There’s no question that 2017 has been a bad year for security managers. Not only have exploits gotten worse, but data breaches have become bigger and more costly and malware creators have added powerful new capabilities to their arsenals. That trend will continue.
On the other hand, attackers are changing their tactics so some of the malware that you have become used to dealing with in 2017 has declined in favor of some other types that will be worse. What won’t change is a persistent trend of organizations and their employees to fail to take even the most basic steps to protect themselves and their data. Here are five things you can expect:
- Ransomware attacks will get worse. Cyber-criminals have already discovered that holding someone’s data for ransom is a reliable means of extorting money in small amounts. However, they’ve also discovered that they can hold organizations’ data for ransom for a lot more money will little additional effort. They have also discovered that at some organizations critically important data is protected by weak security measures at best. This means, for example, that often poorly protected health care organizations need to be prepared for more loss-causing ransomware attacks while banks may get a break now that cyber-criminals are learning that banks back up their data and have strong security.
- Email will become a bigger threat than it was in 2017. Cyber-criminals were already using spear phishing via email to good effect in 2017, but it’s going to get worse because the targeting will get better, the spoofing will become more sophisticated and email authentication will remain a little used but important security precaution. This means that organizations will need to develop some means of authentication before employees can take certain important actions, such as transferring large amounts of money based on an emailed request, or sending the entire customer list to someone outside the company. Now’s the time to instill some level of suspicion in employees at least to the extent of requiring a phone call to authenticate such actions.
- Leaked exploits will make the spread of malware even harder to fight. Right now we’re seeing malware based on exploits that were developed by national intelligence agencies, including the National Security Agency that take advantage of vulnerabilities that were patched long ago. Those vulnerabilities will eventually get patched, but in the meantime, new exploits will be leaked from those agencies, giving hackers new ways to break into computers. However, as has been the case in the past, the best defense will be to keep your systems updated religiously. If you’re using aging applications that an update will break, then it’s time to find new applications.
- Malware will become more targeted. If you’re a high-value target, meaning your organization has information of value to cyber-criminals, you can expect attacks that specifically target your organization. However, it may be that your organization is only being targeted because you’re a business partner of the real target. This means that if you have a close relationship to another company, perhaps because you’re part of their supply chain, you may be attacked as a way of getting to your partner. Likewise, organizations must prepare for their supply chains to be a primary target for cyber-crime. Attackers will use the supply chain as a way inside the organization, and they will also attack the supply chain itself as a source of information and money. This means that you will need to be prepared for everything from order spoofing and bogus invoices to payment documentation that comes complete with embedded malware. As in the case of email, you will need to develop authentication methods if you can’t find automated methods available commercially.
- Stupidity will persist. No matter how good your policies and procedures may be, and no matter what or how many security products you throw at the problem, your staff will remain your weakest point unless you find a way to keep your staff from being able to do dumb things, such as clicking on email links. But you will be able to keep such actions from being catastrophic if you also implement loss prevention strategies that make it so your staff can’t give away critical data. You accomplish this by protecting your data so that your staff can’t access it directly, but rather can only get data if they have specific permissions and can only reach it through specific applications. This may require some architecture updates, but you can secure your data most effectively if your staff can’t get to it.
Ultimately, security for 2018 and beyond will depend on your data being protected so that even if the cyber-criminals find their way into your network, they still can’t get your data. It will also depend on protecting your data from attacks especially ransomware by making it inaccessible or by protecting your data by creating backups.
The reality is that determined cyber-criminals will break into your system, but you can limit your damage if they can’t get access to your data in a form they can use. This will require work on your part and it will cost money. However, the best thing you can do is make sure there’s nothing of value that they can reach.