As a new year heads our way, it is important to evaluate what types of cyber threats to expect so that you can prepare.  Even though 2017 won’t come without its surprises; there’s a lot businesses can learn from 2016.  The types of breaches and cyberattacks that took place can help any business, no matter the industry, to start making improved cybersecurity plans for 2017.

Let’s explore some of the cyber threats you can expect to see more of in 2017 and what you can do to prepare.

Vulnerable software exploits

The number of software vulnerabilities will always vary.  This year for example, we know Apple had at least 50 vulnerabilities, Adobe found 135 bugs, and Microsoft is at 76 vulnerabilities give or take.  The exact numbers don’t matter as much as how you’re planning on keeping an eye on the software you use for your day to day business operations.  All it takes is one vulnerability for hackers to get in and any software, even security software, can have hidden bugs.  Patching software is a great start, but you also want to ensure continuous monitoring of your network and data assets to ensure you spot potential intrusion and/or vulnerabilities.

So for 2017, make it your mission to remember that technology alone can’t be your security solution.

IoT targeted attacks

As the Internet of Things (IoT) and Industrial Internet of Things (IIoT) play bigger roles within the enterprise they will also be used by cybercriminals to get inside an organization’s network and/or take valuable data.  Mirai is just one example of what can happen.  It’s very important for businesses to remember that security is not being considered at the moment when it comes to IoT; but even if it were, it’s still never a good idea to rely on one security measure to keep cyberattacks at bay.

Due to the increase in IoT within your enterprise and/or among your business partners in 2017, ensure you factor that in when you’re working on your cybersecurity plan, security policies and procedures, and employee awareness training.

BEC and BPC

Business Email Compromise (BEC) and Business Process Compromise (BPC) are an easy way for cybercriminals to extort money from companies.  For example, with a BEC attack criminals can get any amount of money by tricking staff members to transfer money to their account.  A recent failed attempt at this was with a WatchGuard employee (who had received proper security awareness training and did not fall for the email).  When it comes to BPC things get a bit more complicated for business owners because it doesn’t involve tricking employees or executives, but rather hacking directly into a company’s payment delivery system or purchase order system.  Once that’s done, all they need to do is make an unauthorized fund transfer.  A perfect example of a BPC attack is the Bangladesh Bank case, which caused losses of up to $81 million.

If you haven’t done so yet, in 2017, you must organize security awareness training so that all employees can spot small details that indicate a potential cyberthreat.  You should also make security a part of company culture so that best practices become ongoing.  Finally, to protect your business process systems, this will require you to have all the help you can get; which means people, process and technology.

Have the cybersecurity expertise you need to avoid costs and damage your business won’t recover from depending on the extent of the attack.  With the lack of security professionals for hire, many businesses are finding themselves in a challenging spot.  This year a Tripwire study found that only 3% of organizations outsource security issues to experts, yet only 25% of organizations are equipped to handle data breaches.  Do you see the problem?

Companies like ours offer a free, no strings attached cybersecurity consultation, to help businesses like yours see where your security stands.  It’s a way to get you talking about your cybersecurity needs and identifying the risks you face.  Budget isn’t an excuse when breaches will cost you a lot more.

Give us a call if you’re looking to get cybersecurity on track in 2017 and on!

 

Photo Courtesy of Dirk Ercken