There were some very significant data breaches in 2017, the worst on record in fact, with Yahoo, Verizon, Whole Foods, Uber, and Equifax all falling victim to the antics of cyber criminals. The Equifax hack alone compromised the personal information of nearly half of the U.S. population.
Of course, these are enterprise-level companies making the headlines, but there are countless hacks on small and medium-sized businesses that go unreported to the public, which is why many SMBs feel like they are safe from being targeted.
Hackers love that train of thought, especially when recent data shows that almost 50 percent of SMBs have experienced a cyber attack and more than 70 percent of attacks explicitly target small and medium-sized businesses. Even more concerning, is that 60 percent of SMBs go out of business within the six months following an attack of this nature.
Operating a business north of the border doesn’t provide protection either. Recent figures taken from developed nations around the world show that Canada is third in reported data breaches in 2017, only behind the U.S. and the UK. Even more startling, that same report suggests that cybercrime costs the Canadian economy between $3 billion and $5 billion per year. Beyond the direct financial impact a cyber attack can have on your business, the public relations backlash is a another nightmare that can be even harder to recover from. And for businesses that think they can keep an attack quiet, be reminded that Ottawa plans to fine Canadian companies that fail to report data breaches in the year to come.
And that massive Yahoo hack? Turns out a Canadian operator was behind the whole thing. The threat is not only real, it’s in our own backyard.
Point taken? Good. But before you prepare to institute an enhanced cybersecurity strategy for your business or organization, there’s more you need to know. 2018 marks the evolution of cybercrime and thus any new measures taken to protect your interests must address not only the threat today, but the impending ones of tomorrow. As one of Canada’s top IT solutions providers with extensive insight into the state of cybersecurity, we have outlined the threats you need to watch out for in the year ahead, and beyond.
Four Cyber Attacks Your Business or Organization Needs to Prepare for in 2018
1. Hackers Recruiting from Within Your Organization
This is the scariest concern of all, because even with a staunch cybersecurity strategy in place it may be fruitless if the threat comes from an internal human resource. Researchers have uncovered growing activity within the online black market, activity that proves hacking groups are attempting to recruit company insiders for cybercrime. These recruiters are paying top dollar to insiders because all that it takes is one successful ransomware attack to recover the cost. Internal recruits can do anything from handing over passwords to simply opening a malicious email on a key company computer. The possibilities (for hackers) are endless when they have someone on the inside.
Moving forward, organizations must take the insider threat more seriously, instituting IT security systems to carefully monitor staff for suspicious online behavior, without violating their privacy. It is also advisable to implement restrictions on data, allowing access only to staff who require it.
2. Attacking the IoT
To a business, the Internet of Things (IoT) is a network of smart devices that connect and communicate via the Internet. Interconnectivity is the key, as devices collect and exchange information through embedded software with the help of hardware such as cameras and sensors that pick up light, sound, movement, and an assortment of spatial cues. The devices used to make your business operate more efficiently function automatically or are controlled and monitored remotely. That definition alone allows you to see the possible implications regarding cybersecurity.
Simply put, the IoT is susceptible to hacking. While your current cybersecurity protocol is focused on company computers and servers, savvy hackers are zoning in on your staff wearables, company vehicles, ePOS stations, air conditioning systems, and everything else that connects to the web to help you maintain your business.
In some instances, an IoT hack can provide backdoor entry into a network and allow access to sensitive data. However, even when not connected to valuable information, handing over access of a device, machine, or vehicle to a hacker can put your business at great risk. For example, air conditioning failure can cause a server room to overheat and shut down online operations, costing you a small fortune within hours.
There are some businesses that feel they are cut off from the IoT threat, including construction companies and manufacturing. But can you imagine the potential for disaster if an automated bulldozer or other form of heavy machinery is taken over by someone with malicious intent? IoT hackers can hijack any web-enabled device and use it to disrupt operations while holding it over your head until a hefty ransom is paid. Moving forward, your cybersecurity solution must address the IoT in your organization and protect every endpoint.
3. Exposing Susceptible Serverless Apps
Serverless architecture allows your business to take advantage of online applications and services without worrying about servers. The technology lets your development team (where applicable) focus on your core product without concern for managing and operating servers or runtimes. By reducing this overhead, your developers can devote time and effort towards the development of better customer-focused tools. For instance, leading fashion retailer Nordstrom currently uses Amazon’s AWS Lambda (a popular serverless application) to manage its websites, mobile app, and in the development of a new recommendations engine to process customer requests.
When you hear the word “serverless” it sounds like one less cybersecurity concern, right? Not quite. Cybercriminals evolve along with technology, and in noting how large scale retailers (and others) have adopted serverless architecture, they too have targeted the tech. Serverless apps remain vulnerable through traditional methods, including privilege escalation attacks and attacks on data in transit across a network.
The use of serverless applications will grow in 2018 and so will the number of attacks on any business depending upon its design. At the bare minimum, cybersecurity protocol must ensure that traffic on the application takes place over a VPN or that some form of effective encryption is used.
4. Breaking Links in the Supply Chain
By definition, a supply chain is a system of organizations, people, activities, information, and resources involved in moving a product or service from supplier to end user. There is a sharing of information that occurs along the supply chain, information that should not leave the channel.
Since hackers know that many businesses are tightening up ship in 2018, they are looking to others in the supply chain in order to get access to data owned by their main target. In addition, hackers can disrupt their target’s businesses by disrupting operations of another in the chain.
Somewhere in that system of organizations, people, activities, and resources, there will be a weak link. If your business depends upon the supply chain in any way you must coordinate cybersecurity efforts. Your updated protocol should focus on the weakest spots in your supply chain, making sure that vendors and other parties involved adopt strong, scalable, and repeatable processes, ones that have been dictated by you.
While everything above is meant to put your organization on alert for 2018, the intent is not to scare. Instead, the goal is to present a clear call to action that now is the time to schedule a comprehensive cybersecurity audit for your business. Contact Fully Managed for a consultation today and find out what true peace of mind feels like.