As we saw in 2017 with the Wannacry attack that targeted different industries across multiple countries, cybercriminals are organized and becoming more sophisticated when it comes to malicious attacks. They have resources available and can deploy a range of focused tactics to ensure maximum disruption and increased financial gain. Last year, in many ways, should have been a wakeup call for organizations to ensure they are proactively assessing their systems and implementing processes to protect sensitive data and defend against potential attacks.
Security experts around the globe predict that high profile data breaches, similar to Equifax and Yahoo, will only increase in frequency and scope in 2018. It is important that you continue working to protect not only the areas on campus that are processing payment card data, but also implementing effective measures to secure all types of sensitive data (personal information, health information, student records, research data, etc.).
What types of risks should your organization be on the lookout for this year and what trends should you follow in order to effectively protect your data?
Ransomware Will Continue to Rise
Ransomware is a relatively simple form of malware that locks down an organization’s computer files and systems using strong encryption, and then the hackers demand money in exchange for the digital keys to regain access to the compromised data. It can be deployed cheaply through e-mail and can infect systems, laptops, and mobile devices, as well as smart/Internet-enabled devices. If organizations have not properly backed up their information, some will pay the ransom in order to resume business. Yet, paying the ransom is not a guarantee the data will be unlocked.
Ransomware attacks are likely to increase and become more sophisticated this year targeting high profile individuals and corporations. The good news is that, even though ransomware did grow by over 50% last year, the number of ransomware payments is declining. Train your employees to identify potential attacks and follow proper channels for incident reporting. You should also verify that all software is use is properly licensed and updated with the latest available patches. Most importantly, implement regular, detailed backups of all important files to avoid critical data loss and downtime, and expensive ransom payouts.
In 2017, many organizations moved huge segments of their infrastructures to the cloud using services like Amazon Web Services and Azure Web Services. Software-as-a-Service applications are deployed across the globe and will continue to increase as businesses work to simplify operations while making it easier for customers to access their services. Cloud services reduce the necessary resources for organizations by placing the primary responsibility for security and management onto the shoulders of the third-party. In the coming year, we may see cyber attackers really begin to take aim at cloud infrastructure providers. How you internally manage access to these systems and the level of authentication necessary will be critical.
Expansion of the Internet of Things (IoT)
How many of you received a Google Home or Amazon Echo for Christmas?
IoT devices will become a more frequent target for ransomware. Millions of connected devices have little or no defense against hackers who want to gain control of them, and many vendors are not able to appropriately deploy patches when security holes are exposed. It is only getting easier for hackers to take over large groups of connected devices using readily-available botnet kits. The top botnet kit — Andromeda and related malware families — are estimated to be responsible for compromising more than a million devices a month*. These botnets can then be used to launch DDoS attacks, send Spam messages, and disrupt business for many organizations. Verify that any network-connected systems and devices are properly secured – don’t forget about things like cameras, vending machines, etc. that could be leaving a hole wide open for attackers!
Increased Use of Mobile Applications
With hundreds of thousands of mobile applications available to help consumers accomplish almost anything from their mobile devices, many businesses are also using mobile apps as an integral part of their technology solutions. However, it will be important for organizations to verify they are evaluating the security of potential application vendors to ensure all appropriate security controls are in place, updates and patches are provided when vulnerabilities are identified, all contracts clearly define responsibilities in the event of a breach, etc. Organizations should also develop policies and procedures for securely downloading applications on both organizational and employee-owned devices, policies to prevent inappropriate app usage, procedures if devices are lost or stolen, etc., and ensure all employees are reviewing and signing off on their responsibilities annually.
Demand for Multi-Factor Authentication
Eighty percent of security breaches are caused by weak passwords, making organizations tremendously vulnerable. Passwords can be difficult to manage so people often keep them simple or re-use them across multiple sites and applications. With the massive breaches at Equifax and Yahoo, huge lists of personal information like usernames and passwords available on the dark web, as well as information that can be used to answer security questions on accounts. Shifting away from password-only authentication should accelerate as organizations turn to multi-factor authentication solutions.
What is our overall best advice for 2018? Don’t slow down – data breaches are a very real threat to any organization, regardless of the business vertical. Be vigilant about practicing and monitoring information security best practices – implement MFA solutions where possible, don’t ignore patches, update your anti-virus systems, actively monitor systems, and continue to involve and educate your end users!
Some additional guidance from our Security Advisor Team below:
[King]: From growing threats, such as ransomware, to growing technologies, such as cloud and mobile computing, the technology environment is ever changing. The big breaches we saw this year were a result of failing to maintain simple security controls, such as applying critical patches in a timely manner. Institutions need to have a proactive security program in place that both manages current security practices and is flexible enough to keep ahead of the changes. An important part of a security program is a vulnerability management program that accesses risk posed by a threat. An institution that understands current risks is able to respond effectively to better protect sensitive data in its custody.