Each year the number and sophistication of cyber attacks grow. It's not just an issue for IT departments today but also for C-Suite executives who have a lot on the line (their reputations, their companies' status and revenue, to name a few).
"Cyber criminals are becoming more industrialized and more organized," said Derk Fischer, a partner with PwC in Germany, according to SAP. "What we're seeing is the emergence of a new kind of 'industry sector' that thrives on the complex connectivity that characterizes the Internet."
With the transition from simple to complex cyber attacks, people are experiencing a variety of strategies never witnessed before. Of course, cybercriminals aren't afraid to go back to their tried-and-true tactics, which they'll continue to use in the coming years.
Despite the unpreparedness indicated by the increases in incident number and complexity, many companies do understand they're vulnerable, and have taken steps to safeguard their networks. In PWC's 2017 Global State of Information Security Survey, the majority of the 10,000 CEO, CFOs, CIOs and other top executives around the world who were surveyed said they had some type of threat detection tool in place. For example, 52 percent used an intrusion-detection tool, and over 51 percent regularly examined and analyzed information security intelligence.
Of course, the question now becomes: What about those other 50 percent of businesspeople who aren't protecting themselves their companies and their employees?
It's critical that people take the time to defend their IT networks. Let's look at what we can expect from hackers in 2017.
Expect the same goal, but different attacks
Cybercriminals typically have the same goals: Steal and make money. And that's not likely to change any time soon. However, how they attack and exploit devices continues to evolve.
While there are many types of attacks, we're going to focus on two that became major players in cyber crime last year and will continue to evolve in 2017.
1. Phishing scams
In its 2017 Global State of Information Security Survey, PWC reported that phishing scams were the top incident type this year. Thirty-eight percent of survey respondents said they were somehow affected by phishing scams.
If you're not sure what a phishing scam is, chances are you've already encountered one. Scan your email spam folder (but don't click any links!), and you'll likely notice a number of suspicious subject lines that say something like "Click here for a free device" or "Win a getaway vacation by entering your information." When you click on the link, a couple of things could happen: 1) Hackers install malware onto your computer or 2) You're prompted to enter your personal information to receive your "reward," thus exposing yourself to cybercriminals.
Sometimes emails are much more personal. The sender may say they've been trying to contact you because one of your computers or electronic devices has been compromised, and the only way to rectify the situation is by clicking the link and downloading cyberprotection software. If you don't recognize the email's sender, call them, delete the link or report it to authorities.
But phishing scams aren't only targeted towards consumers. Even high-level executives who regularly transfer wire payments or work with international suppliers could fall victim to what's called Business Email Compromise.
Why are phishing scam attacks increasing?
PWC suggested these scams are likely rising in number because cybercriminals are continuing to evolve to take advantage of weak points in systems or unaware prey. While they become more organized in their attacks, IT criminals are also developing into more sophisticated and resourceful hackers, and therefore less likely to mount complicated malware strikes unless there is a significant return on investment.
Instead, they're "living off the land" by taking advantage of already-in-place administration features and actions. It's much easier to exploit an unsuspecting employee – someone who doesn't quite understand the ins and outs of cyber crime – than to launch a complex attack that may take a lot of time, manpower and money to pull off.
How to protect against phishing scams: Delete suspicious emails, avoid generic messages from people you don't know, and never provide your personal information or credit card information to sources you're skeptical about.
Ransomware cases are growing and the type and sophistication of attacks are increasing. Companies or people who don't have the correct IT security networks in place (or know little about ransomware) can be caught off guard and be forced to spend hundreds, if not thousands, to have their screens and systems unlocked, or files unscrambled. Not only could these attacks cost businesses upfront, falling victim could cost them in terms of lost revenue and time.
In fact, in a report, Trend Micro noted that cybercriminals are going to go for gold in the coming years. Instead of ransomware attack requests ranging between 1-2 bitcoins ($775-$1550), requests could reach as high as 100 bitcoins ($73,000). This means one thing: IT criminals are willing to attack anyone and everyone, no matter how large the company is.
Jon Clay, Director, Global Threat Communications at Trend Micro, said ransomware attacks are evolving. Originally, they began as FakeAV before transitioning into locker ransomware. Now, cybercriminals are using crypto-ransomware to increase the infection rate per target and their return on investment.
Furthermore, hackers last year got a hold of some publicly-shared ransomware code. This type of code allowed them to manipulate it and create unique versions of the threat. This caused a 400 percent increase in ransomware families from January to September 2016. Trend Micro expects this trend to continue, and has predicted a 25 percent increase in the number of new ransomware families next year.
Finally, ransomware targets may differ from those in years past. We already mentioned larger corporations, but expect more attacks on point-of-sale service systems and ATMs.
The above information also applies to those who hardly touch their desktop computers. Trend Micro's report stated that cybercriminals will target mobile devices because this is still a largely unexploited market. They may also be less protected than desktop computers.
How to protect against ransomware: A few great ways to defend against the many forms of ransomware are by 1) Using a complete, robust ransomware behavior monitoring defense system, 2) Backing up your data in an offsite data storage unit 3) Re-enabling your ability to see hidden file-extensions and 4) high-fidelity machine learning.
Lightning may not strike the same area twice, but trust us when we say that your electronic device can be hacked more than once in many different ways. That's why it's critical you guard against ransomware, phishing scams and other types of IT attacks that could place you and your employees in danger.
IT attacks are expected to grow in the coming years, and no device is safe. If you truly want to protect your assets, you must use advanced security systems and follow best-practice IT safety protocols.