Cybersecurity is more relevant than ever, 2017 was the year of devastating security breaches. The average cost of a data breach for companies grew exponentially as we watched some of the biggest organizations in the world get hacked. Growing cloud adoption has offered some security advantages, but simultaneously created new concerns. Datacenter attacks could impact many companies at once, and there are bound to be attacks on open source vulnerabilities.
Here is a look at some potential threats and current security trends.
Trend Micro predicted in 2016 that ransomware will grow 25% in 2017. In hindsight, it those of us close to the industry think it’s been even more, and we’re not even through December yet. The first half of the year saw an unprecedented rise in sophisticated ransomware attacks. It is expected that new variants will keep emerging and affecting not just company servers but ATMs, PoS systems, and IoT devices. Experts recommend not paying the ransom to get your locked files back, but rather seek out help from cyber security professionals if you get attacked. Protection against ransomware would be the cheaper and more proactive option. Security advisors recommend timely backups and updates, constant vigilance and caution against apps, websites and emails, and a strong antivirus as measures against ransomware.
2. Tools for hackers are easy to get
These days, hackers don’t need experience or any hacking knowledge for their nefarious activities. The tools they need are readily available against payment. The stage is set for growing cybercrime, whether the motivation is financial, political, or a grudge. In the process, companies are at risk of losing millions of dollars, if they aren’t keeping up with security best practices.
3. DDoS attempts on IoT devices
Distributed Denial of Service (DDoS) attacks on IoT devices have gone up in number, highlighting the lack of adequate security on IoT devices. Companies have been too eager to roll out IoT devices while security implementations haven’t kept pace. Attackers use IoT devices for malware-based DDoS botnets. These botnets overwhelm target IoT devices like networking devices and video surveillance equipment. We were mortified this year when hackers started to breach IoT toys for children. Scary stuff.
According to Gartner, by 2020 more than a quarter of all identified attacks on enterprises will involve IoT devices. With IoT attacks having exploded by 280% in the first half of 2017, IoT security spending is expected to go up significantly. Companies will spend nearly $1.4 trillion on IoT by 2021, says research firm IDC. There will have to be corresponding spending on IoT security, if DDoS attacks are to be prevented.
4. Cyber security skills gap
With technology changing at a breathless pace, it’s hard for IT security workers to keep up. There is a greatly-felt skills shortage in IT departments and security teams around the world, causing measurable damage. There are over a million security positions vacant globally. There are more jobs in cybersecurity than there are candidates, often leading to temporary hires. There is a need to attract more college graduates towards the area of cybersecurity. CISO as a service is cashing in on this shortage and growing more popular.
5. Unsecured third-party vendors could put customers at risk
While big businesses may have all necessary security measures in place to protect customer data, their third party vendors may not be so well-secured. PoS attacks at Wendy’s made more than a thousand franchised locations vulnerable in the summer of 2016. Companies will have to come up with new policies for third-party risk management to make sure such incidents are not repeated in the future.
Cybersecurity will continue to be an uphill climb in the future. But companies that take some time to review their cybersecurity policies and planning will be better protected against whatever threats the coming year brings.
If you feel like your company could be a candidate for a cyber security assessment, contact us immediately. Fifty percent of all companies in the U.S. had at least one cyber attack during the year. Make sure the next one against your company doesn’t get through!