Nothing gets cybercriminals more excited than targets which directly involve money. Even better if there is a way to quickly transfer that money to where they can get their hands on it. And it is always easier to circumvent security procedures or con unfamiliar users when there are newly, possibly hastily, implemented systems.
While the move to SEPA compliant payments has been coming for a long time, from February 2014 it becomes the only game in town for the transfer of euros within or between 33 different states – including some such as Romania and Bulgaria long rumoured to be the base for many prolific cybercriminals. Expect phishing emails, fake “information” web sites, Trojans and all the usual armoury of the digital underworld to be unleashed with full fury, particularly as stragglers try to adapt to SEPA credit transfers.
The old fail-safe of a few hours or even days for your bank to cancel an unauthorised transfer will be over. In the SEPA era, as the radio adverts tell us “once they’re gone – they’re GONE!”
No more trust, no more privacy?
2013 was not a good year for trust and privacy in our increasingly connected world. The Snowden revelations confirmed what everyone in IT security long knew — the 35,000 personnel employed by the NSA weren’t spending their $10 billion budget on paperclips. Meanwhile a long sequence of household names had to suffer the public embarrassment, customer backlash and financial cost of having customer’s private data stolen from their systems.
What will this mean for IT security in 2014? I believe savvy IT vendors and corporate users will seek to differentiate themselves in a positive manner. Microsoft led the way in December 2013 with a startling blog post by Brad Smith, its most senior lawyer, in which he suggests that US Government snooping “potentially now constitutes an advanced persistent threat, alongside sophisticated malware and cyberattacks.”. Pow! He then goes on to talk about what Microsoft are doing to protect their customers. OK the guy is a lawyer so he actually refers to “some governments”, but read his post and his meaning is clear.
What does this mean for IT managers? Assisting your senior management or sales and marketing colleagues to persuade customers that your organisation is doing everything possible to protect the privacy of data stored about them, and that you are deserving of their continued trust and custom, is likely to become a far more routine part of your role. So you’d better be sure you have a good story to tell them!
“2013 was not a good year for trust and privacy in our increasingly connected world. A long sequence of household names had to suffer the public embarrassment, customer backlash and financial cost of having customer’s private data stolen from their systems.”
So how can you secure your company’s critical systems and data in 2014?
Forget NSA, its C-I-A: confidentiality, integrity and availability. Consider how these factors are impacted by where and how your data is stored, moved and processed. Have a solid and contemporary perimeter defence and an effective endpoint security solution. Make your network interior as secure as its exterior. Encrypt — strongly. Monitor, review and adapt.
Oh and remember your users will always be the weakest link. If there is anywhere you need to hope for the best but plan for the worst, it is with the fingers that press the keys.
Dermot Williams is managing director of Threatscape.
Subscribers 0
Fans 0
Followers 0
Followers