Cybercrime is not a new problem, but one that keeps evolving as technology itself progresses. As we enter into 2019, the cybercrime conundrum continues: it is not a matter of IF a company or institution will be targeted by cybercriminals, but WHEN.
Now that we are a few months into 2018, security analysts are able to look back on 2017 and analyze leading cybersecurity trends. Not surprisingly, according to the Cisco 2018 Annual Cybersecurity report, there was an elevenfold increase in malware last year.
“Adversaries are becoming more adept at evasion— and weaponizing cloud services and other technology used for legitimate purposes,” the report declares.
The following are some of the major cybersecurity trends of 2017:
Ransomware Families Up 32%, Total Ransomware Threats Down 41% According to Dark Reading, the growth in ransomware attacks hit a plateau, while the number of ransomware families rose considerably. As cybercriminals become more adept in targeting individuals and organizations, the variety of ransomware attacks are evolving. Not surprisingly, the WannaCry variant dominated the landscape – making up 57% of all ransomware detected last year.
Recent complex vulnerabilities in top-tier computer devices, iPhones, Windows PCs, Android devices and other gadgets have sent companies and individuals alike in a tailspin. A critical security flaw has been detected in processor chips that allow bottom barrel IT processes to have access to memory in the computer’s kernel – aka the most privileged IT process of the device.
Hackers could potentially exploit this issue giving them a clear path for installing malicious software to read memory through this new group of side-channel attacks and putting data, hardware and software at serious risk.
Here are the immediate steps you need to take to make sure your data and infrastructure are protected:
Over the past few years, many enterprise-level companies such as Target have been hard-hit by cyber criminals who have accessed customer credit card information. Now Equifax is now among the largest companies hit by a cybersecurity breach – but this time it is on a scale that is stunning IT and security experts. According to the Wall Street Journal, the breach was a result of a well-known security hole in Cisco firewalls which was identified as a fix and distributed back in March. According to the article, Equifax’s IT experts deployed the fix, but in July “found the same security flaw still existed in some areas.”
While this breach was announced in September 2017, Equifax believes consumer information may have been accessed in an unauthorized manner between May and July, according to Fortune.
Given that Equifax is a credit reporting agency, the company holds a myriad of private consumer information. Last week, Equifax reported that over 143 million people – about half the size of the U.S. according to the Los Angeles Times – could be affected.
Recent studies on cyber attacks in the U.S. outline staggering consequences. For instance, Datacenter Dynamics recently reported that cyber incidents in 2016 cost 500,000 jobs and over a $100 billion in financial loss to American companies.
But despite what might seem like an intuitive strategy, “fear” of an attack may not incite C-suite executives to invest more in cybersecurity. The problem is that it is “…very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries …are a small piece of the ROI calculation,” according to a recent article in the Harvard Business Review (HBR).
For years, the media has reported on the dangers of cybercrime. As a matter of fact, it has been said that the likelihood of a business network being hacked is not a matter of “if” but of “when.” Homeland Security Secretary, Jeh Johnson, even named cybersecurity as a top priority alongside counter-terrorism:
“We must face the reality that cyber intrusions and attacks in this country are increasingly sophisticated, from a range of increasingly capable actors …In this environment, we must be vigilant,” Secretary Johnson writes on the Department of Homeland Security website.
If there is one thing to know about cybercrime, it’s that every type of business can be susceptible—from SMBs to the enterprise. Apple, Delta Airlines and others have been in the news lately about the latest scam or theft brought on by criminals who know how to hack into the stoutest of firewalls – tearing down any illusion that larger companies with deep pockets to spend on cybersecurity can’t be touched.
These reports should remind us all of one important fact: every business is vulnerable and everyone must be vigilant.