This year had its share of headline grabbing cybersecurity news. From Yahoo’s many breaches, to new threats in phishing and social engineering, 2016 wasn’t short on new threats.
With the year wrapping up, we wanted to take a minute to recap what we saw as the biggest threats of 2016, what to prepare for in 2017 and what you can do right now to protect yourself.
The Biggest Cybersecurity Threat of 2016
By far, the most significant cybersecurity threat of 2016 was ransomware. The Kaspersky Security Bulletin 2016 states that the rate of ransomware attacks against businesses increased this year from one every two minutes in January to one every 40 seconds in September.
Kaspersky Lab detected 2,900 ransomware variations during Q1 of 2016. By Q3 of 2016, they had detected 32,091 new ransomware variations. Overall, 67% of companies hit with ransomware in 2016 lost some or all of their corporate data.
Other than ransomware, some other big threats included the continued growth of social engineering attacks and the use of card skimmers, which have become a lot more discrete and advanced in recent years.
Predictions for 2017
Unfortunately, ransomware attacks in 2017 will become more targeted and sophisticated with the capability to infect non-desktop targets such as mobile and smart devices. Given the massive DDoS attack against Internet Performance Management provider Dyn in October of 2016 which shut down well-trafficked portions of the internet, we can safely predict that smart and IoT (Internet of Things) devices will only be more heavily exploited by hackers in 2017. The signs are pointing to IoT devices potentially being the cause of a large-scale internet disaster.
Anti-phishing efforts will also need to be bolstered as these attacks become more complex and capable of bypassing email spoofing and web-filtering countermeasures. Already, we’re starting to see a number of clients utilizing additional layers of security in an attempt to minimize the effects of phishing. Along with this, we also expect the demand for web application scanning, mobile security services and penetration testing on cloud-based applications to increase.
What You Can Do Right Now
With all this being said, there are some simple, proactive steps you can take right now to protect your business against a variety of threats. To protect yourself against ransomware, make it a point to regularly back up your important data. All essential files need to be backed up daily to an offsite location, either to a cloud-based service or data recovery facility.
Companies also need to shift from focusing on security from the perimeter inwards, to building security from the endpoint outwards. It’s very common to think hackers are attacking/breaching the perimeter defenses, so naturally that is where security is focused. But what if an attacker is already inside of the network? How would the company know? How would the company respond at that point? By implementing endpoint protection, behavioral-based antivirus, and limiting user rights/permissions you can protect yourself against these more common attacks.
Most importantly, to keep yourself safe in 2017, stay up-to-date on the latest cybersecurity threats and trust your IT security provider’s recommendations. Keep an open line of communication and don’t wait to respond to pressing concerns. It can make a huge difference between suffering a bad breach and remaining safe.