By Michael Hall, Chief Information Security Officer
Computer security threats aren’t going away this year. They’re going to get worse.
And, they’re likely to create bigger and nastier problems for big and small companies alike as hackers create new pathways into even highly secure environments.
Google the term “security threat” for 2017 and you’ll get millions of hits with lists of threats expected to occur during this year.
Ransomware is Growing
Extortion is getting worse. You can expect more and better targeting of businesses through ransomware schemes that will demand higher extortion fees to unlock important data.
If that wasn’t bad enough, the hackers’ weapons keep improving.
There are many “off the shelf” programs that high-tech thieves can use to target your data. Once a solution is found to defeat one ransomware program, the bad guys can just buy a slightly different tool (created by a specialist) and continue to attack unprotected targets.
As big companies increase security protections, expect some hackers to shift their focus to midsize and smaller companies, which are easier targets because they do not have the cybersecurity expertise or budgets of their larger counterparts.
More Sophisticated Thievery
Steve Durbin, managing director of the Information Security Forum (ISF), told CIO magazine that we can expect bigger and more sophisticated attacks as the criminal enterprises mature.
“I originally described them as entrepreneurial businesses, startups,” Durbin said. “What we’re seeing is a whole maturing of that space. They’ve moved from the garage to office blocks with corporate infrastructure. They’ve become incredibly good at doing things that we’re bad at: collaborating, sharing, working with partners to plug gaps in their service.”
DDoS Attacks on the Upswing
Distributed Denial of Service (DDoS) attacks will also ramp up this year.
These criminal acts are designed to overwhelm a company’s website and shut it down by sending massive requests for information from armies of compromised Internet-connected devices. By co-opting growing numbers of these machines—like garage door openers, security cameras and other tools that are part of the Internet of Things (IoT)—hackers can knock a company’s website offline through the sheer volume of requests.
A huge DDoS attack last Fall took down a company that provides Domain Name Services (DNS) for several major U.S. businesses, thereby taking down the websites of those businesses. Expect more events like this.
Expect more attacks using third-party vendors. Even companies with excellent protection sometimes don’t account for the threat of a hacker who compromises the security of an outside maintenance provider with access to the company’s system. It’s much easier to get inside a company’s computer system if you can hitch a ride with someone who’s already got access, like a vendor or partner.
Security Skills Shortage
The IT worker shortage is real and could be getting worse in the cybersecurity area. According to a report from Cisco, there may be 1 million unfilled cybersecurity jobs around the world, including 200,000 in the United States.
The challenge now is to figure out how to get students interested in this area and train them.