2016 brought about more cyberattacks than we thought possible, especially involving ransomware, and we definitely won’t see that trend breaking stride in 2017. By next year, we expect every single adult in the US will know a blood relative that has had their identity stolen – the Internal Revenue Service reported that 2.7 million people had their identities stolen in 2014 and according to TransUnion, 19 people fall victim to identity theft every minute.
Here’s a quick tip: When you elect to use credit cards, stick to the ‘chip and pin’ cards – no swiping. Online, use your credit card issuers ‘one-time-numbers’ for purchases. Get a shredder and use it. Think of it as ‘safe recycling’.
Now I’m no fortune teller, but there are a few predictions I can make for the coming year – that I think most of us in the security industry can agree on:
· Ransomware will spin out of control – Symantec’s Security Response group has seen an average of more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase in the average 1,000 attacks per day in 2015 the company highlighted in its 2016 Internet Security Threat Report. o TIP: The best current defense against loss from this attack is to make backups of all your data in a separate place. Regularly and often.
· Dwell time for breached networks (up to 2 years in some extreme cases) will see zero significant improvement.
o Ponemon Institute found that when a breach was identified within 100 days, average costs were $5.83 million per breach. However, if a breach went undetected for more than 100 days, costs rose nearly 40%.
· Mobile will continue to rise as a key point of entry – with at least one if not more major enterprise breaches will be attributed to mobile devices. A Ponemon Institute report found that for an enterprise, the economic risk of mobile data breaches can be as high as $26.4 million and 67% of the organizations surveyed reported having had a data breach as a result of employees using their mobile devices to access the company’s sensitive and confidential information. o Mobile payments will bring our ‘what ifs’ to reality – biometric and ‘let me take a selfie’ sensations will only become more common as people realize that passwords can quickly become a liability – MasterCard’s ‘selfie pay’ and Intel’s True Key are just the tip of the iceberg. o TIP: CAUTION – treat your biometric data like your other precious financial and personal data.
· IoT vulnerabilities and attacks will be on the rise AND will increase the need for standardization for various security measures – hackers at this year’s Def Con found 47 new vulnerabilities affecting 23 devices from 21 manufacturers. o October saw a massive distributed denial of service (DDOS) attack on major global websites including Twitter, Netflix, Reddit and the UK government’s sites – reportedly powered by the Mirai botnet made up of insecure IoT devices.
For the sake of everyone’s personal and professional security, I hope these issues will not be as grandiose as we predict – however, the realist in me says otherwise.
