Welcome to 2020. The National Association of State Chief Information Officers (NASCIO) still ranks cybersecurity as the top priority for 2020. We are barely rounding out the first month of the new year, and we have already seen a couple of important cybersecurity concerns.
- On January 14th, the National Security Agency (NSA) has put out an advisory (CVE-2020-0601) about a critical vulnerability in Microsoft Windows 10 and Microsoft servers. This vulnerability undermines how Windows verifies who is trustworthy and who is not. If you are just now hearing about this, it may be wise to check with your IT staff members about the status of the Windows 10 NSA patch.
- Another important item to know about is the end of life status of the Windows 7 operating system.
- Both issues will affect the enterprise users as well as the people at home.
- One of the things to look out for in the future includes the continuation of ransomware attacks – when an attacker encrypts data and holds it for ransom. It would be wise to have a tabletop exercise to discuss the business continuity plans if computer systems were infected.
Food for thought: if your computer backup strategy is on the same network as the rest of the infected computers, what do you do when the backup is also infected?
- In 2020, expect to see “deepfakes” become more of an issue as cybercriminals add a higher degree of realism to request money transfers. Deepfakes are the ability for AI-generated voice or video calls to be used to trick people into believing that they are the real person. Recently, an energy company was reportedly defrauded of US $243,000 by scammers who used AI to mimic the voice of the firm’s CEO.
- One of the final points to look out for is the growth in cloud security issues. As newer cloud enabled applications come online, hackers will find new low-hanging fruit that may not have been fully patched or secured.
Final Thoughts: Knowledge is Power
The journey always starts with baby steps. Know not only where your confidential data is stored but also what makes up the confidential data at your organization. Demographic data coupled with bank routing information can make for a very happy computer hacker! Where is this data being stored? Understand the penalties for non-compliance with associated laws and regulations for the data. Finally, understand the cross-border issues with data in the cloud. Knowing the scope and authority of the oversight agencies in each country whose citizen data you may have or who are housing your data will benefit everyone.