and the IT crime is now in a sense become by the increasing professionalization – abandoned lightly. Unless they are replaced by an even more lucrative method.
Extortionware could be exactly that, namely the “optimization” of the well-known Ransomware, Instead of “just” encrypting the files and decryption them against payment, Extortion ware relies on the threat of publishing this (mostly confidential) information.
This form of blackmail is much more effective because you can not get it on the one hand through backups and on the other hand, the threat potential is much higher: the publication of product plans, payrolls and other sensitive documents can have disastrous consequences, so that the willingness to pay significantly higher should be, as well as the blackmail money.
Not only personal data are targets
The two-year transition period of the DSGVO ends on 25 May 2019. Until then, many companies still have some homework to do. The employment of the personal data should be understood as an opportunity to deal generally with the data stored in the company and to ensure their protection in the long term. Cybercriminals have long recognized that data and digital content are highly lucrative goals and have significantly increased their efforts in this area. With a well-thought-out security strategy, which places the data in the center, one can counter that. But DSGVO itself will continue to occupy us, also and especially after it has come into force, because DSGVO conformity is not a condition, but an ongoing process.