The high-water line in information security gets higher each year. Just as we think we’ve finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next.
For example, ransomware has surged in the last year. Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently. Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day. A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time. As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said.
And there’s been seemingly no end to hackers getting into corporate databases. Just ask Yahoo. Or the Democratic National Committee. Even the FBI was able to find a firm to hack into the Apple iPhone 5c, which for a while seemed unhackable.
For IT and security professionals, this endless fire fighting gets exhausting. Old threats come back in new forms, and new attacks keep making the list of things to worry about even longer. Malicious word macros are back. Exploit kits still love Flash. SMS text messages with one-time codes for second-factor authentication proved hackable. It all makes you want to give up and curl up in a dark corner.
But 2016 wasn’t all bad news for enterprise security, and there are some wins that give hope for a more secure future.
1. We’re looking at passwords in a better light
Authentication, especially how we use passwords, was a recurring theme with every data breach. Yes, password reuse is still a problem and weak passwords like “password1” and “123456” are still a thing, but we are seeing more people use password managers to secure their online accounts and fingerprint sensors to lock their physical devices. “Biometrics will no longer be seen as novel in 2017, but necessary,” said Daniel Ingevaldson, CTO of security company Easy Solutions.
There are fingerprint sensors on the market today with security features including TLS 1.2 and 256-bit encryption, anti-spoofing technologies, live-or-dead detection, and match-in-sensor architectures, said Anthony Gioeli, a vice president at Synaptics’s biometrics division. Apple has had hardware-secured fingerprint sensors in its mobile devices for several years, and now in its newest MacBook Pro. Samsung and Google use similar technology in their latest smartphones. And Microsoft has built in support for biometrics in Windows 10 and beefed up the security in this year’s Windows 10 Anniversary Update.
Sign up for Computerworld eNewsletters.