Almost half of American firms had a data breach in 2017, nearly double the number reported in 2016.
And it’s not just the blue-chip companies or governments getting hacked.
Cyber thieves are increasingly targeting small businesses. In fact, 36 percent of cyber attacks are aimed specifically at small businesses.
Cybercriminals may seek to steal your customers’ personal information or your intellectual property. They may also hijack your website in order to cyber hack other small businesses.
According to the Ponemon Institute, the average cost of a single data breach is now $3.6 million. (To see how much it would cost your business, use IBM’s data breach calculator.)
The problem is expected to be even greater in 2018. Companies of all sizes face mounting pressure to secure their data and do everything they can to reduce their exposure.
Here are five cybersecurity threats you need to keep an eye on.
Ransomware attacks made big news in 2017 and will continue to be a problem.
In a ransomware attack, hackers use malicious software to gain control of a computer or other device and lock down its files with strong encryption. They then hold the information hostage until a ransom is paid.
Just in the last year, we’ve seen attacks on large systems including the U.K.’s National Health Service, San Francisco’s light-rail network, and big companies such as FedEx.
But small companies and individuals are just as vulnerable.
Online criminals can disguise malicious apps and services as different programs. Or they can embed malicious codes into legitimate files and impact more systems than ever before.
Ominously, while ransomware used to primarily hit Windows PCs, hackers are now also going after Macs and Linux PCs, as well as smartphones and tablets.
If you haven’t been keeping secure, off-site backups of your data, and you’re hit by ransomware, your information could be gone forever. There is no guarantee you’ll get it back even if you pay the ransom.
Internet of Vulnerable Things
All those “smart” devices that make our lives easier and more exciting also pose a real cybersecurity threat.
The Internet of Things (IoT) just means any equipment that can connect to the Internet. Think phones and tablets and laptops, of course, where malicious software has migrated.
But it’s also finding a way in through alarm and labeling systems, and inventory sensors, just to name a few. Not to mention Alexa, Cortana, and Siri.
Many IoT products are built with poor security, and “botnets” can take them over, infect others, and engage in coordinated attacks.
In 2016, cyber bad guys used an army of connected devices to shut down the internet in large areas of the United States.
Botnets are likely to be a big problem in 2018, especially with unsecured IoT devices.
Companies which use these devices to operate more efficiently don’t realize they are often not secure by design. They are intended to collect customer information that can be monetized.
Firms large and small need to be aware of what data is being captured and transmitted by their smart devices.
In addition, small businesses in particular often have a “bring your own device” environment. If your employees are using personal devices at work, they’re also using it everywhere else.
If they log into your business network with a personal device, and then it is lost or stolen, your entire infrastructure could be at risk.
It’s also at risk from fraudulent apps that, when downloaded to personal devices, can migrate to your systems.
Phishing Still Works
Human error is one of the leading causes of cybersecurity breaches.
One of the oldest and most successful cyber crimes takes advantage of human vulnerability to walk right through an open online door.
“Phishing” scams have existed about as long as the Internet itself. They are one of the most effective ways that cyber crooks manipulate people into unintentionally providing valuable information.
Phishing occurs when victims are targeted by email, phone or text by someone posing as a legitimate institution. The victims are then tricked into giving over sensitive data.
This data can include social security numbers and other identifying information, as well as banking and credit card details, and passwords.
Phishing attacks are also used to lure users into installing malware on connected devices.
“Spear phishing” is phishing that is specifically targeted at an individual, department or organization.
Phishing and spear phishing schemes are getting more and more sophisticated, and will continue to be a significant cybersecurity threat.
According to Symantec, more than 400 businesses are targeted by spear-phishing emails every day.
While Artificial Intelligence (AI) can greatly improve our lives, it can also be turned into a cybersecurity weapon.
Hackers are using AI technologies to get even greater return on their investment.
Through self-learning tools such as “hivenets” and “swarmbots,” they can scale up their attacks and make them much more damaging than botnets.
Botnets usually need command instructions from a human. Hivenets and swarmbots, though, can learn and then can act on their own. This makes them more agile and means they can grow exponentially.
Cybersecurity experts predict these “thinking” cyber tools will be more deadly and better at fighting off any response to them.
AI spear phishing attacks, for example, will learn how to match humans in creating convincing fake messages, and they’ll send them out in far greater numbers.
AI malware will also become more dangerous as it learns how to fool security systems.
Supply Chain Weakness
Supply chains are a crucial component of most businesses. They are also a driving force in the global economy.
Automation technology has made supply chain management much more efficient and productive.
But the software that has revolutionized the industry is also providing yet another opportunity for cybercriminals. It’s brought to light a serious weakness in the supply system.
The range of sensitive (and valuable) information that businesses share with suppliers and others all along the chain can be compromised in a number of ways.
Even when a breach is isolated to one system, the connectivity of the modern–often global–supply chain means that entire organizations and their data can be in jeopardy.
Risk management processes must be woven into procurement and vendor systems so that breaches can be prevented or, when they occur, can be addressed quickly.
How you address cyber risks in your supply chain may well determine the survival of your business.
Ways to Beat Cybersecurity Threats
Being constantly connected is essential these days for most businesses. But it is also a scary place to be if you are out there unprotected.
Cybercrime shows no sign of abating. In fact, the threat is growing.
But there are many ways to combat it. You need airtight security and vigilance.
Start by keeping your systems updated and installing top-of-the-line anti-virus software. That includes removing dead or outdated software, which can pose a security risk.
You should also be backing up your files regularly.
Educating your employees is critical. You should have strong policies in place about what types of devices can and cannot be used, and about downloading or opening anything on a connected device.
It’s also crucial that you be able to remotely wipe any device that’s been connected to your system in the event of loss or theft.
And be sure to restrict employee access to sensitive information. It should only available to those who must access it to do their jobs.
Let Us Help You
Want more information on dealing with cyber threats? We can help!
Contact us for all-inclusive IT solutions that will keep your business safe.