2017 was an interesting period for IT, to say the least. The past year became a culmination of network fiascos and cyber-attacks that have seemed to have increased exponentially over the past few years. Unfortunately, research indicates that these trends will very likely continue in some capacity. The news is not all grim, however, and 2018 will host some interesting advances in cybersecurity and tech at large, in addition to the troublesome evolution of malicious software delivery systems.
Ransomware has seemingly become ubiquitous over the past year, with discoveries of new virus strains occurring at least a few times a month. The average ransom amount demanded also increased from approximately $300 in 2015, to over $1000 by 2017. This reflects the increasing ease at which cybercriminals have been able to acquire and deploy this particular type of malicious software. There are even “ransomware-as-a-service” vendors on the Dark Web that sell software bundles for as low as $10.
These factors will help lead to a rise in the frequency of phishing campaigns and DDoS attacks. Another contributing circumstance will be the greater availability of Internet of Things (IoT) compatible devices for both personal and professional use. Hackers will seek to take advantage of loopholes in the burgeoning technology to discover and exploit potential victims.
They will also focus more on supply chain attacks, which similarly use overlooked exposure points that are left open by integral information sharing functions with suppliers. Industrial IoT will be faced with the daunting task of securing every vulnerability as it expands further throughout the manufacturing sector. This will be made worse by repeated personal data captures over the past few years as this information can be disseminated across the Dark Web. Actors from different theaters can seek out and acquire credentials available online to achieve easier access to valuable systems.
In response to current and predicted cyber crime trends, cyber security will have to improve significantly, spurred in part by strengthening of old and new data exchange regulations. In April 2016, the European Union ratified the General Data Protection Regulation, an evolution of the Data Protection Directive 95/46/EC established in 1995. After several years of deliberation, the EU finally decided to adopt the legislation, though it will not be fully enforced until May 2018. This grace period is intended to allow all parties to adapt to the new rules over time, of which a major stipulation is increased transparency of all corporate uses of personal data. Noncompliance can lead to millions of euros’ worth of fines.
Data protection will subsequently become an integral part of any operation. Businesses of all sizes will be forced to consider implementing complex multi-factor authentication systems that require several levels of compliance. Larger corporations will be able to take advantage of emerging technology to adopt extra processes like biometric logins. SMBs, however, will have to take a more strategic approach in managing their IT concerns to avoid exorbitant costs.
SWK NWS can provide you with some options to meet the security concerns of the new year. We offer services for server monitoring, business continuity and disaster recovery, network vulnerability testing, and more. Regular penetration testing can help you determine how open your system is to potential attacks and plan for the inevitable. We also provide some employee training in protecting against breach attempt tactics such as phishing to help prepare your organization the type of strikes that occur frequently. Feel free to reach out to us if you would like to learn more about what threats are out there and what we can do to protect your business.