The year 2016 has been quite a ride for businesses in IT security. We have been witnesses to how companies and organizations succumbed to online breaches and threats, some of which took years to discover. The latest victim happens to be no less than Yahoo!, who recently reported that some user data had been stolen from way back 2013—three years after the data theft actually transpired.
This only underscores the need for enterprises to be more vigilant and perceptive of the different forms of cyber attacks that are threatening to disrupt businesses and ruin public trust in IT services.
Preparing for 2017 Cyber Attacks
Security experts are now finding an opportune time to tell you everything you need to know about cyber security, which may carry over to the fresh, New Year.
Here are the top 10 predictions that will hopefully help you brace for any unfortunate event in your IT safety measures:
Phishing attacks won’t cease to exist.
Up until this time, perpetrators of spear phishing attacks are continuing with their ploy because unsuspecting victims are giving in to their tricks. Hackers can lure them into believing that those malicious emails are legitimate materials of communication.
By conducting regular security training sessions on a company-wide level, IT teams can warn employees about the persistent threats in phishing and mitigate the need for a disaster recovery plan.
The Internet of Things (IoT) will be open to misuse.
Any device connected to the internet – smartphones, tablets, routers, drones, storage drives – can be used to launch attacks on your network. This year, IoT already played a big role in one of the biggest cyber incidents of 2016 when the entire east coast in the US suffered an internet outage because of a DDoS attack on Dyn.
Within your organization, make sure that your connected devices carry the latest security patches, and that restricted access is enforced.
The culture of recycling passwords will live on.
The habit of reusing passwords across accounts makes for system vulnerabilities, and yet, end users do not seem to care about the possible consequences. LeakedSource was able to crack 99% of passwords stored by Friend Finder Network partly because they were so common that 123456 ranked number one.
There should be increased awareness about the dangers of this practice until everyone makes a deliberate choice to use unique passwords. You could also push for the formulation of password policies that you can enforce and audit.
Scams will proliferate on social media.
Social media has been host to multiple attacks ranging from social scams to fraudulent and counterfeit schemes. As of late, a number of social media platforms have introduced payment services for users. This could become new target attacks for hackers using social engineering tactics. The spread of fake news is yet a related concern as smear campaigns can have serious impacts on business.
Implement a social media policy within your company to ensure that your employees don’t unwittingly infect your network.
Mobile smart devices will host to zero-day attacks.
Software and hardware vulnerabilities can pave the way for hackers to launch zero-day attacks through a number of channels such as SMS, OS-based messaging systems, or the Cloud. Apple became a victim of a spear-phishing attack through a zero-day vulnerability.
Make sure that installed apps on your corporate devices are screened and approved by your IT team, and that no illegal downloading slips through your fingers. Operating systems on mobile devices should also be updated as soon as possible.
Multiple hacking activities will cross-pollinate.
You can already hack 15 things that aren’t computers even before IoT became prominent. Now that you have connected devices without any standard security, it would be much easier for criminal hackers to infiltrate different devices. A year ago it has already been demonstrated how a car can be hacked through its web-connected system, enabling the hacker to control the vehicle while the drive was still inside.
The healthcare industry will still be vulnerable targets of ransomware.
IT security is not a priority among healthcare organizations, making them vulnerable to criminal hackers. Moreover hospitals use electronic medical records, making sensitive crucial patient information up for grabs and enabling hackers to demand huge ransom in bitcoin.
It’s time for healthcare and medical institutions to have their own IT security team.
DDoS Attacks will increase.
A sudden surge of DDoS occurred in the second half of 2016 involving Mirai. With the help of IoT devices, it was able to launch huge attacks against Dyn and Krebs on Security. Now that it has been proven to be effective, it will continue to increase next year.
Businesses, especially those who belong in an industry prone to DDoS attacks, should consider anti-DDoS solutions or restructure their networks to at least mitigate a DDOS attack. In general, enterprises should include DDoS in their cyber incident response program.
Critical infrastructure attacks could compromise national security.
Outage in any of the critical infrastructure such as a power grid and transportation systems can cripple an economy and cause mass panic, effectively weakening any country.
Governments will need to act fast on introducing or finalizing legislation that would gather together major industry players to bring about knowledge sharing on cybersecurity.
SMEs/SMBs will see a rise in data breach attacks.
In the past year alone, more than 50% of small to medium enterprises/businesses were subjected to cyber attacks. An even bigger number – 60% of small businesses – failed to recuperate from such attacks after half a year.
It’s easy for small businesses to assume that corporations – who have more to lose and money to pay – are more susceptible to hacks. Unfortunately, criminal hackers don’t discriminate. As long as they can make money off of you, they will. Small and medium businesses have to rethink and invest in IT security.
The darknet will operate on the mainstream.
Hacking is already a billion dollar industry where criminal hackers trade, sell and buy stolen data in the dark web. Darknet is the natural next step.
Imagine if the people your organization serves fall victim to this crime. Proactively testing and controlling your IT infrastructure should never be an option, rather a constant goal.
These fearless forecasts and preventive solutions reveal only a parcel of what can be expected in the coming year. As opposed to showing fear or alarm, security experts are laying their cards on the table to present what’s happening in the real world. And while there is no rock solid measure to counter cyber threats, reinforcing the culture of security is a good first step that you could take.