If 2016 taught us anything, it’s that we can expect to see an uptick in cybercrime and malicious cyber activity across all industries in 2017 – and an increase in incidents every year thereafter for the foreseeable future.
The Evolution of Cybercrime
The last few years have given cybersecurity professionals a stark glimpse into how the threat landscape is evolving. In earlier days, many attacks were through spam, simple malware, website defacement, phishing, script kiddies, or lone-wolf hackers. Overtime, those attacks have become more sophisticated. We now see an increase in organized (often state-sponsored) hacking syndicates, DDoS attacks carried out on a scale never seen before (such as Mirai botnet), hacktivism and a multitude of cyber warfare tactics; these attacks often lead to serious data breaches and sensitive information theft. The ITRC reports there were 980 data breaches in 2016.
A Technical World
Think back just a year or two. How often did you hear about “internet-connected devices”, aside from your laptop, or the “Internet of Things (IoT)”? Now they’re commonplace in various installations all over the world. We now have “smart” TVs and refrigerators; home automation hardware; wireless security cameras and many more. As we introduce more internet-connected technology into the marketplace, the security of these devices is of the utmost importance.
From a business standpoint, you must take a broader approach to security; unfortunately, there continues to be a disconnect between the security professionals and the C-Suite. Many business owners and CEO’s don’t fully understand the evolving cyberthreat landscape, other than that it has a tendency to put a significant dent into their yearly budgets. But make no mistake about it – failing to properly secure the enterprise can have devastating effects.
What’s Needed for 2017?
Now, let’s get down to it. As we move into 2017, enterprises should take time to evaluate their environment.
- Where is my data located?
- What am I trying to protect?
- Who has access to it?
- What’s my BYOD (bring your own device) policy?
- How secure are my endpoints?
- Is my perimeter strong enough?
- Is my staff qualified to monitor our network security posture for incidents or indicators of compromise?
Many people may be surprised to hear this, but often the greatest threats aren’t coming from outside of your network in a targeted attack. Rather, it’s your end users who are most likely to put your business assets and data at risk, unknowingly or not. Employees are keeping copies of sensitive data on vulnerable mobile devices and without a significant commitment to securing your infrastructure and data against threats from either side of the firewall, companies will continue to remain at risk due to the more sophisticated and prevalent attacks.
If the trends and evolution of the threat landscape in 2016 are any indication, you can bet that more companies will face interruptions due to ransomware, phishing, data leakage due to negligence and theft or compromised mobile devices due to malware and spyware. Most companies can still expect, at a minimum, to be the targets of automated scans and sweeps from malicious actors attempting to discover services or exploits running on public-facing servers.
Utilizing industry leading technology and partnering with a managed security services provider, like Proficio, will assist in the task of keeping your company’s data, assets, and services safe. Proficio’s ProSOC services gives you a team of experts that will monitor your networks 24×7 for everything ranging from simple NMAP scans to compromised web servers and infected Android devices, to full-blown malware infections, data exfiltration, and botnet activity.
If your company isn’t ready for 2017, schedule a demo with Proficio today.