Frightening technology trends to worry about

Just in time for Halloween: What’s keeping security folks up at night

Frightening technology trends

Spooky

With Halloween just around the corner, what better time to reflect on technology scares in their organization – and, just as importantly, how to combat them. From internal threats to vendor overload, Warren Perlman, CIO of Ceridian, a global human capital management technology company, explains how to confront your “technology fears.”

 Troy Gill, manager of security research, AppRiver, also added to this slideshow,

Frightening technology trends
Thinkstock

Often-overlooked internal threats

Despite the hype of external, malicious hackers taking over a network, the internal threat remains a company’s greatest worry. In fact, a recent study of 276 US CIOs and executive IT professionals commissioned by Sungard AS found that 60 percent of respondents would enforce stricter security policies for employees.

Internal threats can range in form, and pose as several scenarios. The most common is human error: not spiteful intentions, but an honest mistake. Sensitive data landing in the wrong hands via a misdirected email or a simple virus infection caused by a click on a malicious attachment can be devastating for an organization.

Finding and retaining top talent
Thinkstock

Finding and retaining top talent

We’re all aware of the technology talent shortage, and how difficult it is to find quality IT support, software developers, and programmers. However, what’s even more difficult is retaining top talent.

Keeping tech workers happy and engaged will not only help you retain valuable employees, but you’ll also find they remain motivated and more productive. Best of all, your customers will reap the benefits. If your current organization has difficulty measuring and tracking employee engagement and performance, then consider technology tools like human capital management software.

RELATED: 10 tips for retaining top IT talent

Frightening technology trends
Thinkstock

Multiple generations in the workforce

We currently have the highest number of generations in the workforce, with four age groups trying to work together at the same time. CIOs are tasked with learning the preferences and nuances of Matures/World War II, Baby Boomers, Generation X and Generation Y/Millennials, which all pose different security threats for an organization.

It is important to support all generations, including their personal preferences and natural tendencies, to ensure everything from confidential printed documents to mobile applications stored on personal devices remain secure.

Frightening technology trends
Thinkstock

Shifts in compliance

With a newly elected US President entering the White House in January, US compliance regulations could change, meaning you must be prepared to quickly shift gears to remain compliant. Add to this ever-changing global legislation, especially post-Brexit, and the entire C-suite is legitimately concerned over remaining compliant and avoiding legal ramifications for not doing so.

The first step to success is rolling out a compliant global workforce management strategy. There are many things to consider, but organizations should stick to three key areas: effective data management, employee and manager friendly self-service, and a strong partner or solutions provider.

Migrating to the cloud
Thinkstock

Migrating to the cloud

Businesses are becoming comfortable with migrating away from the security of physical servers and towards the benefits and flexibility of virtual servers. Security concerns are paramount for those that choose to employ could-based solutions, and problems such as unauthorized access or hijacking of accounts give CSOs a reason to proceed with caution.

Despite the risks, however, many organizations utilize cloud services or are planning to implement some type of cloud services solution in 2017. This is due to the potential increase in revenue, reduction in IT costs and business benefits, which are too great to ignore. Carefully evaluate cloud vendors, and select the one that eases your fears the most.

RELATED: 9 data security tips for cloud migration

Getting buy-in on hyperconvergence

Getting buy-in on hyperconvergence

Hyperconvergence offers the ability to integrate computer, storage, networking and virtualization resources in a software-centric infrastructure, allowing these technologies to be managed as a single system.

So why is hyperconvergence causing concern? For those planning to employ this type of solution, they must first evaluate the organization’s current system strengths and weaknesses and address any problems prior to making the decision. Old software may not run on new platforms; a concerted effort is required for testing and validation, which may add to the overall cost of this clever new technology.

3 phishing

Phishing and Business Email Compromise (BEC) attacks

Today’s spooky and scary phishing attacks range from highly targeted spear phishing to the more traditional cast net style attack. In both cases, the cybercriminals have continued to hone their techniques to improve their success rate against their targets by adding greater detail and customization. One popular form of spear phishing that our team has been combatting with greater frequency this year are targeted messages that lead to wire transfer fraud. Often referred to as Business Email Compromise (BEC), these have been a popular attack vector throughout 2016. BECs have been estimated to have netted cybercriminals profits well into the billions of dollars in the past few years.

6 hacktivism
Thinkstock

Hacktivism

Hacktivists commit crimes to expose their victims' perceived wrongdoing. Hacktivism continues to thrive. In fact, hacktivists are increasingly posting their intended targets’ identities (often in advance) on open forums, while divulging the spoils of their crime after the fact. Large corporations and law enforcement agencies have been popular targets recently with the intent to damage reputation or disrupt workflow.  Unfortunately, countless security breaches have been committed, with stolen data of innocent people (i.e., customer account information, usernames, passwords, etc.) often made public to showcase hacktivism “success.” When it comes to hacktivism, there has been no greater “success” story this year than the many exploits of the Syrian Electronic Army (SEA), where it breached major U.S. media outlets such as the Washington Post, CNN and Time as well as social media site Twitter.

0 zero

The next Zero Day attack

These large-scale attacks often leverage the aforementioned secret vulnerabilities and use them to spread online malaise quickly. Examples include Storm Worm, which targeted an internet-consuming public and Stuxnet or Duqu that was a customized espionage attack. Oftentimes, these attacks are able to operate for quite a long time without anyone ever being the wiser.

7 apt
public domain

The Advanced Persistent Threat

APTs are attacks targeting either political, governmental or business entities. APTs are generally surreptitious with greater focus on maintaining its presence on a system. APTs often utilize the same infection vectors as other attacks such as spear phishing emails, web-based drive by infections, DNS based attacks, infected USB sticks (or other hardware) and external hacking. Operators often combine an array of attack tools and methods to increase the effectiveness of the attack. They tend to take a detailed, patient approach in order to get from the entry point of the attack to the actual target. The target can vary from data that the attacker infiltrates from the infected system, or like in a case like Stuxnet, attack and destroy a very specific target (Iranian nuclear centrifuges).

4 mobile

Mobile exploits

Our phones are our lives in our palms, but what if hackers also have access to them? Recently, Apple released a security patch for an advanced exploit chain-type malware. The malware, referred to as Trident, used multiple zero-day exploits to jailbreak an iOS9 device. Once jailbroken, the attacker had access to the victim’s emails, texts, the phone’s camera and microphone, and location. Sadly, this malware was discovered only after malicious links leading to the exploit were sent to a human rights defender in the UAE.

As consumers rely so heavily on mobile devices to conduct their daily lives, Black Hats will increasingly find ways to exploit such devices. Unfortunately, there are entire websites full of rogue apps. Users must also be aware of malicious apps designed around SMS fraud. Such apps send text messages from a victim’s mobile device to numbers that are charged a premium.

5 state

State-sponsored attacks

Not that long ago a group identifying itself as the Izz ad-Din al-Qassam Cyber Fighters was waging an ongoing series of DDoS attacks against major U.S. banking institutions. The group’s attack has caused major interruptions for targeted systems and reportedly operates under the direction of the Iranian government. Other examples include the recent attack on energy giant Telvent, which fell victim to a sophisticated cyber intrusion and intellectual property theft that was directly related to advanced smart grid technologies.