2017 has started but some things will continue as before, such as the ever-increasing dangers of cyber-attacks. Cyber criminals are smarter today than they were a year ago and will be smarter on January 1, 2018 than they are today. Keeping one step ahead of them requires constant vigilance.
Below are some of the concerns we have for the coming year, derived from our discussions with other professionals around the country.
1: Hackers can be total amateurs
The tools needed are readily and inexpensively available online. And, trust me, the sellers could care less if you know how to use them. This presents problems on a number of fronts. First, the number of people hacking can be expected to grow considerably. Second, here is a true story that explains one of the dangers. A company was recently hacked with ransomware and received the ransom “note.” After some negotiations, they agreed to an amount and attempted to pay. The hacker was so inept that he could not figure out how to claim the ransom. He finally gave up and agreed to release the files free of charge. Unfortunately, he couldn’t figure out how to do that either, so he just disappeared into to “cyber-space” leaving the victim’s files totally locked up. Last we heard, the victim company was still unable to gain access and was rebuilding their files from scratch, having lost years of valuable information.
2: Suppliers’ systems open the way for hackers into their customers’ files.
Everything today is interconnected, which saves time and money, provides better service, fewer errors, etc., etc., etc. The problem is that if your system isn’t secure, hackers can use it as a back door to access your customers’ systems. And vice-versa. They can use your suppliers’ systems to access yours. An excellent example is Wendy’s where more than 1,000 of their franchises were attacked through a hole in their point-of-sale system.
3: The shortage of trained IT security professionals
At the moment, there are almost 5 1/2 million unfilled jobs in the US, including about 2 million in the STEM fields (science, technology, engineering, math). CNN recently ran a story on a coal-miner who learned how to build websites, but he is the exception. In terms of IT Security specifically, it has been estimated that more than 1,000,000 openings exist worldwide. One answer to this problem is the hiring of third party managed it services to act as a company’s CISO (Chief Information Security Officer), a concept that has been growing in popularity.
4: Ransomware will continue to grow.
Taking the proper precautions can usually prevent the intrusion of ransomware, and severely mitigate the damage it can cause if it does gain entry. Add to this the fact that prevention is usually far cheaper than paying the ransom. (Ransomware is so difficult to undo without the “key” that once it has infected your system, even the FBI suggests you just pay it.) Just how much this trend will grow will depend largely on the steps small to mid-sized businesses take to ward it off, but experience says that it will be too little too late.
5: DDoS attacks on IoT devices
All types of new IoT devices are on the market and our fear is that in the rush to get these into consumers’ hands, security has not been treated as a priority.
But first, some definitions: DDoS is a “distributed Denial of Service” attack. This occurs when the bandwidth of the targeted system is flooded with so much traffic that the bona-fide users cannot gain access…they are denied service. Why do this? Mostly it has been for ransom, but there have been reported cases of trying to hurt one’s competition. How easy and/or prevalent is this?
IoT: The Internet of Things. This is the networking of physical devices. Many things today are embedded with sensors that send signals to other devices. You can turn off your lights at home from across town. Or ask Alexa to play music. Or turn your air-conditioning down when you don’t expect to be home for a while. The concern here is that we really don’t know what information can be scooped up, or by who, but experience shows that when information is not properly protected, someone will be looking to grab it for illegitimate purposes.
Learn more at www.DynaSis.com/Managed-Security.
We will be releasing our full report on Cyber Security 2017 within the next few weeks. Be on the lookout for it.
DynaSis has been serving the IT needs of small to mid-sized businesses in Atlanta since 1992 and is a national leader in IT Security. We offer a full range of managed security services that can be tailored to match your company’s needs and budget. Please contact us at (678) 373-0716.