The 5 Cyber Security Threats You Need to Be Aware of
As Security threats continue to increase on both individuals and companies alike, it’s important to know how to safeguard yourself & your business, and to understand where the threats are most likely to appear. Damage is inflicted by hackers who manipulate vulnerabilities against your systems and the consequences can be shocking. The good news is that if you know what particular vulnerabilities hackers will be most interested in exploiting, you can do a huge amount to protect yourself from such a breach.
What has changed since 2015?
PWC have conducted their 2016 ‘Global State of Information Security’ Survey, interviewing 10,040 executives from more than 127 countries, across all industries. This survey gives fantastic insight into the type of attacks that companies experienced in 2015 and what their plans are for the coming year.
Scarily, there was a 38% increase in the amount of security incidents reported in 2015 versus the previous year. 91% of respondents said they have adopted a security framework, or an amalgamation of frameworks while 69% are using Cloud based Cyber-Security for data protection, privacy, network security, and identity and access management. 59% of respondents are utilizing Big Data analytic’s to monitor cyber-security threats, respond to incidents and review data to understand why it happened and by whom.
This year, 54 % of respondents reported they have a Chief Information Security Officer (CISO) in charge of their security programme and 49 % have a Chief Security Officer (CSO). The roles and responsibilities of the top cyber-security executives have expanded in recent years and their demand is ever increasing.
Today’s CISO is a business manager who not only has expertise in security, but also risk management, corporate governance and overall business objectives. They are key elements within a company and the increase in companies who are hiring these people in house shows the value that is being placed on them.
So, what are the biggest cyber security issues we can expect to face in 2016?
1) Cloud Services
As we can see above, a massive 69% of businesses are using cloud-based cyber security measures. This rise is due to many factors including reduces costs, improved efficiency and the ability to make better use of big data. However, just because the technology is better doesn’t mean its security is. Cloud security brings its own set of threats with targets on critical company data and apps being common. Dell’s ‘Protecting the organization against the unknown’ survey, highlights 21% of companies have been affected by security breaches caused by cloud apps or usage.
Wearable tech is growing at a staggering rate in tandem with the Internet of Things. According to McAfee’s 2016 cybersecurity threat report, all it takes for a wearable security breach is some poorly-written code to create a backdoor into our mobile devices. McAfee predicts that within 12 to 18 months, wearable control apps will become compromised and provide valuable data for spear-phishing campaigns.
3) Warehouses of Data
2015 will certainly be remembered for its high profile security breaches with Sony, Ashley Madison, Anthem and TalkTalk all hacked with customer details stolen. According to McAfee’s survey, we will see a growing dark market for stolen data and credentials next year. Specialized marketplaces will be developed that will give Dark Web market users the chance to buy credentials for use in their next campaign.
Hacktivism, i.e. cyber-attacks launched for political and social reasons, is not a new concept and is growing at an increasing rate. Some of the data breaches mentioned above were carried out in the name of Hacktivism. Their arsenal of attacks have seen the increase of distributed denial-of-service (DDoS) attacks against websites that can bring them down completely or obstruct legitimate traffic. They also aim to breach corporate networks to steal data and conduct surveillance, or launch attacks that result in widespread damage to systems.
Yes, your own employees, oftentimes unwittingly, can be the biggest threat to your organisation. Employees without adequate IT training can become victims of increasingly sophisticated phishing scams, accidental data leaks and inviting malicious software onto your company’s systems.
However, these instances are sometimes carried out with intent. Cortney Thompson – CTO of Green House Data states that “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centres and admin accounts, can cause serious damage,”. He even goes on to say that “there [were] rumours that the Sony hack was not [carried out by] North Korea but [was actually] an inside job.
Food for thought indeed!
How can we face these threats?
The 5 issues listed above are security areas that need to be watched closely in the coming year. However companies are beginning to recognise the threats they are facing and are responding. 24% of respondents to the PWC survey stated they have increased their information security budgets in 2015, including hiring more internal security staff and working on collaborative projects to boost the understanding of protective methods. This saw a direct correlation with financial losses experienced by companies – down by 5% on 2014.
The biggest part of a defensive strategy is knowing where to expect your attacks. Through increased collaboration, reliance on big data analytic’s and growth of internal security methods, companies are ensuring they are in the best popular position to protect against attacks in the coming year.