Now is the time businesses plan their budgets, review the current year's IT spend, and set strategic goals for the coming year.
If you're making these plans, remember to include one looming issue: cybersecurity.
McAfee Labs has released a report titled, "2016 Threat Predictions" (PDF). It details the state of cybersecurity threats, and projects
what’s coming in 2016.
The outlook is, quite frankly, grim. Serious new threats, and new versions of old threats, are on the horizon. It’s up to us to prepare for them.
New Threats to Watch Out For
Wearables. Devices like the FitBit collect data and give us feedback. They’re handy for time management, fitness and a growing number of activities.
They're also vulnerable to cyberattack. One "way in" hackers can use is the wearable’s Bluetooth transmitter. By sneaking code into the device via Bluetooth, they can open a security hole in your smartphone, tablet or laptop.
Hardware-based Attacks. Only a couple years back, cybercriminals had to use software to break into other computers. Now, IT hardware is so cheap & plentiful that it becomes another attack vector.
For instance, a cybercriminal can infect dozens of USB drives with worms, and drop those wherever a target may look. "Hey, free USB drive! Let me plug it in & see what’s on it…wait, why is my bank account empty?"
We’ve also seen firmware-level malware appear. This is a piece of code that essentially welds itself to the computer’s hardware. Even a reformat can’t get it out.
Attacks on Cloud Services. Thousands of new cloud servers will come online before close-of-business today. Cybercriminals will start trying to break in tomorrow.
The sheer volume of data stored in the cloud makes it an irresistible target for cyberattack. Worse, if cybercriminals do break in & steal data, they may be able to conceal the theft for weeks. Even months.
Stolen Data Black Market. Ever hear of "Silk Road"? It was an online black market where people bought & sold everything from drugs, to weapons, to stolen data. The FBI shut down Silk Road…but another market
popped up weeks later. They aren’t going away.
Cybercriminals love to collect stolen data. They can do all sorts of things with it:
- Store the data for future use or sale
- Combine data from multiple sources to build profiles of potential victims
- Use the data in illegal activities, such as blackmailing people or committing bank fraud.
New Versions of Old Threats
- Next-Generation Ransomware. We did a Tech Tip on ransomware in April.
It’s evolved since then, into “Ransomware-as-a-Service.” The ransomware runs on a hidden server, activated on-command whenever someone pays the server operator. Security experts have also seen new Cryptolocker-style
apps appear recently.
- Software Vulnerabilities. Almost every week, new vulnerabilities are found in the software all of us use: Flash, Java, Internet Explorer, etc. (Flash and Internet Explorer account for more than 50% of all software vulnerability
attacks!) Most are patched soon after discovery, but you still have to apply the patch. If you don’t, hackers can (and often do) find you.
- Integrity Attacks. An Integrity Attack is subtle. It involves changing the elements within a transaction or communication. This isn't intended to steal lots of data—it's to enable access for a larger goal.
Integrity Attacks let hackers take control of a self-driving car.
Or spy on a bank's operations, in order to modify transactions & steal money.
How You Can Stay On-Guard
The following recommendations come from a 2015 Osterman Research white paper, "Best Practices for Dealing with Phishing and Next-Generation Malware":
- Understand the risk your organization faces. Your business is NOT immune to cyberattack. Decision makers must be aware of the security risks posed, and how they change over time.
- Determine which software tools you should use—and which you shouldn’t. Tools like Dropbox, personal webmail accounts, and personal devices (BYOD) all pose security risks.
- Establish detailed security policies, and follow them. Your policies should cover safe use of email, the Web, social media, and mobile devices.
- Implement best practices for IT security. Example practices are: sufficiently complex passwords for the type of data an employee handles, a password change schedule, keep software and operating systems up-to-date, employees training on
how to spot phishing attempts.
PlanetMagpie has some additional advice to offer, from our own security experiences:
- Keep network protections current. Firewalls, anti-malware, spam protection.
- Offer cybersecurity training for employees, if you don’t already (include contractors). Make sure everyone knows never to click suspicious links in emails!
- Use encryption on your servers and computers.
- If you use cloud services, request a security schedule from the service provider. This will tell you how often they update their systems’ security.
- Monitor your network. Keep an eye on your network’s activity. If hackers do somehow manage to break in, you can discover it quickly & take action.
Need help keeping your network safe? Consider PlanetMagpie's Proactive IT plan - your own custom combination
of network, server, and desktop monitoring. Automated updates, regular security checks (on and offsite)...everything needed for keep your network secure & running smoothly. Call us at 510-344-1200, or email at info@planetmagpie.com to review your needs.