Online security is seemingly getting more compromised with each passing year. 2017 has witnessed some of the worst security breaches in history – such as the breach of Equifax, which impacted over 143 million clients in the U.S. and abroad.
There were also three major state-sponsored ransomware attacks, affecting hundreds of thousands of targets around the world. Unfortunately, it looks like this is just the beginning.
“Ransomware assaults seem to be getting increasingly dangerous,” said Marty P. Kamden, CMO of NordVPN. “Besides, system administrators are not ready to protect their networks from more sophisticated breaches. We believe that attacks will only keep getting worse.”
In addition, Internet freedom has been on a steady decline. For example, in the US, ISPs have the right to track customer data without consent and sell it to third parties, and net neutrality is under attack. Other countries are also passing freedom-limiting laws.
Below please find the predictions for 2018 by NordVPN, as well as advice on how to protect oneself.
1. Increase in IoT attacks. As Internet of Things (IoT) devices become common-use, they will continue to come under attack. When one device is compromised, the hacker can easily overtake the whole system of interconnected devices. One of the biggest fears is that hackers might compromise medical IoT devices, and patients’ information can be leaked. A connected smart home will be another popular target for hackers. What’s more, breached IoT devices can be used in vast scale DDoS attacks, putting down virtually any Internet based service or website.
2. Increase in travel data breach. Hackers are discovering that travelers who book their trips online share their passport and credit card data, which can be stolen. This marks the move towards specific online breaches, targeting groups of people – such as travelers, online Christmas shoppers, and others.
3. New, larger ransomware attacks. This year has shown the power of one ransomware attack that can disable hundreds of thousands of computers around the world. Companies are not yet up to speed with sophisticated hacker technologies, so there is a huge risk of new, larger ransomware attacks.
4. China to ban VPNs. China’s government passed a regulation that requires telecommunications carriers to block users’ access to private, government unapproved VPNs (Virtual Private Networks) by Feb. 1. This would mean that lots of people in China will not be able to reach the global internet, as many sites – such as Google or Facebook – are blocked in China.
5. The EU is implementing General Data Protection Regulation. GDPR, coming into force in May, is going to introduce stricter rules for companies on storing personal user data and on obtaining customer consent. The regulation will have global reach and force companies to protect user data – being one of the rare examples of governments striving to actually protect data privacy.
6. Digital Economy Bill in the UK. The UK is planning to pass a bill that requires age verification for adult site visitors. Age verification is done through collecting various data about the user, which poses a huge risk of data leaks and data loss, with sensitive private information being stolen.
7. Dutch referendum on government surveillance powers. The Netherlands will hold a referendum next year to determine if the law enforcement authorities can have far-reaching surveillance powers. Many privacy activists are striving to overturn the law passed in July, which allows government agencies to collect data from large groups of people at once.
How to secure your web presence in 2018
Internet users can still take matters into their own hands and secure their own computers or smart devices. It’s important not to click on strange emailed links, not to download from unofficial app marketplaces, to always have strong passwords, and to be generally cautious when going online.
It’s also highly recommended to use online privacy tools, such as VPNs, which encrypt all the information that is being shared between the user and VPN server. NordVPN helps secure browsing the Internet with its modern security protocols and no logs policy.
With the decline in online security and privacy, cybersecurity specialists will be in big demand, and companies will be looking to fill new job openings for cybersecurity professionals. Those who want to protect their own data at home, need to learn simple cybersecurity tricks themselves.
Legion gets a pro makeover
Lenovo’s latest Legion gaming laptop, the Y530, pulls out all the stops to deliver a sleek looking computer at a lower price point, writes BRYAN TURNER
Gaming laptops have become synonymous with thick bodies, loud fans, and rainbow lights. Lenovo’s latest gaming laptop is here to change that.
The unit we reviewed housed an Intel Core i7-8750H, with an Nvidia GeForce GTX 1060 GPU. It featured dual storage, one bay fitted with a Samsung 256GB NVMe SSD and the other with a 1TB HDD.
The latest addition to the Legion lineup has become far more professional-looking, compared to the previous generation Y520. This trend is becoming more prevalent in the gaming laptop market and appeals to those who want to use a single device for work and play. Instead of sporting flashy colours, Lenovo has opted for an all-black computer body and a monochromatic, white light scheme.
The laptop features an all-metal body with sharp edges and comes in at just under 24mm thick. Lenovo opted to make the Y530’s screen lid a little shorter than the bottom half of the laptop, which allowed for more goodies to be packed in the unit while still keeping it thin. The lid of the laptop features Legion branding that’s subtly engraved in the metal and aligned to the side. It also features a white light in the O of Legion that glows when the computer is in use.
The extra bit of the laptop body facilitates better cooling. Lenovo has upgraded its Legion fan system from the previous generation. For passive cooling, a type of cooling that relies on the body’s build instead of the fans, it handles regular office use without starting up the fans. A gaming laptop with good passive cooling is rare to find and Lenovo has shown that it can be achieved with a good build.
The internal fans start when gaming, as one would expect. They are about as loud as other gaming laptops, but this won’t be a problem for gamers who use headsets.
Click here to read about the screen quality, and how it performs in-game.
Serious about security? Time to talk ISO 20000
By EDWARD CARBUTT, executive director at Marval Africa
The looming Protection of Personal Information (PoPI) Act in South Africa and the introduction of the General Data Protection Regulation (GDPR) in the European Union (EU) have brought information security to the fore for many organisations. This in addition to the ISO 27001 standard that needs to be adhered to in order to assist the protection of information has caused organisations to scramble and ensure their information security measures are in line with regulatory requirements.
However, few businesses know or realise that if they are already ISO 20000 certified and follow Information Technology Infrastructure Library’s (ITIL) best practices they are effectively positioning themselves with other regulatory standards such as ISO 27001. In doing so, organisations are able to decrease the effort and time taken to adhere to the policies of this security standard.
ISO 20000, ITSM and ITIL – Where does ISO 27001 fit in?
ISO 20000 is the international standard for IT service management (ITSM) and reflects a business’s ability to adhere to best practice guidelines contained within the ITIL frameworks.
ISO 20000 is process-based, it tackles many of the same topics as ISO 27001, such as incident management, problem management, change control and risk management. It’s therefore clear that if security forms part of ITSM’s outcomes, it should already be taken care of… So, why aren’t more businesses looking towards ISO 20000 to assist them in becoming ISO 27001 compliant?
The link to information security compliance
Information security management is a process that runs across the ITIL service life cycle interacting with all other processes in the framework. It is one of the key aspects of the ‘warranty of the service’, managed within the Service Level Agreement (SLA). The focus is ensuring that the quality of services produces the desired business value.
So, how are these standards different?
Even though ISO 20000 and ISO 27001 have many similarities and elements in common, there are still many differences. Organisations should take cognisance that ISO 20000 considers risk as one of the building elements of ITSM, but the standard is still service-based. Conversely, ISO 27001 is completely risk management-based and has risk management at its foundation whereas ISO 20000 encompasses much more
Why ISO 20000?
Organisations should ask themselves how they will derive value from ISO 20000. In Short, the ISO 20000 certification gives ITIL ‘teeth’. ITIL is not prescriptive, it is difficult to maintain momentum without adequate governance controls, however – ISO 20000 is. ITIL does not insist on continual service improvement – ISO 20000 does. In addition, ITIL does not insist on evidence to prove quality and progress – ISO 20000 does. ITIL is not being demanded by business – governance controls, auditability & agility are. This certification verifies an organisation’s ability to deliver ITSM within ITIL standards.
Ensuring ISO 20000 compliance provides peace of mind and shortens the journey to achieving other certifications, such as ISO 27001 compliance.