As if your IT team, security experts
and executives didn’t have enough to worry about, there are a host of new cybersecurity threats hitting the market or escalating globally. In response, companies are expected to spend more than $1 trillion on cybersecurity in the next three years.
Key Facts on Cybersecurity in 2018
• Companies will spend $1 trillion on cybersecurity in the next five years.
• Whaling or business email compromises cost businesses $5 billion.
• Ransomware, including ransoms and downtime, tops $5 billion in impact.
• IoT security spending is predicted to surpass a half billion dollars this year.
At a recent cybersecurity conference, a top executive from an American firm told a terrifying story. His company had been undergoing a series of high-profile merges and acquisitions. Much of the activity was kept under wraps, to prevent the competition from moving in.
One morning, the company’s controller was in the office working on the month-end close. The CFO was traveling in a different time zone and not easy to reach. An urgent message appeared in the controller’s inbox, stating that a time-sensitive and top secret deal had been approved.
It included details for a large sum of money to be wired immediately. As the controller picked up his phone to call the CFO for approval, his office phone rang.
The caller identified himself as a consultant from a top firm that had been working with the company on different ventures. The person’s name wasn’t familiar, but the consulting firm was.
The caller stated that he had just spoken with the CFO, and she had asked him to call the controller to walk him through the transfer. If the funds weren’t in an account in mere minutes, the deal, the controller’s job, and the company’s very future was in peril.
Luckily, rather than take immediate action, the controller put his caller on hold and ran down to the hall to the CEO. He was in the office and didn’t know anything about the deal. They quickly called the CFO, and it became clear that this was a case of “whaling
A disaster was narrowly averted thanks to the quick thinking of an employee. Yet many companies have hit headlines in recent years after employees have fallen for similar scams.
Let’s take a look at the top cybersecurity threats for 2018 – and what companies can do to prepare and protect their assets.
Make sure to check out our previous cybersecurity posts "4 Tips for Defending Against Cyber Threats" and "Our Top 10 Healthcare Cybersecurity Questions."
1. Whaling and Business Email Compromise (BEC)
So-called whaling, described above, has been identified as a significant threat. The FBI has been tracking this issue since 2013 and has seen a sharp escalation in just the past few years. Whaling occurs when criminals rely on deception to convince an unsuspecting company or employee that a request is legitimate.
They combine a variety of tactics, from technology that lets them spoof emails to gathering data online and via social media to effectively impersonate a decision maker. Social engineering and technology blend to create the ultimate threat.
In a statement, the FBI notes: “BEC is a serious threat on a global scale. And the criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.”
The latest estimates reported by IDG suggest that whaling costs organizations more than $5 billion.
The best ways to fight back against whaling are multifold. Employee education is critical. It’s also important to have clear business procedures that don’t allow large financial transactions or data transfers to occur without multiple sign-offs.
There should also be a procedure for reporting and investigating questionable requests when they are made.
Finally, there are email tools that alert users to potentially spoofed messages and even leverage watermarked “stationary” to indicate formal communications.
2. Ransomware locks down data
A ransomware attack usually starts innocently enough. A member of your team receives an email or visits a website. They download a file or click on a link. Suddenly, the entire computer system — or worse, company files or network — locks up.
A message appears. Unless a ransom is paid within a certain period of time, the data will remain locked and unavailable. It some cases, it will even be deleted if the ransom isn’t paid.
Ransomware becomes even more insidious when demands are paid and then further payment is demanded. When does it stop? Ransomware can paralyze an entire system and put your data at serious risk.
In the healthcare industry
, ransomeware attacks have seriously impacted patient care. The threat to the bottom line also can’t be overlooked. It’s believed that ransomware cost more than $5 billion in damages in 2017 alone.
Companies are taking bold steps to prevent the inadvertent downloading of ransomware, from implementing employee education programs to using tools to help identify potential threats.
Encrypting files and maintaining cloud-based backups
so that any compromised data exists in another setting can help reduce the impact and speed recovery if the unthinkable should occur.
Firewalls, virus protection and file scanning for email
is also essential. Companies are also looking at encrypted fax as a better way to share documents, without the risk of spreading embedded ransomware often found in emails.
3. IoT networks are at risk
The Internet of Things (IoT) is predicted to grow to more than 20 billion connected devices by 2020 — and other estimates range even higher. These devices serve a wide variety of functions throughout the business world.
They collect and relay marketing information and customer data. Behind the scenes, they’re used for everything from monitoring the temperature in shipping containers to notifying companies before an equipment failure occurs.
They’re saving organizations a significant amount of money, and as a result, becoming central to the way companies do business.
Because IoT devices are connected, each and every point in that network of billions of little connected dots represents a potential access point for cybercriminals.
A top prediction for 2018 is that companies that rely on IoT devices are going to find these networks under attack.
IoT devices can be used to wreak havoc
, overload networks or lock down essential equipment for financial gain.
In one telling example, a major Casino recently had its high-roller database hacked…the point of entry being an IoT temperature sensor the lobby aquarium that was overlooked by everyone, except for the fish, and the cyber-thieves.
In response, companies are spending over $500 million in IoT related cybersecurity activities
Companies that are investing in the Internet of Things need to ensure that security is a top focus. Steps to take involve carefully vetting vendors for their security standards and ensuring that ongoing steps are being taken to prevent breaches.
Existing IoT networks should also be tested for vulnerabilities and issues, and have necessary upgrades made. Investments go much further when used for prevention than they do for damage control.
4. Identity verification matters
Techrepublic notes that a top potential threat is identity verification. Companies often rely on government systems or organizations such as the major credit bureaus to verify identity and gather data on customers, employees and partners.
Yet major breaches have shown that these systems aren’t failproof. Many companies have begun to take steps to find alternate ways to verify identities.
They write, “Forrester predicts that in 2018, we will see an expansion of identity verification services to large banks such as Bank of America, Capital One, Citi, and Wells Fargo. Researchers also said that customers will be able to use bank-issued credentials to log into government services. Blockchain will also likely emerge to help verify identities based on federated, consortium-based transaction data.”
To prepare for this, organizations should consider their reliance on these systems for identity verification. Developing an alternate strategy is key.
A number of companies are emerging — in some cases, based on blockchain technology — to provide identity verification services. Look for partners that have strong security services and can meet your business needs.
5. Core business processes must be updated
The biggest cybersecurity topic this year isn’t exotic; it’s not about foreign entities disrupting elections or dealing with expensive upgrades. It’s the simple fact that many companies have outdated business processes that put them at risk.
One of the biggest trends now taking place is that IT directors and C-level management are taking a closer look at where vulnerabilities can occur in their organizations.
• Ensuring that all data is backed up securely in an encrypted cloud system, with a reputable company;
• Upgrading outdated fax procedures to use encrypted, digital faxing software that’s designed with cybersecurity and regulatory compliance in mind;
• Developing employee education programs, to help introduce and train best practices into the workplace;
• Creating schedules of testing for vulnerabilities on a regular basis and periodically making improvements.
Cybersecurity is finally becoming a top consideration for many businesses, whether they’re maintaining existing IT infrastructure or upgrading to emerging next-gen technology.
They are learning to take proactive steps to understand and anticipate the growing threat environment in order to effectively safeguard private customer information now, and for the foreseeable future.
Ready to explore how secure fax