Last year was a HUGE year for cybercrime, and experts say it’s not slowing down anytime soon…
In 2017, we saw multiple global scale cyber-attacks including the likes of WannaCry and Petya. Experts believe that in 2018, cybercrime will not only rise in frequency, but also develop in sophistication.
By 2021, the collective cost of cyber-attacks is said to rise to a staggering $6 trillion per year! This is the greatest recorded transfer of economic wealth in history (source). With so much at stake, and attacks becoming more advanced, it’s imperative you stay in-the-know with the top trends we’re hearing about in 2018. Here’s five we think are important:
Artificial Intelligence (AI), the double-edged sword:
This is a bitter-sweet technological advancement to say the least… With all the great things AI is said to bring, there are undoubtedly associated risks. As artificial intelligence and machine learning continues to gather momentum, so too does its ability to play a critical role in combatting cybercrime. There are forecasts that machine learning models will be able to predict and accurately identify attacks so swiftly, that cybercrime will effectively be stopped before it even begins.
On the flip side, artificial intelligence also poses the risk of being exploited by cybercriminals, with experts worrying that it will be utilised as a dangerous tool in executing major, wide-spread attacks. We’re hopeful that by the time this is feasible, extensive risk management will be in place to take care of this uncertainty.
Cryptocurrency (surprise, surprise):
We recently posted about cryptocurrency and what it means for small business, but what we didn’t touch on, was the fact that in 2018, cryptocurrency will be another great driving force for cybercrime. Being that cryptocurrency is anonymous, and in most cases, untraceable, it has been used as a payment method for cybercriminals since its creation. The prediction of cybercrime increasing due to cryptocurrency doesn’t come as a surprise to us, especially given the fact that a bitcoin went from being worth under $1,000 in January 2017, to a whopping $25,000 by mid December 2017.
Rick Holland, vice president of strategy at Digital Shadows says that, “cybercriminals follow the money and right now, they see in the unregulated and largely unsecure world of digital currencies, a huge opportunity to target people, businesses and exchanges and make money quickly and easily,” (source). As well as demanding cryptocurrency after successfully executing ransomware on your systems, cybercriminals also utilise it to exploit businesses by way of crypto-jacking, mining fraud and initial coin offerings (ICOs). It’s pretty unbelievable what cybercriminals are capable of in this area – the worlds biggest cryptocurrency hack recently occurred in Japan when an exchange was robbed of $660 million! Check out the details here.
It’s a lot to take in, we know! The key takeaway here is to stay in-the-know about cryptocurrency and its associated risks, and ensure you’re protecting your business’ IT infrastructure as thoroughly as possible.
Education is still topping the list of important ‘to-dos’ regarding cybercrime:
Even with safety precautions in place, it’s estimated that around 30% of all phishing emails are still opened. With cybercrime on the rise, and critical data at risk, businesses need to put a higher emphasis on educating their staff about ransomware, with emphasis on their most commonly used delivery path: emails.
Remind your staff of what they look like, the types of files that are dangerous to open, and the fact that there are ways to check the legitimacy of an email before actually opening it (for example, get out of that email and log into your account with that company manually, or pick up the phone and call the company that emailed you to verify the email is legitimate and was in fact sent by them). Also ensure that your staff never wait to do system updates, as these can involve patches that will help tighten the security on their machines.
It’s also important to note that any user worried about a strange or suspicious email can simply call their IT Provider and ask them to open it in a secure environment first. You might think this is a small task to bother your IT Provider with, but in reality, the risks and consequences of being infected by a phishing email, are more than worth getting preventative help.
To help educate your staff, here’s a copy of our e-book with free end-user cyber security tips – it’s a great addition to any desk area and clearly covers phishing emails.
Changes in legislation:
We’ve recently posted about Australia’s new Data Breach Legislation coming into play from February 22nd, but this isn’t the only legislation that is going to affect Australian businesses. The European Union General Data Protection Regulation (GDPR) is another form of legislation protecting individuals from unknowingly having their data exploited.
If Australian businesses offer goods and services, or monitor the behaviours of individuals in the EU, they need to comply with this legislation and will be required to report incidents involving personal data breaches from May 25th. Read more about it here.
Cloud technology vulnerabilities:
With more and more businesses moving to cloud technology, the risk of this being a vulnerable point of attack is on the rise. Industry experts were recently surveyed on what they believed to be the top risks associated with this technology; they believe that #1 on the list is data breaches. This involves things like personal health information, financial information, personally identifiable information, trade secrets, and intellectual property. While the risk of a data breach is not unique to cloud computing, it consistently ranks as a top concern for cloud customers.
System vulnerabilities follows data breaches closely as a cloud associated risk. This is where attackers can use exploitable bugs in programs to infiltrate a system and take control, steal data or disrupt service operations. This is particularly risky within large, multi-tenancy cloud infrastructures, as data from various companies are placed close to each other and are given access to shared memory and resources, creating a new attack surface.
It’s imperative that you investigate the security behind your cloud storage before you utilise it for your business. This is because unauthorised access to data is another big risk here. Bad actors posing as legitimate users, operators, or developers can read, modify, and delete data; issue control plane and management functions; snoop on data in transit or release malicious software that appears to originate from a legitimate source. Without top security, insufficient identity, credential, and access management can cause catastrophic affects to your business.
Our tip here is to ensure you’re picking a provider who has an on-shore data storage facility, with superior protection and security in place.
Cybercrime has never not been something to worry about, but given the constant evolution and advancement of technology, it’s something that all users need to be even more savvy about, as there continues to be more and more at risk to both businesses and individuals.
We recommend that all businesses have strong cyber security protection in place, as well as a solid backup and disaster recovery plan (should the worst occur).
If you’re unsure of how to protect your business, get in touch with us and we can help you get started.