Cybercriminals are becoming more sophisticated and collaborative with every coming year. From internal threats to creative ransomware to the industrial Internet of Things, cybersecurity threats are going to get even more creative and innovative.
A recent report has suggested that victims are now turning to infecting their friends or colleagues in return for free decryption of their files, according to the MalwareHunter Group.
Here are our predictions for near-future cyber security threats likely to impact enterprise and small business and how to protect yourself:
1. Insider Threats
Most IT security defences are set up to defend against external hackers and this allocation of resources to protect your data and systems does make sense, as most attacks come from outside the organisaton – but not all.
Insider threats are a huge problem: 90% of security incidents are caused by people, according to Verizon’s Data Breach Report , but additionally 55% of attacks are originated by an insider.
Here are some tips to help reduce the risk of a malicious insider attack:
1. Use role-based access management for critical applications and systems to limit the ability and resources that malicious insiders can use to do damage.
2. Monitor and block the movement of sensitive data outside the organisation via a mixture of technical real-time controls.
3. Adopt and embrace user-awareness training to help your team identify a rogue insider and not be afraid to speak up. The more eyes you have on an area of risk, the better.
4. Have an incident response plan that involves all business departments – including HR, legal, PR – on how to guard against and respond to malicious activities by insiders.
2. Creative Ransomware
As organisations evolve critical cyber defences, cybercriminals will continue to innovate and get more creative with their ransomware attacks. The days of single-target ransomware will soon be a thing of the past with payloads such as Conficker, Nimda, and Code Red, capable of infecting hundreds of machines in an incredibly short timespan.
Because 91% of all ransomware attacks are initiated by email, adopting solutions that block malicious URLs and weaponised attachments is one of the most effective ways to stop ransomware attacks.
Mimecast Offshore’s all-in-one service for email security, continuity and archiving provides comprehensive protection to stop ransomware and other advanced targeted threats, while also addressing a host of other email security issues.
See what Jeremy Piven has to say:
3. IoT bankruptcy
DDoS attack on Dyn, IoT security threats was talked about but not really taken seriously until now. With Gartner estimating 6.4 billion connected things worldwide in use this year and the number expected to reach 20.8 billion, there are plenty of ‘As-A-Service’ attack capabilities on the Dark Web for hire now.
It’s not just your computer that hackers can now attack. It could be a security camera hooked up to the internet, or a Xerox machine, or even a piece of industrial machinery like a blast furnace. The IoT devices connected to your computerised maintenance management system are at risk, too.
IoT hackers are not just interested in stealing data and making money, but to alter it with potentially dire consequences. Hackers will capitalise upon the growing acceptance of connected devices, by creating integrity attacks that have the power to bring down an entire company and beyond. It is common for competing products to leverage the same underlying web software or hardware components developed by a single entity.
As such, when a vulnerability is discovered, it can impact hundreds of unique products. When such a technology represents the lion’s share of an OEM’s revenue, a major recall combined with the threat of lawsuits creates the perfect storm to put the company out of business. Expect to see such examples in the coming year.