26 Dec 2017 Cybersecurity Predictions
You don’t need a crystal ball to realize in 2017 the need for cybersecurity will increase and new threats will emerge. 2016 was filled with devastating data breaches and the emergence of a new type of threat with Ransomware.
A recent PriceWaterhouseCoopers report revealed that 74% of small and medium businesses experienced a security issue in the last 12 months, and this number will only increase due to SMBs being perceived as ‘easy targets’.
Here are what we predict for 2017 to be the biggest cybersecurity concerns:
Prediction #1: Ransomware expands to the cloud and becomes more targeted
Holding high value assets hostage in exchange for some sort of payment is not new. Ransomware attacks have been in the news for the past couple of years, and no one expects them to go away any time soon. According to some experts, the total cost of ransomware for 2016 is expected to top one billion dollars, and is expected to grow exponentially in 2017. Unless they get serious about security, we predict an increase in the number of healthcare organizations that will be targeted for ransom-based attacks. We should also see an increase in the targeting of other businesses that collect and manage human data, such as law firms, financial institutions, and government agencies.
Prediction #2: Password re-use will take center stage as breaches increase
The habit of re-using passwords is one of the most dangerous cybersecurity practices. Large scale breaches from Yahoo and Twitter have helped raise awareness, but it will take a few more major incidents in 2017 to change behaviour. In 2017, people and organizations will begin using unique passwords as often as they lock their car doors in a parking lot.
Prediction #3: BEC will continue to evolve and the big losses will continue
Since mid-2015, business email compromise (BEC) has been a major threat to organizations, resulting in over $3 billion in losses per recent FBI reports. Overall BEC losses will increase even as individual incidents of massive BEC losses decrease due to improved business processes and financial controls in larger organizations. Small and midsize businesses will remain susceptible to these attacks and will see their share of the overall losses increase. Moreover, we will continue to see some seasonal variants on BEC attacks like the “W2 request” campaigns that marked early 2016.
Prediction #4: More Cyber-Related Regulatory Enforcement
The incoming administration will focus on cybersecurity compliance and regulatory. State and Federal regulators will be widening their cyber-focus by enforcing new foreign cyber laws, and pushing regulation and penalties down to the small-and-medium-sized business sector. While the multi-million dollar fines and penalties seem to be reserved mostly for HIPAA fines levied against healthcare providers, fines and penalties may increase across the board.
Prediction #5: Mobile will continue to rise as a point of entry
Ponemon Institute reported that organizations who reported having a data breach, 67% were caused by employees using their mobile devices to access the company’s sensitive and confidential information. Employees and their mobile devices are now moving around way too much, and much too fast, for old-fashioned cybersecurity strategies to be effective. Add to that an increasing sense of entitlement by users with regards to the devices they choose to use, and you have a situation ripe for exploitation.
In the future, organizations will see an increase in intrusions that are better designed, trickling down to businesses that are less prepared to handle them. Even as regulators look on; cyber criminals will continue to exploit their success and venture into larger money making schemes such market manipulation.
So, what can companies do to protect themselves? Organizations of all sizes should implement stronger controls such as 3rd party risk assessments, employee training, formal reporting procedures, and implement cybersecurity requirements for their vendors. These controls should be coupled with well-tailored cyber insurance policies.