According to a recent study released by ISACA and the RSA Conference, a whopping seventy-five percent of cyber security professionals expect to to fall victim to a cyber attack in 2016. As computer technology becomes more sophisticated, so do the techniques used by cyber criminals who target computer information systems, infrastructures, computer networks, and personal computer devices. 2015 saw a rise in the number of data breaches, with several large and well-known companies (as well as government offices) reporting that the personal information of their customers had been compromised. Social engineering attacks, where hackers convince employees to give them access to sensitive company data, was another area off attack in 2015.
In 2016, however, a whole new host of threats loom, and your organization needs to be vigilant and aware of these cybersecurity threats to stay protected. This is what you should be prepared for:
1. Extortion Hacks (and Ransomware)
Extortion hacks happen when cyber criminals gain access to computer systems and threaten to disclose sensitive data or cripple websites unless their victims pay hundreds or even thousands of dollars in ransom.
- Create file backups, data backups and backup bandwidth capabilities. This will help your company to retain its information in the event that an extortion occurs.
- Combat ransomware the same way you combat malware – never click on untrusted or suspicious email or SMS links.
For more information see our blog post Ransomware: Who, What, When, Where, Why?
2. Data Sabotage
Data sabotage occurs when cyber criminals change or manipulate electronic information in order to compromise its integrity. Decision-making by senior government officials, corporate executives, investors or others will be severely impaired if they cannot trust the information they are receiving.
- Create a secure repository. Sensitive data should be stored in a manner that provides the owner complete control over who has access, and where they have to be to gain access.
- Backup securely. It is absolutely essential that any system that is used to backup data do so in its encrypted form.
3. The Internet of Things
The Internet of Things (IoT) will become central to “land and expand” attacks in which hackers take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect. You can also expect to see worms and viruses designed specifically to attack IoT devices.
- Detect IoT devices on your networks. Iot devices can be detected through routine asset management or vulnerability scans. Any new device that doesn’t match a known enterprise device profile could potentially be isolated and have its traffic redirected to a registration portal or network management system that automatically checks device security.
- Devote more resources to secure development. For companies developing IoT devices this includes building security into device design and configuration.
For more information see our blog post How to Safely Use Devices & the Future of the Internet of Things (IoT).
4. More Backdoors
Backdoors are the hidden snippets of code that provide hackers with access to an account, a device, or even an entire computer or server without the knowledge of the owner. Cybercriminals commonly use malware to install backdoors, giving them remote administrative access to a system. Once an attacker has access to a system through a backdoor, they can potentially modify files, steal personal information, install unwanted software, and even take control of the entire computer.
- Don’t click. Never click on an email attachment or a link sent from people you don’t know and watch what you download from the web.
- Be careful about which sites you visit. Less secure sites could contain a so-called “drive-by download” which is able to install malware on your computer simply by visiting a compromised web page.
What else can you do to protect yourself?
Be prepared by educating yourself and your employees — know what to expect. We at Global Learning Systems offer a wide variety of related offerings, ranging from 2 minute security shorts to full-fledged training courses on the topics covered here including:
- Security Short: Ransomware
- Security Short: The Human Firewall®
- Best Practice Module: Securing Information at the Office
- Best Practice Module: Browsing the Web Securely
- Course: Security Awareness Essential Challenge
Contact us for more information.