(No Ratings Yet)

Loading...

• Facebook
• Twitter
• LinkedIn
• Mail

July 13, 2015 Comments closed

2015 Technology Trends, their Security Risks & Safety Tips

in ssl certificates

According to reports conducted by various research and technology firms, 2015 will be continuing many of 2014’s innovations and disruptive technologies. The entire technology landscape is forcasted to triple with more mobile apps and devices entering into the market. Data center traffic is expected to reach more than 600 exabytes per month. Just in case you didn’t know, 1 exabyte is equivalent to10,000 terabytes.

Then there are self-driving cars, bendable displays, air-charged batteries, holographic teleconferencing, wearable mobile devices, and 3D printing breakthroughs. These are just a few technology trends that people are looking out for this 2015, with many more innovations expected to enter the market throughout the year.

Together with these exciting events also come worrisome security threats that have not been dealt with properly in the past or are being driven by the latest innovation. For instance, trust flaws in IPv4 that are still existing in IPv6 may be capitalized on by cyber criminals.

A shift from BIOS to rich boot environments such as UEFI can result in new type of attacks from rootkits and bots as well. As technology becomes more popular and pervasive, so does its potential to create problems when mishandled and mismanaged.

Mobile Apps, Payment and Devices

Gartner is predicting that the sales of both tablets and smartphones could reach up to 385 million units in 2015. With that in mind, there will be a need to serve all those users in diverse contexts and diverse environments. With the rapidly expanding market of mobile devices, there’s also an ever expanding question of the security of those devices. At the moment the majority of malware that’s built for the devices is targeted primarily at Android, but that could change over time.

Luckily, there’s a few obsticales that are circumventing the widespread proliferation of malware into the market. One of those obsitcales is validated application delivery which is making the installation of malware quite difficult. Other obsticales include, address space layout randomization (ASLR), sandboxing and automatic updates; making mobile platforms difficult to target. Nevertheless, the popularity of this platform may push cyber criminals to innovate as well, commercializing the industry of non-PC hacking.

Over the past few years, there’s been an increase on attacks targeting mobile payment systems. This led to the development of security features that are built to prevent theft. Some of those very same security features are the same ones that are actually posing as possible threats in the future.

There is an increase in attack on mobile payment systems, but at the moment cyber criminals are continuing to focus their abuse on traditional credit and debit cards since they are easier targets for now.

Internet of Things (IoT)

The scenario where objects such as appliances and devices are able to transfer data over a network without human intervention is part of a concept coined the “Internet of Things”. With this advancement it will be possible to make our everyday objects more connected – which comes with upsides and downsides. Digitizing everything into data streams is creating new requirements as well as services.

Unfortunately, evidence shows that many IoT device manufacturers have neglected to implement basic security standards. Attacks on these devices can have a real nasty impact. Worse, the vendors may not have the distribution infrastructure for timely updates to correct lapses. Like the mobile platform, attackers may begin onto venture on IoT platforms as these devices multiply.

Cloud Architecture

Both cloud and mobile computing is promoting the growth of centralized applications that can retrieve and sync data across multiple devices. This synchronization is delivering the same experience across all devices, and allows users to pickup where they left off.

While many of these cloud services state that they’re using encryption to retrieve and sync the data. There’s been some evidence that has proved that of these services aren’t actually implementing encryption correctly. One example of such is by not enabling Certificate Pinning in SSL, because of this, the experience isn’t necessarily secure or private to the outside world.

Web-scale IT

Web-Scale IT is a philosophy that organziations will begin adopting as they begin to think, act, and build both applications and infrastructure for the future. According to Gartner, this will happen slowly, as commercial hardware becomes ready to drive their cloud based needs and software.

However it’s become clear that as more organizations deploy their hardware and software to the cloud, that the security used to protect such devices and applications aren’t up to snuff. Many organizations are having a hard time finding candidates that have experience with cyber security or even the skill set.It’s now widely accepted that the edge defense approach towards security is no longer an option. Organizations are finding it quite difficult to provide a secure environment across everything not only within, but also externally as well.

Not to worry however, we’ve gather together a helpful few tips that can help you stay secured and safe while online.

Top 5 Tips of 2015 for Online Security

1 Update, Update, Update!

This is something we cannot stress enough to secure our online data. Numerous websites are compromised every day due to using outdated software and technology to run them. It is very important for every online business to update their website as soon as new plugin or CMS version is available. Unless you are running a website firewall like Cloud Proxy, you’ll need to update as soon as updates are released.

2.Make Your Password Strong Enough

SplashData’s annual list compiles the millions of stolen passwords made public throughout the year and assembles them in order of popularity. Here is the 25 most common passwords of 2014 which is already stolen and hackers get the all the information easily by using those common passwords. It is clearly indicated to us that when it comes to choosing a password there are 3 key requirements that should always be followed: complex, long , and unique.

Another good function to look into is “2FA” – or Two Factor Authentication. This is a mechanism for logging into an account that leverages a password as well as another method, such as an email confirmation or a secret code sent via text message.

3.Never Host More Than One Site on a Single Server

Majority people in the online world fall victim to choosing the “Unlimited Hosting” plan for their online business and end up hosting all their various sites on a single server. Unfortunately this is one of the worst security practices we commonly see. Hosting many sites in the same location creates a very large attack surface.

For example, a server containing one site might have a single WordPress install with a theme and 10 plugins that can be potentially targeted by an attacker. If you host 5 sites on a single server now an attacker might have three WordPress installs, two Joomla installs, five themes and 50 plugins that can be potential targets.

To make matters worse, once an attacker has found an exploit on one site, the infection can spread very easily. Not only can this result in all your sites being hacked at the same time, it also makes the cleanup process much more time consuming and difficult. After the cleanup is successful, you now have a much larger task at hand when it comes time to recover from the attack. So it’s better if you can use one hosting server for each website.

4.Server Configuration Files

You should really get to know your web server configuration files. Apache web servers use the .htaccess file, Nginx servers use nginx.conf, and Microsoft IIS servers use web.config. Most often found in the root web directory, these files are very powerful and quite confusing. It’s these files that allow you to execute server rules, including directives that improve your website security.

Here are a few rules that I recommend you research and add for your particular web server:

5.Install SSL Certificate

An SSL Certificate isn’t required, but it’s highly recommended as more users are connecting and transmitting data. The reason for getting an SSL Certificate installed on your website is that it’ll be encrypting any transmitted information to and from your server. Even basic data can be used to identify you or your site’s users and its important to provide them with security. Just think of all the personal information that could be at risk of being stolen and used.

An SSL Certificate is especially important for E-Commerce sites and other related sites that accepts form submissions with sensitive user data or Personally Identifiable Information (PII).