Over the past few months, we’ve seen a lot of headlines – ranging from the cyber attacks on Yahoo to security breaches at the Democratic National Committee – that have raised (or should have raised) awareness of the importance of protecting business data. At the same time, some of them have also served to signal what kinds of issues enterprises face in 2017.
That said, here are five trends that are likely to emerge during the coming year:
Cyber attacks will go mobile. Unsatisfied with just breaking into computer networks, hackers will likely turn their attention to mobile devices, looking for new ways to deliver malware and ransomware. The reason is simple: More and more companies and their employees are using smart phones for sensitive tasks, but are not taking the necessary steps or investments to ensure security. That makes them easier to take over.
Banks, law firms, and hospitals will be at greater risk. In 2016, we saw hacks of major financial institutions like Tesco Bank and Russia’s Central Bank. Breaches of medical information in 2015 totaled more than 115 million records. Three Chinese nationals were charged with hacking into a major global law firm and stealing confidential information about proposed mergers, making about $4 million from insider trading. Success, as they say, begets success – especially in the criminal world – and in sectors where there is significant critical data, there will be significantly more attacks.
Spear phishing will only get worse. No less than the U.S. secretary of Homeland Security has said that the most destructive attacks by the world’s effective hackers start with spear phishing – in which seemingly harmless emails are used to deliver malware. To reinforce that, 91 percent of security breaches begin with an email. Keep in mind, too, that it isn't just corporate email accounts that are at risk; personal accounts, accessed via the web, are equally vulnerable when they’re opened on business networks. Experts have called this the “Achilles heel” of data security. We couldn't agree more.
Small and medium-size businesses will be targeted. Rather than spending time and effort trying to overcome corporate security, hackers often look for the easiest point of attack. Inevitably, that means small businesses, which typically do not have the budgets or IT staff to do much beyond employing basic firewalls or virus protection. Cyber criminals know that, and as the number and sophistication of security breaches continues to increase, so will the risk to SMBs.
Threats to the cloud will grow. Asked why be robbed banks, the career criminal Willie Sutton reportedly said, “Because that’s where the money is.” There is a 21st century security parallel to his 20th century statement: Hackers will dial up their attacks on the cloud because that’s where more and more data is being stored. Cyber-criminals are less concerned with where your business-critical data is located. They just want to breach your systems, and once inside, create havoc. In 2016, so-called “brute force attacks” on cloud environments rose from 40 percent to 54 percent. Expect that trend to continue.
All of this leads to an obvious question: How can these problems be avoided? The answer isn’t especially complicated, thought it does require a demonstrable commitment of resources.
Enterprises – especially SMBs, hospitals, law firms, and financial services companies – need to redouble their security efforts. At minimum, this means training employees on what they can do to support data security; identifying security gaps; employing software and strategies that can detect and destroy threats in real time rather than in hours or days; working with managed IT service providers, when necessary, that have the expertise and experience to deal with these risks; and making the necessary investments in security.
By doing those things now, you can help ensure that 2017 will be happy for you and your business– and not a heyday (or payday) for potential hackers.
ABOUT THE AUTHOR
Mark Elliott is a Best-Selling Author and CEO. His company, 3i International, helps you apply technology to improve performance and compliance. For over 25 years, Mark has been helping startups to Fortune 500 companies overcome the technology challenges they face. He develops strategies to analyze, manage, and adapt to the ever-changing technology landscape. A central focus has been security and compliance. His experience includes preventing, detecting, and responding to hackers and threats. This keeps your organization safe from invasions while simultaneously meeting regulatory compliance.