5 key cyber security trends for 2017
#1 – Ransomware has come of age
Since ransomware first appeared in 2005 in the form of Trojan.Gpcoder, this threat has grown in maturity and sophistication. In a typical ransomware attack, business-critical or sensitive files are encrypted and held for ransom. In 2017, Trend Micro predicts 25 percent growth in this form of malware as it spreads to internet-enabled devices, point-of-sale (POS) systems and even automated teller machines (ATMs). Self-propagating varieties are now able to infect hundreds of machines in very short timeframes, and most firms don't have the resources in place to deal with these attacks in real-time.
#2 – A worsening skills shortage
With more than a million vacant positions worldwide, there is a worrying shortage of skilled IT security workers – and hackers know it. Larger enterprises are starting to realise the importance of hiring a Chief Information Security Officer (CISO), but there is a dearth of digital and cyber security skills among small businesses who don't have the budgets to employ top talent, leaving them dangerously exposed. The fight against malicious attacks needs to be collaborative – involving engagement between multiple small businesses, enterprises and government – rather than the David versus Goliath battle that business owners face today.
#3 – Hacking humans with ‘social engineering'
It might seem far-fetched to imagine that cyber criminals can just ask someone for their password and they'll hand it over. But social engineering does just that. Scammers nurture trust with tactics such as impersonation (sending emails or texts from your known contacts with links or downloads), or using "baiting" schemes via social networking (such as too-good-to-be-true deals on classified or auction sites). They often request confirmation of financial information or passwords. There are thousands of variations (and counting) on social engineering attacks, so don't let curiosity lead to careless clicking.
#4 – Attacks get smarter - and less traceable
Hackers are becoming increasingly organised and ‘business like', using malware in ever more creative and devious ways to get through company defenses to monetize their nefarious activities. They may be based in countries outside their victims' police jurisdictions, or exploit the Dark Web to hide and communicate with like-minded criminals as well as purchase even more damaging attack vectors. While direct attacks will continue to be an issue, of growing concern is longer-tail data mining. The data gathered may be used in more advanced future attacks or sold on the Dark Web for others to do the same.
#5 – Third-party risk management
If you've built an excellent security system and have all the right policies in place, your customers may still be at risk unless you've subjected your third-party suppliers to the same level of scrutiny. Or your own vulnerabilities may mean your business is exploited to gain access to larger, more-lucrative targets in your commercial network. There are notable examples – Target and Home Depot spring to mind – where security breaches were perpetrated by criminals who obtained and compromised a third-party vendor's credentials. Make sure you manage risks across your supply chain.
The major attacks that dominated the headlines in 2016 have generated great uncertainty about the future of cyber security. However, by ratcheting up your defenses, staying abreast of the threat landscape, and wisely managing your digital activity, you can make your business a tougher nut to crack and deter would-be cyber criminals.