Cyber security is an ever-growing concern, especially in light of the 2016 election in the United States and the ransom of data from various hospitals across the globe. As the Internet continues to grow at an incredible rate year after year, businesses need to pay closer attention to cyber attacks.
It’s estimated that cybercrime will account for more than $6 trillion in annual damages worldwide by 2021. These damages include everything from identity theft to reducing productivity through destroying data.
It’s indeed a scary virtual world, but it doesn’t mean you should give up. In many instances, simple strategies prove to be more than enough to protect many businesses around the world.
Here are a few things I discovered when exploring the threat of hacking attacks for 2018. Never assume your business is too small or unimportant to be a target of the digital criminal element.
Continued Identity Theft
Identity theft lead to more than $16 billion stolen from people in the United States alone in 2016. This number continues to grow each year.
In many cases, identity theft wasn’t even connected to someone sharing information through a suspicious email from Nigeria. Instead, it’s companies that collect information that are being targeted. An example of this is the Equifax hack announced in September of 2017. Approximately 143 million people are now at the risk of paying for the lax effort of Equifax.
The Fix: Biometric Scanning Techniques
Keeping the business safe will depend on your practices. However, thanks to technology, facial recognition is becoming more prevalent in hardware and apps. This tech is also advancing at a rapid pace to provide an excellent method to verify a person’s identity.
Elements such as retina, thumbprint and facial construction will help reduce the prospect of identity theft. In reality, the prospect of biometric scanning is so crucial that many manufacturers build it into smartphones, tablets and laptops.
Can you imagine how difficult it would be for a hacker to claim your identity if he or she couldn’t match the biometric profile?
Continued Exploit of Unprotected Websites
When anyone visits a website that is unprotected, there is a chance hackers can steal information. For instance, cyber attacks focusing on an unprotected eCommerce site could potentially steal credit card and other personal information.
A Secured Sockets Layer encrypts the information from the website to the visitor. It prevents anyone from watching transactions take place. Unfortunately, this will narrow the pool of who can be attacked which may result in non-SSL-using sites experiencing an uptick in attacks.
The Fix: Purchase SSL Certificates
Keeping the site protected with an SSL is not just good for your visitors, it will also improve search engine ranking. This is because Google holds secured sites in higher esteem, which improves visibility in search results. So, it’s a win-win for your business to have the SSL installed.
Using an SSL is only part of essential website security methods to keep the business and visitors safe from hackers. Implement measures that will benefit everyone.
Basic Security Issues Still a Concern
While many will scramble to seal up any holes in their security, a lot of people still practice poor security basics. Things like easy passwords, unencrypted communication and sharing too often in the business often leads to the most damage.
For example, how many passwords do you have among all of your website profiles and accounts? Many people will use the same one for everything. In reality, this puts data and identity at great risk. If a hacker knows the one password and gains access to the sites you visit, everything can be stolen.
Think about how large your favorites list is in your web browser and how your password can be used to access it.
The Fix: Use Basic Security Principles
Force your staff to use more advanced passwords in the business dynamic. Hold classes and seminars about email use and sharing information. Add employ encryption for communications whether it’s through an email or live chat.
It does no good to focus on advance security threats if your basic needs are not covered. This includes teaching the importance of keeping track of all business-related devices. It takes but a few seconds to swipe a laptop while waiting for a flight at the airport.
Ransomware Will Continue to Grow
I mentioned the effects of ransomware earlier. It happens when cyber criminals gain access to something like a database and demand payment to release the information. Currently, the number one target for these actions are medical facilities. Preventing access to vital information could result in a life-or-death situation.
Ransomware estimates hit $5 billion in losses for 2017. This includes more than just the payout to hackers. A loss of productivity and other costs contribute to a large amount of money in various industries.
The prospect of ransomware goes beyond hiding valuable data when it’s needed. It can also be used when releasing information to the public. This happened in 2017 when HBO and Netflix were hacked and cyber criminals threatened to release episodes of shows if payment wasn’t received.
Another aspect to be aware of is ransoming hardware. Software is growing in frequency that will lock devices from being used until a payment is made. Think about what you would pay to gain access to a smartphone or laptop that has crucial information in it.
The Fix: Use Redundant Backups and Seal Security Holes
When it comes to data, keeping redundant and accessible backups makes ransomware easier to deal with. I say redundant because you want more than one in the event the hacker gains access to the original as well. For instance, a data backup on an external device such as a flash drive makes it impossible for hackers to take control of all the information.
Other than that, making sure your security holes are plugged up can go a long way to protect data from the criminal element.
Lack of Knowledge of Company IT Will Be Exploited
The IT department of any business needs to take on the role of cybersecurity as well. While they might not walk around with a badge and a fancy leather utility belt, they need to know how to keep the company protected from cyber crime.
A lack of knowledge will undoubtedly open the doors for hackers. Again, take a look at Equifax. They knew beforehand there was a problem, but the executives claim the information wasn’t passed along properly. This is a prime example of why knowledge is powerful.
The Fix: Education and Training
Make sure your IT department is versed in keeping the business safe. Even the smallest businesses are targets, and knowledge prevents hackers from gaining access to anything business-related. Being supportive of staff improving their abilities only works to improve your overall business. This is why many corporations compensate employees when it comes to education and other tools.
Increasing Botnet Attacks
The Internet-of-Things offers an incredible amount of versatility and functionality. Many people find it handy to start the coffee maker at home while sitting in the office across town. Unfortunately, it’s the IoT that will pose a large threat in the future in terms of cyber attacks. This is because devices can be linked together to form a botnet.
In the first quarter of 2017, 11.37% of DDoS attacks worldwide happened in the United States. These were performed by botnets using various pieces of hardware. It’s somewhat crazy when you consider how your new office printer could be partially responsible for taking down a website or government database anywhere in the world.
The Fix: Keep Everything Updated
It’s vital to keep all of your technology up-to-date with the latest versions and patches. This includes both hardware and software. Most manufacturers will produce firmware updates if an exploit is found in the device. There is no reason to continue using outdated versions.
When it comes to websites, browsers like Chrome will flag it if the site is using outdated software. For instance, users will see a screen that states how the site may be a severe security threat if it uses Joomla 1.5. This is because Joomla 1.5 is grossly outdated and can be compromised.
Mobile Incursions May Rise
Mobile technology continues to advance every year. Things like smartphones and tablets make up a significant amount of traffic on the Internet. In fact, a report from Cisco states how mobile devices will account for two-thirds of Internet traffic on a global scale.
Because mobile devices are so common, access points as well as the hardware themselves are being targeted. Many businesses have wireless access points to accommodate staff working from everything between laptops and smartphones. Wireless networks also give external users access to business resources if not protected.
The Fix: Lock Down the Wi-Fi
Make sure your Wi-Fi hotspot isn’t “hot” for nearby attackers. Depending on the router you use, anyone in your parking lot may be able to see the network. Making sure your firmware is updated, passwords are secure and the network is hidden greatly reduces the chance of being hacked.
Some will go so far as to include MAC authentication, which only allows hardware with a specific address to access the network. Sure, this process takes a few more seconds to set up for the IT department. However, it denies the average Joe from jumping on the network even if he or she knows the network name and password.
More Claims for Cybersecurity Insurance
A growing trend in the world of technology is that of cybersecurity insurance. In essence, it helps offset some of the financial losses that incur after hacking attacks. In most instances, it works similar to health insurance.
Like health insurance, keeping your network secure will most likely reduce premiums. Many insurers love the idea of keeping the element “healthy” as it leads to fewer claims down the road. And given the increase of viral and other cybercrime attacks, a healthy digital body is less likely to be hit by those issues.
The Fix: Invest, but Focus on Prevention
Investing in cybersecurity insurance will help keep losses lower than they would otherwise. However, you still need to focus on prevention to keep the costs low and the criminal element from taking advantage. Keep the business network as healthy as possible and immediately address any leaks or problems that arise.
Increase of AI Attackers
Artificial Intelligence, or AI, is advancing across a myriad of industries. Forms of this are identifiable from gaming servers to website chatbots. While we might still be years away from a robot apocalypse thanks to an overseeing mega AI controlling military weaponry, bots with the right AI may become almost as dangerous.
What makes AI use for criminal intent scary is how quickly a bot can react to input. Include the realization that AI is in many things such as self-driving cars, and it lays the ground work to weaponize some of the most innocent devices.
Malware is currently being developed to be highly adaptive. For example, polymorphic malware adjusts its tactics to avoid detection. In essence, it adapts to the situation rather quickly making it incredibly difficult to destroy.
The Fix: Using Best Security Practices
I wish there was a better solution for facing AI-based attacks. Currently, the best way to combat such issues is to practice the best security measures possible. A lot of malware gains a foothold by taking advantage of various exploits, such as opening an infected email or downloading a corrupted file.
Put effort into the above fixes to prevent your business network from being a target in the first place. Like the saying goes, “An ounce of prevention is worth a pound of the cure.”
What Does the Future Hold for Online Security?
The future is uncertain for any organization. Just when you think the system is fool-proof, cyber attacks prove it otherwise. I’m sure Netflix, Sony and even Parliament felt secure up until they were attacked.
One of the best things any business can do for itself is to invest in prevention. This means improvements to software, hardware and employee knowledge. A lot of trouble is avoidable if staff do not double-click on that executable file in an email.
Keep a vigilant eye on trends and types of attacks happening around the world. While some of them may not be relevant to your business type, it’s only a matter of time until someone creates a variant that is. Hesitation often plays a part in an all-out loss of data because of a lack of proper cybersecurity.