Last year was hindered by data breaches, malware attacks and other cyber-based criminal activity. No longer is it a question of “if”, it should be considered a question of “when”. As we reflect on what happened last year, it is important to be vigilant to prevent future, often self-inflicted, attacks from occurring in the upcoming year.
There is no crystal ball to look into when trying to be ready for what types of cyber security issues organizations will need to be prepared for in the upcoming year. However, we can learn from the past. After all, history does repeat itself.
Remember the Wannacry attack? It was extremely debilitating to organizational networks that were blocked and “held ransom” until paid. One of the worst hit by Wannacry was Britain’s National Health System. Ransomware is a form of malware that breaches cyber security measures and locks down computer files using strong encryption. If the data has not been backed up, then hackers are able to demand money in exchange for digital keys to unlock the data. If the data is essential to day-to-day operations, victims have no choice by to pay.
What happens when hackers target our electrical grids, transportation systems, and other parts of the United States’ critical transportation infrastructure? It’s a scary thought. What’s more, this type of attack is not going away anytime soon.
Phishing occurs when a cybercriminal poses as a trustworthy source in an email, text or other digital communication to obtain usernames/passwords, and financial or personal identification and/or digital money. As stated in a previous blog, specific types of businesses (e.g. real estate) are often targets. What will be new in 2018 is the ability for hackers to customize and “legitimize” the look of the message to trick unsuspecting victims better. Be on your toes and make sure employees and/or clients are given clear instructions on what email to legitimately expect from your organization in the upcoming year.
This biggest malware attack this past year was the Equifax data breach. It was undetected for months. When it was finally detected, massive damage was done. The cleanup was far reaching and in many cases ongoing. However, there have been moves towards holding organizations more accountable to their customers and other connected organizations/groups. The EU has lead the charge with General Data Protection Regulation (GDPR) that holds breached organizations responsible by forcing them to inform those impacted with 72 hours of the data breach.
This type of accountability is a must-have for the United States too. In fact, there is already proposed legislation called the Data Security and Breach Notification Act. Breaches will happen, but the data breaches that do the most damage are the ones that go undetected (Equifax) or are blatantly “covered up” (Uber). Holding organizations accountable is the first step in protecting the real victims.
If organizations and their employees fail to take even the most basic steps to protect themselves and their data, cyber security attacks will thrive. Therefore, the greatest security asset is tasking each employee to become proactive in their daily security processes. If employees keep clicking on questionable attachments and accessing organizational networks while logged onto unsecure Wi-Fi, be assured that hackers will find a way into the backend and wreak havoc!
Artificial intelligence (AI) computing is used for a lot of good (e.g. systematically testing cyber security for vulnerabilities), until it’s not. This coming year it is predicted that AI will be weaponized according to MIT Technology Review. Whatever a human hacker can do, AI can do longer and more efficiently.
The good news is that common sense of the individual (not clicking on an unfamiliar email link, refraining from sending sensitive data over on an unsecured Wi-Fi at your local Starbucks) will do a lot to protect all of us in the upcoming year. Organizations can do their part by backing up data and keeping cyber security measures up-to-date and tested on a regular basis. The threats will not go away altogether, but some can be prevented.
Prepare for America’s Security Concerns
This coming year, be prepared for the worst and protect all those associated with your organization. Tim Dimoff’s’ presentation Physical and Cyber Security, America’s Two Biggest Security Concerns can help prepare your company against today’s current threats to security. Contact Tim to schedule a presentation today.