It’s fair to say that 2017 was the year that Cyber Security grabbed the headlines with a number of highly publicised global data breaches.
Cyber-attacks such as the WannaCry ransomware attack which infected over 400,000 machines in 150 countries, and the announcement from Equifax that over 100 million people had their private data leaked, demonstrated just how crippling and far-reaching these attacks can be.
In recent weeks, the head of the UK’s National Cyber Security Centre warned that a major cyber-attack on the UK is a matter of “when, not if” so it’s clear that cyber-attacks are still very much on the radar of security experts around the world.
So, what can we expect to see in the coming months? 2018 has already had its fair share of cyber-attacks and there are a number of trends emerging which might give us a taste of what’s to come in the year ahead.
1. Internet of Things (IoT) Highly Vulnerable to Attack
The Internet of Things shows no sign of slowing down! The growth of (IoT) devices has been staggering, with 8.4 billion devices currently in use, and a total of 25 billion devices projected by 2020. The IoT allows for endless opportunities and connections to take place but unfortunately, it also opens the door to many risks and poses a range of security problems.
The problem with IoT devices is that they have very little security and are pretty much unprotected. They typically don’t run on the same standard operating systems that support a lot of commonly used IT security tools and lack the ability to be updated. This makes it virtually impossible to patch up any security vulnerabilities, placing the device at a high risk of being hacked.
Cyber-criminals are only too happy to take advantage of these flaws in security and are now actively targeting IoT devices such as Wi-Fi routers and webcams to launch targeted attacks. The combined power of these devices can, in turn, be used to cripple a server and this was exactly what happened over a year ago when the infamous Mirai botnet took down dozens of the world’s largest web services.
2. GDPR Crackdown
The General Data Protection Regulation(GDPR) will come into effect on the 25 May and completely overhaul the current Data Protection Directive, bringing it in line with the digital world.
Non-compliance of GDPR will result in fines up to €20m, or 4% of worldwide annual turnover, and according to a recent Forrester report, "80% of companies will fail to comply with GDPR". This leaves a lot of companies in the danger zone and liable to large crippling fines and reputational damage.
There's still a lot of speculation about exactly what will happen when this regulation comes into force but there's a good chance that regulators will look to make a global example out of organisations that are not in compliance.
3. Ransomware Evolution
2017 was the year that brought us the biggest ransomware attacks in history and despite a greater public awareness of this malicious software, it remains one of the biggest cyber security threats in 2018.
Ransomware continues to prove extremely lucrative for cybercriminals due to the sheer number of targets that can be infected. Everyone from individual users to large companies has been attacked and it shows no sign of letting up in the near future.
Over the last year, hackers have honed and tweaked their ransomware to cause maximum damage and as long as they are cashing in they will continue to target those users that will yield the most profit. This has been evident as the fraudsters increasingly turn to industries such as healthcare that are softer targets and more likely to pay a ransom.
The growing trend this year will be the delivery of ransomware to individual smartphone users. As smartphones continue their dominance as the most frequently used device to go online, they will prove an easy target for hackers looking to infect victims and extort money.
4. Growth of Social Engineering
There’s been a steep increase in the number of Social Engineering attacks as fraudsters reap big rewards from exploiting human behaviour rather than just using traditional hacking techniques.
Social Engineering is extremely targeted and involves using some form of psychological manipulation to scam unsuspecting users into handing over sensitive information.
Through a combination of fake emails, text messages, phone calls or through social media, victims are tricked into sharing confidential information.
With 91% of all cyber-attacks starting with a phishing email it remains the no 1 form of attack, however, scammers are increasingly turning to spear phishing campaigns as they are more targeted and harder to spot. These attacks target a specific high-level person and are particularly effective as they appear to come from a trusted source and include information that will be specific to the recipient.
Despite having the strongest security and defence technologies in place, cybercriminals will often exploit the weakest link in a company's defences which is often its employees. Just one human error can result in a massive loss of sensitive data. The fraudsters will often prey on employees’ lack of cybersecurity awareness.
To combat this growing threat, it will be key for businesses to implement an effective cybersecurity training and awareness program to protect themselves from these low cost, big reward attacks.
To find out how MetaCompliance can help you stay cyber secure, click here