|What will be the biggest security threats of 2018? Would it surprise you to learn that YOU might be on the list? Read on to learn about the threats to your privacy and security that are most likely to impact you in the coming year…|
Are You Part of the Problem or the Solution?
Ransomware and “people” topped a survey of security pros’ predictions of the biggest cyber-security threats the world will face in 2018. But among the 72 respondents to research firm IDG’s question, there are more specific responses and a few threats that are less than obvious. The latter, I think, may be the more dangerous threats. Read on to learn more.
Ransomware is a proven money-maker for scammers. By encrypting the precious data of a corporation, organization or end user, ransomware inflicts immediate and severe pain. The promise of getting data back quickly by paying a ransom is keenly compelling. Additionally, ransomware and its attendant “victim relationship management” apps are now bundled into easy-to-use “Software-as-a-Service” sites that any aspiring blackmailer with a couple of hundred dollars can rent. So there will be exponentially more ransomware attacks launched in 2018.
The targets of ransomware are predicted to shift from low-value individuals and small businesses to major corporate and government systems. A crook can charge much more for the encryption key to bigger and more critical systems. Targeting key executives within a large organization with carefully crafted phishing emails is becoming a fine art among criminals.
That leads us into the “people” security risk, which IDG’s respondents cited 12 times to ransomware 11. There are many ways that human error can allow bad actors into a system whose hardware and software are well protected. You, faithful reader, may already know all about them. But the growing threat to you and your precious data is the staff of the online entities with which you do business.
Front-line employees are under ever-increasing pressure to produce more, leaving them virtually no time to think about whether they should click on the attachment to an angry “customer” complaint, or the link to a web page purportedly showing the cause for the complaint. Many of these staffers are unhappy, underpaid, and ripe to either cause their employers trouble or be recruited by bad actors in exchange for money.
Management, up to the C-level, doesn’t do enough to train staff in best security practices, enforce them, and demand that software systems prevent staffers from doing things that can let crooks in the door. Even IT staffers, who know better, fail to apply patches to software promptly.
An Ounce of Prevention…
In the recent Equifax data breach scandal, it was discovered that a directive to apply a simple patch that would have protected the credit histories of over 140 million Americans went ignored for at least two months. I surmise that the derelict IT employee was not irresponsibly negligent, but simply could not find time to apply the patch without “disrupting” normal business operations, which would have gotten him in trouble.
The insensitivity to security extends across supply chains. As firms become more closely integrated with their partners, a security vulnerability in one member of the group becomes a hazard to all members. Yet very little is being done by any given firm to vet the cyber-security of suppliers and large customers.
The oldest networked information systems, including critical utilities, financial services, and health care providers, are generally the most vulnerable to modern hacking threats. The industrial controls that govern the flows of water, electricity, and even street traffic were designed with only the crudest password protection, if any.
The Internet of Things is the fastest-growing “attack surface” for hackers on Earth. The makers of light bulbs, refrigerators, and coffee pots know nothing about cyber-security and don’t want to pay for pros who do. Even Amazon Key, the company’s latest “smart” innovation, allows delivery people to open the door to your home. But it launched with an easily-exploited flaw that would let a nefarious delivery driver walk off with the entire contents of a customer’s house.
“The Internet of things-connected world that surrounds each and every one of us is getting more complex, sharing more of our data in evermore opaque ways and getting less easy for the average user to understand, let alone to have any hope of controlling a perfect security storm,” wrote Nigel Harrison, CEO at Cyber Security Challenge UK, in his response to IDG’s survey.
Simply banning “smart” gadgets from your home is not a perfect defense, although it will reduce the attack surface your home network presents to bad actors. You have no choice about the software that the electric company uses in its smart meters, or the security practices of the public works department that controls water delivery and traffic signals, or the practices of 911 system administrators. You don’t even know what your car’s computer is doing under the hood, or how it can be hacked to kill you.
What you can do, and I urge you to do, is apply unrelenting pressure upon your government representatives and business partners – banks, Amazon, et. al. – to publicly demonstrate how they are acting to protect their systems upon which your livelihood and life increasingly depend.
Back to the YOU Part of the Security Picture
It never hurts to repeat a few personal security mantras. Below are some tips to other that will help you tighten up your own defenses, and ensure that “YOU” are not on the list of the most dangerous security problems in 2018.
- Keep Your Software Updated
- Use Anti-Malware Protection
- Create Strong Passwords
- Use Two-Factor Authentication
- Guard Against Phishing Attacks
- Backup your data!
- Have a Safe 2018