$42,750,000,000: That’s the total amount of money American consumers spent online during the 2013 holiday season. Although the number is impressive, market research firm comScore has suggested that the 10 percent increase in online spending from 2012 to 2013 actually fell short of expectations.
The growing number of online transactions during the holiday season seems indicative of the growing amount of everything we do online—from banking to email, social networking, healthcare and cloud-based applications, the internet is pervasive in our personal and professional lives. There’s no doubt that our digital shift has increased our productivity, improved our costs and given us greater visibility into the marketplace, but as the 70-million-person data breach at Target and its companion breach at Neiman Marcus over the holidays prove, with greater access comes greater risk.
“As individuals leverage both their personal communications devices in their daily personal and business lives, the risks to business and personal data will continue to rise,” says Daniel Fluke, NetStandard’s Information Security Officer.
As we look ahead to the major cyber security threats predicted for 2014, greater access seems to live at the core of most predictions. Cyber criminals are building on their successes from the previous year, and the security landscape is, as McAfee puts it, particularly vulnerable. What’s ahead for 2014? Our predictions are as follows:
1. More Ransomware Attacks. Remember CryptoLocker? After first hitting the scene in the fall of 2013, this Trojan virus continues to creep its way into networks through seemingly legitimate links, attachments and webpages. In 2014, experts are expecting to see more ransomware attacks like CryptoLocker in the business space, and with them, more instances of perpetrators seeking payment to “unlock” your systems. Fortunately, ransomware attacks can be avoided with a little forward thinking. If you receive an email that you aren’t expecting, don’t download attachments or click on the links. Similarly, don’t visit questionable websites (see a list of these here), and avoid downloading games, videos or music files from untrustworthy sources on the internet.
2. Increased Attacks on Mobile Devices. According to Booz Allen Hamilton’s reports, cross-platform malware is capable of sending hackers business and personal information from mobile phones. This type of malware is especially dangerous, given the upward trend of bring-your-own mobile device in the workplace. “Using your personal communications device for business purposes poses risks to both the individual and the business (and potentially those who do business with you),” says Fluke. “As the use of these devices continues to expand, so too will the potential for a negative impact on the business.” These risks, and the on-going threat of unsecured mobile devices that are at risk to loss, theft or employee misuse, emphasize the ongoing need for a solid mobile device management policy. “Leveraging some form of mobile device management (MDM) capability will be a good start in addressing these risks,” says Fluke. “However, that is only one part of a solution. Policies, procedures, education and training all should be leveraged in addition to a MDM capability.”
3. Attackers Will Focus More Energy on Mid-Sized Banks and Non-Banking Financial Institutions. Criminals love easy targets, and industry trends suggest that attackers will shift their focus from secure large banks to regional and mid-tier banks that may not have the resources or knowhow to implement strong security features. In the coming year, attackers (or cyber bank robbers, as the case may be) are also likely to cast a wider net—that means wealth management organizations, hedge funds and other non-bank financial institutions could come under the gun, too.
4. Internal Data Breaches Will Get Bigger and Bolder. Following a 2013 filled with news stories on healthcare data breaches that originated with careless employees, predictions suggest that 2014 will be another year of internal data breach headlines. Estimates suggest that more than 50 percent of data breaches originate from people on the inside of the company—a number that is a good blend of employees who knowingly and unknowingly let critical data slip. While forgetfulness can’t always be mitigated (a number of breaches start with lost thumb drives or careless social media posts), malicious breaches can be. Prevent data breaches at your place of work by ensuring policies for handling data are in place and publicized, conducting regular risk assessments, and encrypting sensitive data.
5. After April, Attacks on Windows XP Will Thrive. Windows XP users beware: on April 8 of this year, Microsoft will end support for this platform. According to Fortinet, this means that Microsoft will not patch newly discovered vulnerabilities and existing XP systems will be vulnerable to attacks. For the more than 15 percent of mid- to large-sized enterprises Gartner estimates will still be running XP at that time, this could spell disaster. According to Microsoft, the best way to mitigate loss of support risks and vulnerability to zero-day attacks is to upgrade to a newer operating system—and quickly.
6. Data Will Overwhelm Us. Big Data is a bit like fruit flies—great for research, but before you know it, they have propagated beyond control. Big Data will continue to be a hot topic for small and mid-sized businesses, but don’t get too caught up in the hype: in some cases with companies of this size, the cost of analysis outweighs the return benefits. Whether or not you choose to go down the Big Data path this year, do be sure to eliminate unnecessary data from your systems and be sure to keep tabs on what you want to keep (backup policies are helpful, too).
As we move into the new year, what cyber security trends to you expect to see? What has you worried? Share in our comments section below!