As we rapidly approach the end of 2016, it was a year to forget for many businesses’ cybersecurity programs. The number, frequency, and impact of cyberattacks continued to increase around the world, leaving many companies to face the harsh reality that it’s a matter of when – not if – they will be hacked.
Here are three of our top cybersecurity takeaways from the past year:
Organized cyberattacks are expanding from nation states to businesses
It used to be that large government entities were the only ones affected by large-scale cyberattacks, and while that is still the case, hackers continued their shift to attack enterprises due to their lucrative customer information, intellectual property, and poor cybersecurity defenses. Hackers follow the money – and they clearly see there is ample opportunity to penetrate businesses and steal their intellectual property and customer information for their own personal gain.
The recent distributed denial of service attack on internet company Dyn, which paralyzed millions of U.S. citizens from accessing popular websites throughout the country, has shown us businesses are susceptible to attacks once reserved for highest levels of our nation’s government. It’s vital we keep in mind the seven stages of the cyber kill chain – reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on target – in order to defend ourselves.
Cyberattacks on mobile devices are becoming more commonplace
The HummingBad malware attack gained administrative control over 85 million mobile devices, generating fraudulent advertising revenues and installing applications without the user’s knowledge. HummingBad should remind all of us that our reliance on smart devices for day-to-day life, including work, creates opportunities for hackers and malicious organizations to attack us. While HummingBad primarily penetrated mobile devices running Google’s Android operating system, no phone is completely safe from malware attacks. Apple, previously known for being virus and malware-proof, has been hit by multiple attacks, including some from the same group behind HummingBad.
It’s time for heads of information security and third-party cybersecurity experts to establish a new way to work together. End points are clearly vulnerable to malware and ransomware threats. Companies need to do what they can to protect themselves, particularly by training their employees. Make sure that each endpoint device is hardened. Alert end users to new software patches to keep up with a constantly evolving enemy. You’re probably already backing up your files, but make sure that you implement even longer retention periods for your backups and encrypt them.
Internet of Things and wearable devices are complicating the cybersecurity landscape
As big data, cloud computing, and mobility continue to entrench themselves into the way companies work, a new trend is blending these together: Internet of Things (IoT). IoT gives companies the opportunity to track and market to individuals like never before, accessing data about what their prospects are doing at any given moment. Most commonly known for powering wearable devices such as FitBit health monitors and the Apple Watch, IoT is in a rapid growth phase. Recent research predicts the number of wearable devices will increase 35 percent over the next four years to 411 million devices worldwide. Smart sensors are also quickly proliferating the business landscape, set to grow from 5 billion in use today to 21 billion by 2020.
While IoT holds great promise for businesses, it opens up a new world of attack vectors hackers can exploit to gain critical access to your company’s sensitive customer data and other proprietary information. Follow our six-step plan to stay head of hackers exploiting the internet of (unsecure) things.
These harrowing trends have you rethinking your cybersecurity defenses? We can help: US Cyber Vault protects, detects, and responds swiftly to cyberattacks with our seasoned cyber intelligence team and next-generation secure infrastructure. Request a formal quote to learn more.