Dec 26

Industry Insights

The face of Cyber Threats in 2019

cyber crime

Cyber warfare has become the new battleground for business. Now no longer exclusive to companies over a certain employee size or revenue level, malware and ransomware is spreading fast among the mid to smaller sized businesses. These businesses are often less prepared, less protected and therefore more easily hacked and the cyber criminals know this! According to IBM 62% of all cyber-attacks are targeted at small to mid-sized business.

2016 saw a significant increase in the amount of cyber-attacks with some high-profile names making headlines: Yahoo, Three Mobile, Tesco Bank. Nowadays no one is safe from the threat of cybercrime from big business to startups, government agencies and even presidential candidates!
2017 will see further advances in the modus operandi of cyber criminals. Some existing trends will remain and new threats will appear.

Mobile Malware

Cyber attacks are not restricted to desktop and PCs. As the use of smart devices in the workplace increases businesses will need to put in place a Bring Your Own Device (BYOD) policy to protect their networks. Mobile working has been a trend in 2016 and will continue to be in 2017 but coming with it is the threat of a security breach. Some mobile malware can be embedded into a phone’s bootloader and even a factory reset won’t get rid of it.

Non Malware Attacks

This type of attack is difficult to detect as it exploits legitimate applications and processes running on legitimate systems. IDG noted that non malware attacks rose from 3% in January 2016 to 13% in November and it is expected they will continue to rise throughout 2017. An example is Powerware which uses Powershell, a Windows utility, to download and execute ransomware on victim’s PCs.

Internet of Things

IoT is a revolution in the IT industry but it brings with it the risk of a security nightmare. The scope for IoT development is vast, reaching across industry, the home, healthcare, government and agriculture. However connecting vast numbers of devices to systems introduces huge vulnerabilities. A lot of which aren’t even realised yet but the potential is there. From a prevention perspective IoT is still an evolving landscape for security professionals and will continue to evolve at a faster pace in 2017.

Automated Attacks

70% of cyber-attacks originate with phishing emails, opened and executed by employees. As part of a cyber security strategy companies should build in an education program to alert staff to what a phishing email may look like and what steps to take in the event of receipt of a phishing email. Automation of malware attacks will allow larger numbers of phishing emails to be sent out hitting more and more businesses at an even faster rate.

Failure of Companies to Prepare

One of the biggest threats to a business’s security is the business itself. Inadequate planning, lack of procedures and neglect in the continual monitoring of systems make businesses extra vulnerable. Most security breaches could be prevented if measures were in place. Smaller companies need to take particular note and not fall victim to the assumption that they won’t be targeted. Every network and device, even internal ones, need to be regarded as suspicious. Cyber security monitoring and internet reporting helps create a vital security benchmark and offer actionable intelligence such as identifying malware infected devices inside the network that would otherwise go unnoticed.

As the new European Union Data Protection legislation looms (GDPR) businesses of all sizes are well advised to make 2017 the year they get on top of their Cyber Security. The new legislation will enforce hefty fines on businesses in the event of a data breach. Compliance to the measures set out in the regulation will be heavily enforced.

We are already helping businesses meet the demands coming in the GDPR. We offer comprehensive cyber security services taking the headache and burden away from you. We monitor, report and identify suspicious activity in your network to pre-empt malicious attacks.