Most recent blogpost

A safer cyber world in 2017

In 2016 security attacks, phishing, ransomware etc. were continuously in the media. It’s no rocket science anymore to hack a company, an individual or even a government. Our managing partners Willem Magerman, Steven Vynckier and Frederik Rasschaert reflect on cyber security in 2016 and discuss the trends for 2017.

Evolutions like the cloud, the internet of everything, big data, mobility, streaming and automation create more possibilities and flexibility to grow your business, but these evolutions also put your data more at risk by opening new attack vectors and increasing the attack surface for hackers.

For companies the question was not if they would be hacked, but when. Moreover, not only companies were a target last year. Governments tried to influence each other’s elections, politicians couldn’t avoid their social media account to be hacked and citizens’ IOT devices were misused in one of the biggest DDoS-attacks ever.

Many call 2016 the year of ransomware, but ransomware dates back to 1989, when Joseph Popp wrote “AIDS” and asked US$ 189 for the repair tool that could decrypt and unhide the files on the hard drive. Even CryptoLocker first appeared back in September 2013 already, but ransomware grew rapidly in 2014-2015 and even more in 2016. That growth made hacking well known last year. So for us, 2016 is not the year of ransomware, but the year hacking went mainstream.

Because hacking went mainstream, more people think about cyber security. So in 2017 we expect that the cyber defense capacity will increase in a number of areas. There will be an increased rate of cyber capability sharing between commercial and government spaces, threat intelligence will be adopted more broadly, SIEM will be installed more often to get real-time behavior pattern analysis and even to obtain event forecasting, etc.

Cybercriminals follow the money trail though and with the growth of ransomware they’ve seen that attacks can be cheap to operate, yet very profitable. So if the cyber defense capacity increases in 2017, hackers will become increasingly creative to make sure they keep getting the money in. We’ve seen a first example of that with the 2016 DDoS attack on Dyn, using hacked IoT devices. And although hacking went mainstream last year and became a generally known problem, security continues to be the primary obstacle preventing consumers from fully welcoming connected devices into their homes and lifestyles.
So let’s hope in 2017 cyber security will no longer be an afterthought for IoT manufacturers, but a critical part built into technology. Otherwise 2017 might become the year of IoT attacks.

Moreover, cybercriminals are getting more organized. In 2017 criminal syndicates (that offer cybercrime as a service) will further develop. We know these organizations for a long time (e.g. from botnets) and have seen them again with ransomware exploit kits like Angler, but basically they’re interested in anything that can be monetized and can offer cybercrime as a service globally.

Apart from attacks, 2017 will also be the year of compliance risks. Every company knows (or must know) about GDPR by now. But in 2016 GDPR compliancy was mostly not yet on the agenda (because GDPR only got voted and published in April last year). End of May 2018 is the deadline, so 2017 will be the year every company works around compliancy. They have to indeed, because data breaches or data leaks will become far more expensive for organizations of all sizes. Organizations conducting business in Europe will have to get an immediate handle on what data they are collecting on European individuals, where it's coming from, what it's being used for, where and how it's being stored, who is responsible for it and who has access to it. Organizations that fail to do so and are unable to demonstrate security by design will be subject to potentially massive fines.

But everything mentioned above is only on individual and company level. In 2017 we will also see rogue nation states trying to finance themselves by stealing money online (like we’ve seen in the SWIFT attacks), the digital battlefield will become the new cold war, attackers will begin to turn up the heat in smart cities, etc.
And unfortunately things we’ve seen in 2016 -like the above mentioned ransomware, but also phishing, BPC (Business Process Compromise) attacks, SSL abuse, etc.- will continue to grow.

The good news is that technological and knowledge solutions in network and security grow as fast as the risks. There’s a wide range of structural solutions to protect your data and to enhance the stability and performance of your network. Let’s think about Software Defined Networking, seamless office and industrial (SCADA) network integration, identity control, dual layer defense, SIEM, encryption, behavior based antimalware, data classification & data leakage prevention, ethical hacking, etc.

In 2016 cyber security was already a strategic advantage for companies and it will be so even more in 2017.

Thus let’s renew our focus on cyber security in 2017 and keep working together for a safer cyber world.

Older blogposts

Voldoen aan de GDPR-wetgeving, welke voorbereidingen treffen?

Vanaf mei 2018 hebben consumenten extra rechten op het vlak van privacy dankzij GDPR. Deze verstrenging van de privacywetgeving houdt in dat bedrijven op een veilige(re) manier met persoonsgegevens…

De regelgeving van GDPR toegepast voor bedrijven

Vanaf mei 2018 hebben consumenten extra rechten op het vlak van privacy dankzij GDPR. Deze verstrenging van de privacywetgeving houdt in dat bedrijven op een veilige(re) manier met persoonsgegevens …

SpotIT steunt de Warmste week van Stubru

Neem deel aan 1 van de Security Awareness for Life sessies en steun Mucogent

Dit jaar laten we terug ons warmste hart zien door een inzamelactie te doen voor het goede doel via Music for life. We steunen dit jaar Mucogent . Dit is een muco-vereniging die zich inze…

GDPR: Meer transparantie en controle over de verwerking van onze persoonsgegevens

17/11/2016

Onze persoonlijke gegevens worden vaak ergens geregistreerd: via klantenkaarten, bij online aankopen, d.m.v. nieuwsbrieven waarop we ons inschrijven, op sociale media… noem maar op. Wat gebeurt er…

Betere bescherming van persoonsgebonden informatie dankzij GDPR, wat is de impact voor jezelf en voor bedrijven?

10/11/2016

Wie of wat is GDPR? We gaan eerst even terug in de geschiedenis van de privacyregelgeving. De privacyrichtlijn (EU Data Protection Directive 95/46/EC) van 1995 werd door alle lidstaten omge…

De kracht van smart devices voor hackers

27/10/2016

Oktober is European Cyber Security Month. Daarom delen we elke week een tip over cyber security. Vorige week vrijdag 21 oktober ’16 was er een massale cyberaanval. U heeft het misschien gem…

Laat je niet vangen door phishing of spear phishing

20/10/2016

Oktober is European Cyber Security Month. Daarom delen we elke week een tip over cyber security. Heb je ooit al een mail gekregen waarbij je bankgegevens of paswoord werden opgevraagd? Of…

Is uw paswoord ook “password” of “123456”?

13/10/2016

Oktober is European Cyber Security Month. Daarom delen we elke week een tip over cyber security. Deze week hebben we het over het creëren van sterke paswoorden. Zowel op het werk als thui…

Veilig social media gebruik

06/10/2016

De tip van deze week gaat over veilig social media gebruik. We brengen dagelijks uren online door. Door onze smartphone zijn we bijna 24/7 online. Social media maken daardoor steeds meer een ond…

De gebruiker als weakest link

29/09/2016

De belangrijkste maar tevens ook de zwakste schakel in IT beveiliging dat zijn wij. Gebruikers zijn voor cybercriminelen een belangrijk doelwit. Waarom? Omdat we menselijke fouten maken. We komen …