It’s that time of year when we look at what has happened in the past 12 months and project forward to the next with predictions of what may transpire. For more than 10 years, the company, FireEye, has been making predictions in the area of cybersecurity based on insights by their top executives, and they have just published their 2017 predictions on the cyber threat landscape. Without any downplay on the serious nature of cyber risk management, we have taken a few of their predictions and flipped them with some good news.
The Bad News – Organizations are going to have to invest in cybersecurity. Investment may be focused on integrating systems that aren’t compatible and adding automation to provide efficiencies. The shortage of trained security personnel skilled will continue.
The Good News – Organizations do not need to develop technical cybersecurity expertise in-house. Contracting with a managed IT service provider gives access to sophisticated tools and consistent expertise. Outsourcing counteracts the risk of experiencing a gap in security if key personnel leave, or if internal IT staff can’t keep up with the evolution of security technology.
The Bad News – The increase in the number of connected devices increases exposure to potential cyber attacks. More and more companies have devices that are connected to their networks that are not secure. These include manufacturing machines and equipment, environment sensors and controls, employee smartphones, security cameras, and any device that is connected to a network.
The Good News – Some IT support companies have tools that provide visibility and management of devices connected to a network. Having a Business Continuity plan with backup and disaster recovery measures documented and tested will minimize downtime and disruption in the event of a breach.
The Bad News – There will be a continued rise in the sheer number of cyberattacks. The Fire Eye report speaks directly about targets in less secure regions of the world but there are many organizations here in the US that are immature in their understanding of how cybercriminals work. These organizations continue to use outdated operating systems and software; weak password management and information access habits that put them at real risk for a breach.
The Good News – When the cybersecurity discussion involves envisioning the business impacts of cybercrime, security easily becomes a priority to be resourced. Training and education materials are available to help companies of all sizes become more knowledgeable about security. Outsourced partners can bring technical security up to speed with tools and best practices to better manage risk. Investment in updating software far outweighs all the costs of a breach.
The Bad News – Malware developers are actively formulating new ways to get past spam filters and anti-virus. Instead of using PDF and Excel files to download malicious software in email attachments, hackers are now using other familiar file types. Macros in common file types like Microsoft Word and PowerPoint can unload malware. (A macro is a way to package a program within a file.) Because the file type is so common, it can easily be disguised as a legitimate document.
The Good News – Security awareness training is an effective way to make employees wise to signals of potential fraud and how to respond to suspicious messages that manage to make it to their inboxes.
Many cybersecurity experts predict that it isn't a matter of "if" a company will be the victim of a cybercrime, but "when" because cybercriminals aren't just after large enterprise organziations. Learn more about how small and medium-sized businesses are rich targets for cybercrime, and how a multilayered approach to security is protecting companies like yours by watching our on-demand webinar.