by Salo Fajer
Following a year filled with sophisticated data breaches and headline-grabbing cyberattacks hitting nearly every industry, it’s safe to say most businesses are welcoming 2016 with open arms. The past year proved that cyber threats are only increasing in regularity and complexity, as hackers demonstrated using sensitive stolen data in creative and frightening ways. In fact, in 2015, more than 178 million records on Americans were exposed in cyberattacks, according to the Identity Theft Research Center.
While a new year often marks a fresh start for most individuals and organizations, it’s no secret that cyber-risk is still very present, and could hit a business at any given moment. In 2016, companies must learn from past security mistakes and their painful repercussions to protect themselves from ominous, reputation-damaging cyberattacks. Despite advances in technology, no crystal ball can predict the future or the next major breach, but the following cybersecurity predictions for 2016 should provide businesses with a rough blueprint of what to expect – and guard against – in the New Year.
- The rise and risk of ransomware
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Most commonly implemented through a phishing attack, ransomware disrupts business operations and creates an added financial burden, along with making organizations feel exposed and vulnerable. In 2015, many hackers experienced great success and financial gain with this type of attack, so expect to see more ransomware attacks in 2016.
- The emergence of elusive wiper attacks
Wiper attacks are another threat that can wreak havoc on a company, taking critical systems offline and bringing operations to a halt. Wiper attacks are intended to erase data from PC and file-server hard drives and prevent the targeted machine from booting. There are different variants of wiper attacks. For instance, some launch a one-time attack on a specific date and erase hard drives, while others gradually corrupt disks over a long period of time.
If this type of attack sounds familiar, it’s likely because it was the main threat method used against Sony Pictures in 2014, as well as other high-profile attacks in Saudi Arabia and South Korea. Because wiper attacks destroy data instead of stealing it, its use so far has been primarily associated with politically motivated attacks, which may be key in 2016, given the U.S. presidential election and other world happenings.
- Preparing for even more sophisticated social engineering
Social engineering attacks are a popular way in which hackers fool careless or clueless individuals into sharing their personal details so the hackers can gain access to their personal and professional lives for financial gain. As more and more data is released in the large-scale attacks that take place every day, it is likely that creative social engineering attacks in 2016 will use stolen credentials from previous data breaches to access further sensitive information.
While hackers have always been interested in using social engineering in avenues that have a direct line to financial data, like banking credentials, they’ll also target other sources of data, like bankruptcy filings. Another likely target of malicious hackers will be places that have indirect routes to a company’s network, like law firms and other vendors. For this reason, it’ll be important to properly train and educate not only internal staff members, but third party vendors and contractors that work with the company’s sensitive data.
- More smart devices brings less security
The Internet of Things has been buzzed about for many years now, especially given the emergence of smart phones, watches, homes, and cars as of late. It’s no secret that technology powered by the Internet of Things has the potential to change how we interact with the world around us, through an eco-system of connected devices and services. However, despite the convenience, speed and sophistication of such technology, the Internet of Things also brings with it major risk.
If left unsecured, criminals have an exponentially higher number of access points for attacking and infiltrating a network. In 2016, hackers will likely be seeking to either compromise connected devices for control and denial of service, or to use those devices to track people. One example of this would be looking at power consumption to determine when a person is home or not, while another could be how connected cars can allow a hacker to track a person’s exact location.
In tandem, employers also face the challenge of properly protecting these smart devices as they infiltrate the workplace – creating an extra layer of complexity in the great BYOD debate.
New Year’s Resolution: Properly Protect the Business
While many businesses have some security measures in place, they are often not enough to properly guard against sophisticated cyberattacks. In fact, many only think to reconsider their preventative measures after an attack, but by then the damage is done.
To prevent these types of security infringements, businesses must consider improved detection techniques and regular, improved end-user security education. This education must be more than once-a-year training sessions; rather, it must be an ongoing effort. Additionally, stopping future attacks will require deeper levels of visibility on the endpoint to detect and quickly neutralize attacks before they obtain a foothold on the target device.
A new year brings with it a new set of goals and expectations. As we say goodbye to the “Year of the Cyberattack” that was 2015, ensure cybersecurity and proper prevention methods are prioritized in 2016, to avoid becoming the next victim.
Salo Fajer is the Chief Technology Officer at Digital Guardian.