The ‘support’ aspect of IT support has come to mean a lot more than merely loading your new Windows version in 2020. Chief amongst issues now facing technical expertise is combating cybersecurity threats. It’s understandable – but also unfortunate – that business in the modern era has sailed forth on the back of breath-taking new advances in AI and the digital world, unfortunately, because no new mode of online life comes unaccompanied by crooks looking for an income stream.
Mobile is now a massive market for scammers and outright thieves, just as it is incorporated into the working world as never before. AI might be a dazzling arena of potential, but cybercriminals are working as hard as anyone else to turn it to their advantage. And while the cloud is capably secured, the concept is attracting criminals determined to slip through security protocols and find their pot of gold. From taking care of common technical challenges around apps and hardware, IT support now more often finds itself reinforcing security measures for online business simply to keep the wheels turning safely.
Taken as a whole, global software development is outpacing skilled cybersecurity practitioners. In other words, the pace and extent of new apps and online abilities hitting the marketplace makes it extremely difficult for experienced security professionals to keep up with developments, and challenging for newly minted security practitioners to attain a baseline competence. That said, standard protocols around online security can be applied across the board, but cyber criminality specializes in seeking out those little corners where most people don’t usually go.
2020’s main cybersecurity threats in a nutshell
The recent Windows 7 sunset might seem an issue of no consequence for many businesses running that version. Still, it’s likely to give rise to a spate of breaches as support stops patching, and criminals pick over the scraps for those slow to upgrade to Windows 10. The end of Windows 7 means that Microsoft won’t update the OS or patch security vulnerabilities, whether they’re identified or not. Much like Mercedes might stop making parts for an old 1960s coupe they once produced, so too will the ‘parts’ people need to avoid disaster no longer be forthcoming from Microsoft. It happened at the end of Windows XP – and even Windows Vista – and any SME still on Windows 7 is dangling their legs in piranha-infested waters.
The rollout of 5G infrastructure is happening all over the world, and as seamless as stepping up might be, there are going to be a myriad of teething issues amongst individual companies. That represents a beautiful bag of ‘same-old waiting’ in the space where people are absorbing new tech, which is a bag of goodies for crooks. The adoption of any new protocol should be guarded and executed rapidly once commenced. Staff will need to be entirely at home with 5G before working with it – preferably overnight – and changes wrought by 5G adoption shouldn’t be allowed to compromise existing security.
Practically, what this means is that the entire spectrum of connected devices (think IoT), authentication, and authorization will need a thorough evaluation and possible upgrade of security measures. Making work and life easier through digital connectivity is excellent, but it also spawns a massive potential feeding ground for criminal activity. Although on the face of it, one-time pins (authorization codes usually compromised of a series of digits) are immutably secure, smart phishing attacks have circumvented these. More businesses are now moving to biometrics (for mobile) and multi-signature or multi-factor protocols to avoid individual weaknesses compromising business as a whole.
Speaking of mobile, as enabling as it might be for business, it’s also a massive boon for tech-savvy criminality. While business email gateways can thwart malicious URLs and phishing emails, they’re slow in catching up with the notion of personal mail and messaging as mobile attack vectors. Social media is a busy arena that also enables the first line of creeping attacks at times, via their own mobile devices.
Ransomware isn’t going anywhere and, when one considers that holding people for ransom in real-time is still with us after thousands of years, the online version is unlikely to diminish anytime soon, either. No one is too insignificant, and thus no one is safe; even the pros get taken at times. Because it’s very often simpler (and better for business) to cough up and keep moving, ransomware attacks are usually successful. Plugging the gaps that can enable such attacks is difficult due to the people factor. Individual users all need to maintain the same security consciousness and share alertness that’s hard to police, especially as companies grow their staff contingent or remote workforce.
But wait, there’s more… IT support is becoming a deductive art.
Squaring up to the challenges of the new era, phishing and other ‘soft’ entry attacks are now more copiously employing machine learning to increase their strike rate. By thus automating their optimization, such cyber crooks have attained a busy hum of industry, and it’s going to become savvier and more frequent, according to industry security practitioners. In a nutshell, criminal intent in electronic comms is going to become smarter and far more adept – and thus successful – at phishing in the ways that work.
On a more in-depth technical level, while the whole software development arena grows apace, security threats are articulating in hitherto unseen ways. Put simply, app code inspection is now (mostly) enacted from inception, at least by more giant corporations. Whereas local code alone was previously the area of attack, now pipeline code is suspect, too. What all of this means is that developers need to build security into each phase of app development – the entire process requires strong security oversight.
Cloud computing is now relatively mainstream; the world has primarily gotten over its jitters around the concept. Securing access in the cloud comes with challenges, however. The tremendous collaboration and ease of use of the cloud have a counterpart in the difficulties security practitioners have in securing it. Criminals know only too well that they will need exceptional hacking skills – or luck – to compromise the cloud. This means that a percentage of the fraternity will up their skills to stage sophisticated attacks, but also that the ‘gill net’ approach will become more abundant – just up the frequency of hopeful attacks and the payload will be higher.
The era of knowing what you know is also almost over: deep fake (or deepfake) rendering of complete mock-up videos and other media or platforms has come so close to reality, that security experts say very soon they’ll be indistinguishable from genuine items. Here blockchain may have an excellent application, as a decentralized ledger seems the only effective counter to in-depth fake posts. Gartner has predicted that around a third of all world news will face such authentication measures by next year.
Lastly, there’s always the real world. As cybersecurity advances and thwarts much of the criminal activity it does encounter, people are becoming attractive targets again. According to security fundis Kaspersky, the emerging trend of offering an insider a substantial wad of cash to initiate a breach is gaining ground. Rather than sophisticated (and expensive) attempts to get around a company’s security, criminals are more readily looking for an employee inside to bribe – something more likely the more extensive the staff contingent and something tough to anticipate.