Posted on Tuesday 12th February 2019
Whilst giving cyber protection advice on a daily basis, people often ask me what my predictions are when it comes to cyber security for businesses. Well we are now over halfway through the year of what is being referred to more and more as the “year of the hack” and it’s looking bleak. This cyber threat is growing massively – and not just digitally.
‘Hacking the human’ is one of the fastest growing threats at the moment and what’s worse is that prevention methods are easy and usually free to implement. Training staff and awareness measures only costs a small amount of time but could save your business from the inevitable attack.
1) Small businesses will continue to be a target
One of the biggest myths when it comes to cyber-crime is that the large companies with hundreds of staff are the most likely targets. This is simply not the case. 74% of smaller businesses were targeted in 2016 (Symantec). I speak to businesses like this regularly and they tend not to have a clue when it comes to cyber security. They leave it in the hands of someone else and dip their head back into the sand. Moreover, phishing attacks are booming with 91% of cyber-crimes starting with a simple phishing email (PhishMe). Businesses of this size tend not to have solid policies in place to prevent cyber-attacks let alone train staff to spot the fakes.
2) Social engineering attacks will grow
The human firewall is just as much a threat as a digital attack. With companies and organisations around the world spending more and more time on their cyber security policies, cyber-criminals have been forced to become increasingly innovative in their attacks. We are now entering a time where Social Engineering attacks are an art form. Social Engineering is a process with little or no use for hacking tools, where cyber-criminals attempt to create a believable cover from which to breach a network or to take advantage of a known vulnerability. A social engineering technique could simply be speaking to someone, tricking them into giving away the answers to their security questions or even their passwords altogether. Another technique is entering a building under false pretences, manipulating staff into thinking there is a legitimate reason for them to be there for example, fixing a photocopier or delivering a parcel.
It’s absolutely crucial that all companies and organisations take time to train all their employees on how to handle suspicious contact, whether it be a human or digital threat.
3) Ransomware will continue to evolve as an even bigger problem
Ransomware is basically faceless untraceable extortion and the weapon of choice among career criminals and wannabe hackers alike. The ability to take over a system and effectively ‘hold it hostage’ makes it likely to grow in popularity in 2018. In May 2017 WannaCry made it widely reported on and therefore simply gave the awareness to the future victim’s right there. But did this work and protect more victims? Probably not.
4) Password management will still be difficult for the standard user
Already we have seen massive breaches at Yahoo and LinkedIn which should have prompted people to check their password security, but unfortunately this is not always the case. Some people still switch off to this message. Password managers are still rarely used and people continue to keep one password, or a derivative of one password for everything. Something I hear often is that people don’t trust password managers, but what they fail to realise is that they carry the same security layers as online banking. People’s tendency to re-use the same password across multiple accounts is leaving them vulnerable. Passwords are the front door to any hack and should be long and strong. It is pivotal that people use varied passwords and where possible make use of two-factor authentication.
5) The number of cloud-based attacks will increase
We should expect to see a greater number of attacks on cloud-based management platforms, workloads and enterprise applications. More and more companies are turning to cloud based activities which are largely vulnerable. A stolen password or even simple phishing email link can initiate an attack. Many businesses think they are all securely wrapped up and protected from these attacks with others looking after their system security, however the weakest link lies with the human acting as the firewall. People are too trusting and we will inevitably still see this type of attack increase over the next year.