It’s been a year of dramatic change in the world, and the data security landscape is no exception. From hackers cashing in on COVID-19 to a novel landscape of remote employees, new security threats and solutions are emerging each day.
We rounded up the top five emerging data security trends that are shaping the future, from new methods of attack to innovative ways to protect personal data.
Zero Trust Frameworks for Remote Employees
In a matter of days and with no notice, offices around the world were forced to transition to totally remote workforces. In this newly distanced world, it quickly became clear that traditional, network-based security controls were not going to cut it. Enter zero trust security.
A zero trust framework is predicated on the idea that organizations should never automatically trust anything inside or out of its perimeters without verification. Instead, zero trust security gates individual access using granular policies, utilizing dynamic user and device risk signals and other telemetry to prevent data breaches and support a remote workforce. The zero trust security market is expected to grow 10% annually from 2020 to 2025.
Vishing Scams and Attacks
Voice phishing, otherwise known as vishing, has gained momentum this year, with the FBI and Cybersecurity and Infrastructure Security Agency releasing an official alert in August of 2020. Much like a traditional phishing attack, vishing attacks lure unsuspecting victims into providing log-in credentials, payment information or other sensitive data over the phone. Hackers scam individuals by pretending to be a bank or credit card representative, an employee from the IRS or an official from Medicare or Social Security offices.
For organizations, the threat lies in spear-vishing attacks, which target key employees in an attempt to gain log-in credentials. A sophisticated vishing attack could even use deepfake audio to mimic the voice of a trustworthy party. Such was the case in 2019 when a chief executive at a UK energy company was tricked by a convincing deepfake audio call asking him to send $220,000 USD to a Hungarian supplier.
Botnet attacks are not a new enemy in the data security landscape, but this year, a botnet dubbed FritzFrog donned a powerful new weapon: a peer-to-peer network.
Ordinarily, botnet networks operate with a central command and control center that sends commands and receives stolen data. With its administration centralized, it is much easier for security experts to trace the illegal activity to its origins. However, peer-to-peer botnets like FritzFrog are avoiding detection by spreading administration over several infected nodes. Without a centralized server, peer-to-peer botnets are more difficult to detect and defuse.
Since its discovery in January, FritzFrog has targeted tens of millions of IP addresses, from government agencies and financial institutions to telecom companies and well-known universities—and it has yet to be taken down.
While hackers flex the power of distribution with peer-to-peer botnets, security experts are using the same concept to improve their data protection and performance with microsharding.
Microsharding takes the familiar data security practice of sharding to the next level. Microsharding splits a file into multiple, very small pieces that may be as small as a single byte. Microshards are then stored in separate locales, distributed across different cloud providers and on-premise locations.
By reducing the attack surface, micosharding more effectively protects the data of customers, employees and organizations. It may also reduce scope, devaluing data in the same way that a paper shredder renders sensitive documents useless.
Contactless Payments and Payment Protection
At long last, the U.S. is catching up to the rest of the globe when it comes to contactless payments. Spurred by the coronavirus, contactless payments jumped 40% in the first quarter of 2020, and this new consumer behavior is expected to stick around.
But with new payment trends come new security vulnerabilities. As contactless payments become more common this year and beyond, it’s crucial that merchants keep encryption in mind.
In an interview with Digital Transactions, Miles Ruston, founder and adviser of Bluefin Payment Systems, warned that not all POS devices that accept contactless payments encrypt data as it enters the terminal. That’s why it is critical for merchants to employ point-to-point encryption, or P2PE. With a P2PE-certified solution, clear-text data never traverses the merchant’s system, ensuring that contactless payments are secure from the first tap.
Devalue Your Sensitive Data
As hackers develop new technologies to pilfer payment information, log-in credentials and more, it’s critical that merchants devalue their data. At Bluefin, we help organizations protect their POS and online transactions with certified P2PE and tokenization solutions that render stolen data useless to cyberthieves.
To find out more about our industry-leading cybersecurity solutions, contact Bluefin today.