Between widespread security lapses, phishing scams, and the seemingly never-ending series of hard-hitting ransomware breaches, organizations and individuals were plagued by an unprecedented number of cyberattacks in 2017. After one of the biggest and baddest years to date, cybercriminals are finding increasingly advanced tactics to nab victims, causing many to wonder what’s to come at the turn of the year.
Recently, we shared our team’s predictions for 2018 on topics ranging from the future of cryptocurrency to nation-state cyber activity. Today, we are sharing the results of an industry survey that asked 160 security analysts, IT leaders, threat hunters, and executives about which cybersecurity threats and trends are keeping them up at night as we head into the new year.
Ransomware: All Talk and No Game?
Last year was undoubtedly the year of ransomware. Game-changing attacks such as WannaCry and Petya wiped out entire infrastructures, disrupting hospitals and public utilities. The threat of ransomware became all too real, with 46 percent of organizations stating they live in fear of this type of attack before any other style of breach. But, despite its fear-mongering nature, only 25 percent of survey respondents reported they encountered an attack within the past 1-3 years. Of that percentage, a majority (67 percent) reported they did not lose any data despite not paying the ransom.
These figures made us wonder, are certain types of ransomware all talk and no action? Or, are organizations finally stepping up their training game to protect their data? The results support the latter, as 67 percent of organizations reported they have hosted and/or mandated security training within the past year, and 39 percent of business leaders treat security as a company-wide problem. Our findings indicate that the impact of ransomware rarely comes to fruition, and instead, has forced the hand of business leaders to make company-wide changes in order to protect their company’s assets.
Catch Up If You Can
While ransomware led the pack of the big bad breaches of 2017, we can’t ignore other methods like phishing, malware, and DDoS attacks that had ripple effects this past year. In fact, phishing and malware mark the two runner-up network security issues that worry security pros and business owners the most. Of those polled on this issue, some are concerned about brand and financial damage, while others fear loss of intellectual property.
Although we’ve seen some organizations beef up training and education programs to fend off cyberattacks, the rate at which cybercriminals are finding new tactics to target victims is outpacing the organizations that consider themselves the “hunted.” In 2018, organizations that treat cybersecurity as an IT-only problem (40 percent) and are starved of proper resources (50 percent) will fail to keep up with the attacker, placing them in a vulnerable position.
IoT Keeps Us Up at Night, In More Ways Than One
In 2017, ransomware, malware, and DDoS became household terms. Although half (49 percent) of survey respondents predict the same issues are bound to persist in the new year, the remaining 51 percent foresee new vulnerabilities to emerge.
Becoming increasingly concerned about the susceptibilities of new tech, 39 percent of security pros urge we turn our attention to the exposure that the internet of things will bring in 2018. While it’s certainly novel to talk to a speaker and have it tell you the weather report, these connected devices are not as harmless as they appear. After all, each connection to the internet poses a risk to our private information and network. As such, the proliferation of unsecured connected devices is the biggest threat we have yet to face, according to more than half of respondents we surveyed.
These survey results beg the question: what can organizations do today to prepare for these threats, old and new, that are anticipated to occur in 2018? Taking into account the past year and the industry’s forecast for the one ahead, here are a few resolutions to keep top-of-mind:
- Anyone (and Anything) is Fair Game for Hackers: When your organization or one of your employees is hacked, it’s not just an IT-problem. It affects the entire organization. Place investment in company-wide security training and education so individuals better understand how to approach a phishy email when they see one.
- Invest in the Right Areas: A publicly known data breach could have serious implications on the future success of the business. Account for security in the annual budget to invest in the proper tools needed to protect your company’s brand and data. We’re not just talking defense; threat identification and mitigation tools that prevent future attacks can make all the difference.
- Not All Scams and Breaches Are Created Equal: Exercise caution and skepticism – if something seems unusual, it most likely is. Take the time to get it right.