We’re living in an interconnected age that offers an infinite number of targets for cyber criminals. There’s hardly a day that goes by without news of a new hack, a new threat or a new vulnerability.
Through the first half of 2016, the Internal Revenue Service halted an automated bot attack on its electronic filing PIN application website in which identity thieves used malware to generate E-file PINs for 464,000 Social Security numbers stolen from another source; a hacker has offered to sell the account information of 117 million LinkedIn users stolen in a 2012 hack; and the Hollywood Presbyterian Medical Center was the victim of a ransomware attack that scrambled the data on its systems.
There are sure to be more cyber events in the second half of 2016. Below are five cyber security trends to watch for the rest of the year:
The Internet of Things is creating infinite vulnerabilities
When it comes to developing applications for mobile devices, wearable technology, and smart appliances to meet exponential demand, the top development priorities are user experience, cost, and speed of delivery. Somewhere on the low end of the priority list for application development is security and thorough testing.
This has created a situation in which a massive amount of prime hacker targets are almost completely unguarded. Imagine if the highly guarded, 109,000-acre Fort Knox bullion depository suddenly expanded to cover the entire state of Kentucky while at the same time minimizing the security guarding the site.
To deal with this trend, Chief Information Security Officers (CISOs) should ensure that apps developed in-house follow the testing steps in a recognized systems development lifecycle approach. They should also enforce existing assess management policies and processes as they relate to mobile devices, and promote education and awareness of the risks of bring your own devices (BYOD).
Cyber crime is more organized and more sophisticated
The predominant image of a hacker is a geeky computer whiz in a dark room traveling through cyber space targeting random victims. While this type of hacker still exists, the greater threats nowadays are sophisticated, coordinated, well-funded crime organizations. These organizations target victims by industry, size, and the type of information they can procure.
These organizations are also more adept at finding vulnerabilities on the inside. They continually discover new ways to exploit the ignorance of employees to infiltrate network perimeters.
A recent trend is the use of ransomware. This involves a hacker locking up a computer or network and forcing the victim to pay a ransom to regain access. There is also an emerging trend whereby hackers will persuade employees to transfer money into accounts controlled by criminals.
Small businesses are being targeted more
Criminals are targeting small businesses more and more. While they may not produce the headlines of hacking large multinational companies, hitting a small business can be lucrative to a criminal for several reasons. First, they typically don’t have the firewall protection of a large business, but they have enough sensitive data to make the effort worth it. Second, these companies are often vendors to larger companies and can offer hackers a way into the bigger target.
Big data isn’t always good data
Big data is playing a much larger role in operations and decision making, a trend that will continue through the remainder of 2016 and beyond. More and more organizations are leveraging analytics to model and monitor for cyber security threats. This can help companies better understand security threats and incidents, as well as creating incident responses.
What isn’t being considered enough, according to many cyber security experts, is that data analytics rely on humans, which means the data isn’t 100 percent infallible. This means the use of analytics, while valuable, should not completely replace diligence on the part of employees and the training needed to create that diligence.
Everybody works in IT security now
Every company and organization that transmits and stores data is fighting a global cyber security war. The biggest obstacle in this battle is the lack of qualified soldiers, i.e. trained cyber security experts. In fact, by 2019, the cyber security talent shortage could reach 2 million. Without an army of volunteer experts, companies will need to “draft” all their personnel to protect their networks from nefarious forces.
This means organizations of all sizes will need to make cyber security training a priority this year and beyond. They will need to make training mandatory for ALL employees, from the CEO down to the unpaid interns. And because new threats emerge frequently and old threats are easily forgotten, training should be take place more frequently than once a year.