10 Cybersecurity Threats and Trends for 2018
When your company pushes out a software update to clients, how do you know that update is real? Criminals...
1. Software updates – the new Trojan Horse
When your company pushes out a software update to clients, how do you know that update is real? Criminals are using the normal software update process to get companies to infect all of their clients, which then affects everyone down their software supply chain. In fall of 2017, the popular CCleaner application – designed to optimize software performance on computers – was breached by hackers who installed a backdoor in the software, affecting more than 2 million users. “This is the kind of breach that destroys trust between users and software providers,” says Skinner, “and makes consumers want to avoid doing business with the provider in the future.”
2. Installing spies on your phone
When Russia wanted intelligence on NATO alliance plans in the Baltic region, it turned to a new kind of secret agent: the soldiers' own smartphones. Troops from the U.S. and other NATO countries found evidence of their personal phones' being accessed from a Russian IP address. “Gaining access to your phone essentially puts its functionality in the hands of a remote user – who can geolocate you, take pictures of where you are, eavesdrop on your conversations, and gain access to personal information that can be used to intimidate you,” says Skinner.
3. Two things are certain: death and tax scams
SpiderOak predicts that the 2018 tax season will see more fraudulent returns than ever – driven largely by the Equifax breach affecting 145.5 million people. “Fake tax returns will likely explode this year given all the Social Security numbers now exposed,” says Skinner. While Chinese hackers remain the prime suspects in the Equifax case, taxes are a favorite target of another state: Russia. On the eve of this year's Constitution Day in the Ukraine – during which the country celebrates its independence from the Soviet Union – accountants in the former SSR were hit with a massive cyberattack, the largest in Ukraine's history. The virus infected the software that businesses are required to use to file tax returns, causing havoc for both the companies and the governmental computers to which they are connected.
4. One hack, many votes
“If you can plug it in, you can hack it, and this puts the 2018 elections at risk,” says Skinner. “The move to prevent election meddling is far behind where it needs to be, and there are vulnerabilities everywhere from the storage of voter rolls to easily hackable electronic voting machines.” Twenty-one states' voting systems were targeted by Russian hackers in the 2016 election cycle, but, he says, “this process starts far ahead of the election itself – it's happening now.”
5. PsyOps on your Facebook feed
Congressional testimony from Facebook, Google, and Twitter in November revealed the extent of Russia's influence campaign on social media during the last presidential election cycle. More than 126 million of its users were served Russian propaganda, Facebook finally admitted, after months of downplaying the extent of the threat. “The volume of fake news stories was clearly too large for the companies to handle, even with the extensive use of third-party contractors hired specifically to address this threat,” says Skinner. “If even tech companies with huge resources are having trouble controlling the spread of fake news and accounts, most other technology and media companies will be even more at risk.”
6. Criminals are patient
“One of the most frightening things about the breaches at Equifax, Target, and elsewhere is what we haven't seen – yet,” warns Skinner. Once criminals have stolen the data they need – including Social Security numbers, birthdates, and other personal details – they can sit on the data for months or years until people let down their guard and turn off their credit freezes. “Your data can just be sitting out there on the dark web, waiting to be sold or used, well after you think you're safe.”
7. Passwords are failing
“The most common password last year was '123456' – that's a problem,” Skinner says. “Human nature wants to simplify, so we use weak passwords and the same password for multiple sites.” But, he says, much as 9/11 changed the way we travel forever, major cybersecurity breaches are pushing companies to adopt much more complex protocols around digital security. “Three billion Yahoo accounts and passwords being hacked reflects the catastrophic implications of a breach, and companies are realizing that passwords alone aren't going to cut it. There has to be a one-two punch of both authentication and encryption to secure your data.”
8. Compliance gets your security up-to-date – about 10 years too late
“The problem with regulations is that they address what's gone before – not thinking about what's to come,” says Skinner. “Hackers are forward thinking and creative, staying far ahead of current security protocols. All it takes is one employee who isn't trained in how to safeguard his or her computer and log-ins. The smart hacker takes advantage of this weak link, enters through that employee's credentials, and then has access to your whole system. Checking the boxes on compliance doesn't begin to secure systems and data the way they need to be.”
9. Too many people have the master key
“Imagine if a landlord gave a master key to all apartments to every single resident in the building – that's how most companies' systems are structured,” says Skinner. “When one computer or set of credentials is breached, you have now opened the door to the whole system. In the vast majority of companies, employees have far too much access to information that they don't even need. And given the interconnected systems companies have with their vendors, and then their vendors' vendors, they don't even know how far out their connected system stretches. This opens companies up to so many risks that they don't even know about.”
10. Breach fatigue
“A real problem with all the bad news we see about hacks and leaks and breaches is that we're becoming desensitized to them,” Skinner says. “It's easy for employees to get complacent, and the consequences of this can be extremely harmful to a business. Even upper management can deprioritize security when trying to get out a release or an update before an important sales deadline, and CEOs and boards need to make sure that no corners are cut that can put the company at greater risk. Ultimately, cybersecurity is going to be only as strong as the top of the house makes it.”
Christopher Skinner, CEO, SpiderOak
Harnessing APIs to unlock and operationalise your data
Data is the fuel that powers modern businesses. It’s widely accepted that unlocking insight from data is key to driving successful digital transformation and competitive advantage. Yet the gap between understanding the importance of data-driven insight and being able to achieve it remains stubbornly wide, as critical information remains locked away in silos. To overcome these challenges, businesses must try a new approach. API-led connectivity offers a reusable, standardised way to integrate data across multiple platforms, systems, and applications. When done right, it can be the fast-track to IT and business teams productivity, innovation, and growth.
A data explosion
The past decade has seen a data explosion. Analyst firm IDC predicted that over 59 zettabytes (ZBs) of data would be “created, captured, copied, and consumed” in the world last year alone. In the next three years it’s predicted to continue growing at a CAGR of 26%, during which time more data will have been created than during the past 30 years. At the top of any CIO or business leader’s wish-list is the ability to extract insight from these vast troves of information in order to make more effective decisions. According to McKinsey, data-driven companies are 1.5 times more likely to report revenue growth of greater than 10%.
Unfortunately, just like much of the population for much of the last 12 months, data is locked down and isolated. MuleSoft’s 2021 Connectivity Benchmark report reveals that data silos and existing IT infrastructure are making it difficult for most firms to integrate new technologies and make changes to IT systems and applications. In fact, currently less than third of enterprise applications on average are integrated, so there is still significant room for improvement. Those organisations that are able to connect the dots between their data stand to realise increased customer engagement, business transformation and innovation benefits.
Journey towards API-led integration
Legacy custom code point-to-point integration may have been fine a decade ago when enterprises ran relatively few applications. But today’s businesses need something altogether more agile. Point-to-point can be expensive and complex, which means IT ends up spending too much of its time on maintenance and not enough on innovation.
This is where APIs come in, offering a more seamless and cost-effective way to drive integration through discoverability, self-service, and reuse. Rather than building the same point-to-point integration for use in 10 different projects, which requires each to be maintained individually as unique sets of code, a single API can be developed to be reused across them all. An API-led approach therefore means companies only have to unlock each data set just once to empower business teams across the organisation to use that data in their own projects.
The value of this approach can be extended even further with today’s low-code tools, which support drag-and-drop integrations. This can help to ease the burden on IT teams and empower business users to deliver their own integration projects.
The LendingTree experience
One company that has driven major improvements through reusable APIs is online loans marketplace LendingTree. Originally its 16 different business units were operating with siloed, incomplete data, meaning 360-degree customer insight was impossible—affecting sales and the end-user experience. The firm was not able to capture or analyse call centre data, limiting its ability to improve experiences for its customers.
Using APIs to draw in data from multiple systems and databases in real-time, LendingTree was able to consolidate its customer data on Salesforce to create a single source of truth for cross-departmental teams. This approach empowers service agents by giving them access to individuals’ loan application history from a single console, drastically reducing the time it takes them to consolidate various sources of customer data. As such, its API-led integration approach has allowed LendingTree to free up time and resources to launch new capabilities faster.
The future’s digital
Organisations have been affected in many different ways by the COVID-19 pandemic. But across the board, the desire among business leaders over the coming months will be to emerge from the crisis stronger than ever. Data-driven insight will be vital to this achievement, as businesses push ahead with digital innovation. API-led integration can help them to ensure that data strategies are long-lasting and sustainable, paving the way for long-term success and a brighter digital future.