There is no crystal ball that businesses can use to see the exact IT problems and opportunities that they will encounter each year. However, by looking at past and present IT trends, they can get a sense of where IT is heading and how the new direction might affect their business.
Here are four trends that IT experts are predicting will affect businesses in 2017 and how businesses should prepare for them:
1. Cyberattacks Will Be Smaller and More Personal
“Small is the new big” when it comes to cyberattacks, according to Proofpoint. Smaller, more personalized malware attacks will increase in number and sophistication in 2017.
For example, exploit kits will give way to what Proofpoint refers to as “human kits”. In the past, hackers have often distributed malware using exploit kits, which take advantage of software and hardware vulnerabilities. However, exploit kits are becoming less effective, partially because more businesses are now regularly patching their software and hardware. Consequently, cybercriminals will be putting more effort into fooling humans. They will increasingly use spear phishing emails, social engineering ploys, targeted malvertising, and other techniques to try to trick individuals into infecting their computers with malware.
Unfortunately, the focus on smaller, more personalized malware attacks does not mean you no longer have to worry about high-volume ransomware campaigns, exploit kits, and other traditional attacks. You need to prepare for all types of cyberattacks to protect your business.
2. Migrating to the Cloud Will Be Easier
Thanks to mega cloud providers like Amazon, Microsoft, and IBM, migrating to the cloud will be easier. Forrester predicts that these mega providers will improve their lift-and-shift tools in 2017. These tools replicate in-house applications in the cloud without redesigning them, making it cheaper and less time-consuming for companies to move their programs and data to the cloud.
The improved lift-and-shift tools will help accelerate the rate of migration to public clouds. Forrester predicts that the migration rate will accelerate faster in 2017 than in previous years. By year end, the company expects the global public cloud market to reach $146 billion (USD).
With migration becoming easier and the public cloud market expanding, now is a good time to consider moving some of your applications and data to the cloud. The first step is learning about your options so that you can determine the best way to realize the full benefits of cloud computing.
3. Malware Attacks against Mobile Devices Will Continue to Rise, Resulting in More Network Breaches
The number of malware attacks against mobile devices rose sharply in 2016 and will continue to rise in 2017, according to McAfee Labs and Proofpoint. The leading threats will be ransomware, banking trojans, and remote access tools.
Because so many employees use their own personal mobile devices for work, the rise in malware attacks will put businesses at risk. Check Point Software Technologies predicts that one in five employees will cause network breaches. Unknowingly, the employees will either infect the networks with malware that was on their mobile devices or expose network credentials when they log in to their companies’ networks while using malicious Wi-Fi hotspots. So, if your business allows employees to use their personal mobile devices for work, you should consider creating a Bring Your Own Device (BYOD) policy that addresses security concerns.
4. IoT Market Will Expand, Bringing Opportunities and Challenges for Businesses
In 2017, businesses will increasingly use Internet of Things (IoT) devices to turn off lights, control thermostats, report low inventory, monitor equipment for problems, and perform other tasks. Part of the appeal of using these devices is saving money. For instance, using IoT devices for predictive maintenance can often provide businesses with 10 to 20 percent savings compared to using a preventive maintenance approach, according to Gartner. With preventive maintenance, a schedule dictates when equipment is serviced. In contrast, with predictive maintenance, the actual condition of the equipment determines when machinery is serviced. Because upkeep tasks are performed only when needed, companies can save money.
Overall, Gartner predicts that IoT devices will save businesses and consumers $1 trillion a year by 2022. However, implementing them will be challenging. Security experts warn that IoT devices are largely unsecured. An example of how hackers can take advantage of this fact occurred in October 2016, when they used the Mirai botnet to bring down Netflix, Twitter, PayPal, and many other popular websites. This botnet was designed to scan the Internet for poorly secured IoT devices and infiltrate them. Consequently, if you want to use IoT devices, you need to secure them, just like you would secure any other device or machine in your IT environment.
If you have any questions about security, or how the cloud can work for your business, please don’t hesitate to contact us 720-205-5250For years, we have been telling clients that the “life password” is a bad practice, but we have also been telling them that secure passwords are a cryptic combination of letters, numbers and symbols and that they should be changed often (every 90 days). And while this still has some truth, the technology being used by criminals today can crack a six-character password, regardless of its complexity, in a matter of minutes. In 2020, NIST (the government folks in Boulder who set the standards for technology) also changed their long-held stance on passwords. It is now recommend that one comes up with a passphrase comprised of several words and to use a unique phrase for all your logins. Simply going to a 10 or 15 character password increases the time it takes to crack your password from hours to months or even years. While this may seem daunting, it’s easier than you think. Start by picking two or three words that mean something for you and using this as a “base” phrase that you’ll use to create a tough-to-crack password. When choosing words, we recommend going outside of your biosphere, like family and pet names, and choosing something from your favorite works of literature, music or art. Your base words could be something like Ringo Abbey Submarine. If you’re having issues finding words, we suggest this random word generator. If you pick something that makes you laugh, you will be sure to never forget it. This way, you will have the convenience of the “life password” which will be easy to remember, but we’re going to mix it up a little. The next step is to step up the security by separating the words with numbers and/or symbols. It can be a date or other number that means something to you or any symbol you like. We’ll use 1 ! 6 and 5 in this example. Your next step is to create uniqueness. One really easy way to do this is to add an additional word that represents something about the service or site that you’re using. So using all these methods, your Facebook account password could be Ringo1Social!Abbey6Submarine5. You now have something easy to remember, super long, unique password. You simply change that one word that is unique to the site, and perhaps it’s position in the phrase, for your other logins. Google could be Ringo1Search!Abbey6Submarine5. In substitution for the word-based password, you could take any long phrase like “one ring to rule them all, one ring to find them!” and use the first letters of each word and some creative letter substitution to come up with “oR2RtA,oR2fT!”.
You can also group passwords together based on complexity. Some sites require you to “create an account” to use them, but you keep no information on the site and you’re not concerned about your digital identity. If the account were to be compromised, there’s nothing there to steal, so you can have a throw-way short life password for sites like these, if you like. You can have a base word phrase for sites that are not financial in nature, and then a completely different phrase for those that are. Use a third and/or fourth phrase for passwords you use at work.
Of course, you will have outliers – like sites that limit you to 15 characters, or don’t allow certain symbols. With these, try to stick to the rule and do something like using two words instead of three, or substitute it with an abbreviation. These sites will likely be few enough that you should be able to recall them with ease.
Why not use a password manager? Although this is a graceful solution and can even give you the beauty of creating completely random passwords for your accounts, you risk a couple of things. First, online services like LastPass, Dashlane, or Roboform, etc., sync your passwords to the cloud and to additional devices. This can be convenient, but your passwords can now be unlocked with a single Master Password from any computer with an internet connection. So, if you use a site/service like this, make sure that it employs two-factor authentication (where you have to type in a code sent to your phone as a text message in order to unlock your master key on the device you are using or an additional challenge question when you’re using a computer you haven’t previously authorized). Second, and this is a little personal for me, password managers will prevent you from remembering anything but your master passkey. I really don’t like not knowing my passwords. If I’m in a situation where I’m away from the computer that has the password software, and I need to log into my bank to make a transfer so I don’t get overdrawn, it can be pretty damaging if I can’t do it quickly.
There are instances, however, where Password Management or Identity and Access Management (IAM) can actually be a desired thing. Not too long ago, most company data was located on internal network servers that had managed access through a single sign on at the user’s computer screen. If a worker was terminated, one only had to change that one password to lock the user out. Now, with the wide adoption of the cloud servers and services – many of which can be accessed from any internet connection, not just at the office – these disparate systems require their own set of credentials. Managers are now faced with the daunting task of changing the passwords on possibly dozens of systems to lock out a terminated user. Forget to change just one, and the results could be devastating to corporate security. Fortunately, there are enterprise-class IAM systems that are affordable for even the small business. They allow managers to not only change passwords quickly, but to never have to divulge passwords to users in the first place, further securing the unauthorized use of cloud systems outside of the workplace. IAM systems can create a single sign-on environment with a two-factor authentication scheme that can make any business locked down like Fort Knox.
Saving your password in your browser. Again, this is convenient and almost all browsers now ask you if you want to save the password. However, we recommend you don’t do this. Not only can these passwords be easily revealed, they can be lost for good when you change computers. Read more here.
Is it safe to “Sign in with Google/Facebook/LinkedIn”?
This depends on your view of “safe”. When using a social media account, the requesting site doesn’t get your Social Media (SM) password. Instead, your SM account hands over a secure “token” representing that you are actually logged in to your SM account. Since the new site doesn’t have any password, and if they’re breached, you’re not at risk. However, if your SM account or provider is breached, then these accounts are also toast and a hacker will have almost instant access to them. Then there’s the privacy angle. This will depend on what information the site wants from you and what you’ve given them. If they’re asking to see your birthday, interests, friends list, you can bet that everyone you know will see an increase in spam. This is how you got on those lists, by the way. Some sites take this information seemingly without you authorizing them to do so. However, you can bet that buried in those Terms and Conditions you didn’t read, that you gave permission as soon as you clicked “I Agree.”
The “Toothbrush Rule.” Never share them. Change them frequently. With your phrase-based passwords, just change one of your three keywords and you will be successful at remembering both the old and new password!
For further reading, you can read the story from Wired magazine: How Apple and Amazon Security Flaws Led to My Epic Hacking which is a great lesson in how social engineering can lead an attacker to gain access to a lot of things.
By taking some simple steps, you can create your own secure and easily remembered passwords that will make your digital world a safer one.
If you have questions or would like to know more about IAM, please don’t hesitate to contact us.