Each day that goes by, cyberthreats increase simply because we live in a world where technology is ever changing and advancing. Today we are surrounded by devices that would have never been possible, ten or even five years ago. Threats have grown larger than just mobile phones, computers and tablets. Now that the Internet of Things (IoT) is growing, it has never been easier or more convenient for hackers to target the masses.
In the past five years, cybercrime has grown by leaps and bounds. Where hackers were targeting people’s credit cards, they are now broadening their scope significantly. Nowadays, cybercriminals are becoming less picky in who they attempt to victimize. It is no longer just about taking credit card information for their own but going deeper with malicious intent in every sense of the word. Hackers take advantage of Fortune 500 companies all the way down to the average Joe next door; in this day in age, everyone is a potential target. Everything from confidential information, credentials and even your secrets are perfect targets for cyber criminals looking to exploit you. After all, holding your most confidential information is, to most, worth paying a steep ransom to prevent being blackmailed or having their lives ruined due to information exposure.
But it isn’t just monetary gain that some criminals are after; rather some have an end goal of destroying lives to get what they want. Take Ashley Madison into account where in 2015, hackers exploited thousands of names, emails, addresses and more of users looking to have an extramarital affair. In the case of Ashley Madison, hackers demanded that Avid Life Media, owner of Ashley Madison, permanently take down the site along with its other two websites, Established Men and CougarLife. Some criminals simply want to ruin lives. Blackmail and ID fraud are just some other tactics used by criminals to get a reaction from their victims.
With the advancements in technology, hackers have realized over the past few years just how easy it is to make a profit off of victimizing people. For a skilled hacker who is an expert at staying anonymous, there is no easier way to make a profit than to target large numbers of people with little effort. It isn’t just devices they are targeting, it’s the apps we use too. These cyber criminals will spend their time dissecting a single app for vulnerabilities to exploit long before the app’s creator will realize there even is a vulnerability to begin with.
Tech companies have created so many mediums for hackers to get through, that unless these companies have one person dedicated to always testing vulnerabilities of each product they produce, it is near impossible to beat a hacker whose only task is to find a way to get through. And to make it even easier for cyber criminals, the software written by these tech companies usually is not created with security as a number one priority simply because they want to ensure that the product works effectively and makes a profit. Meanwhile, criminals are behind the scenes with their number one goal to exploit this product in every way possible.
Without a doubt, ransomware is king when it comes to the type of attacks that experts are seeing, but also on the rise are brute force attacks, and social engineering scams like never seen before. Attackers are becoming bolder in their approach to try and exploit people. Rather than waiting for you to simply type in your credit card information, cyber attackers are mastering an ingenious plan to trick you and sound convincing enough where you believe it. Phone scams are becoming ever more popular and incredibly believable. Some are going so far as to call you on your mobile phone and pretend that they are, for example, your grandchild in need of money after they were involved in a car accident. Others disguise themselves as your local bank representative to discuss your account. The examples are endless but thrive off of your paranoia and emotions.
Some criminals choose email to conduct their business and learn details about and/or your company to decide how they best want to attack. Some may opt to phish a single individual such as a CEO via email after spending days disguised as another employee and then prompt them to click an infected attachment within the email.
While the scope of targets has indeed opened significantly, there are still specific industries that seem to rise above the rest when it comes to being targeted. Tech companies, manufacturing companies, hospitals, and larger organizations tend to be a top target for hackers. As we have been mentioning, tech companies fall victim due to the products and software that they are creating. New technology makes it all the easier to reach consumers who will buy the product.
Manufacturers, whether they realize it or not, make tempting targets for several reasons. Not only are they making and distributing some products that may be easy to hack, but they also tend to be unaware of the vulnerabilities that the products may have. Manufacturers also become excellent targets for intellectual property that competitors may want to steal and reproduce for their own profit.
Hospitals and other large organizations have a constant flow of people in their databases and with those people come large quantities of valuable information. Emails, phone numbers, physical addresses and social security numbers are all at risk when it comes to larger operations.
Now we have more smart products than we ever have before and with people consuming these products at a rapid pace, companies will continue to create a way to make our lives easier and easier. Enter the IoT and the impact that it's already having on society. Though it may seem wonderful to have all of these inanimate objects suddenly wired into the internet for our convenience, what is the real price we pay?
Imagine how great it is for parents to watch over their baby through a monitor that's connected to their mobile devices via an app. It might sound wonderful and give you peace of mind until you realize that criminals can also see what you’re seeing.
Newer to IoT are door locks that connect to your phone so that you can lock/unlock your house at will remotely, however, so can someone looking to enter your home without permission. Not only will they be able to see from your phone’s GPS that you’re on vacation in Florida, but also have the ability to unlock your front door as well. It begs the question, “Do you need convenience at the cost of security and privacy?”
Though individuals are being targeted more now than ever using the same tactics as used against businesses, small to medium-sized businesses are still a top target. The reason being that SMBs are an easy target for someone who is looking to conduct malicious activity. SMBs are small enough where they may not have the means and expertise to protect themselves properly, however, they are large and profitable enough where they would pay a ransom to get certain intellectual property back. However, this is also the same market that tends to be reactive rather than proactive. To which experts ask, “How long can you afford to stay down?” This is a question that an SMB owner may have never considered but is wildly important to know. Unfortunately, for the majority of businesses who choose to be reactive, they lose so much revenue during downtime that they never fully recover and therefore, tend to go out of business within months.
With the cyber threat landscape being what it is, experts are still shocked to know that some businesses and even individuals still have little to no measurement of security. Alex Insley, Twinstate’s Unified Defense Strategies Technical Manager, urges businesses and even individuals to take these steps if possible.
- Have a reliable, cloud-based backup solution.
- Conduct a Vulnerability Assessment to see what “holes” might be in your network.
- Ensure that any hardware and software is properly patched regularly.
- Establish a firewall with IPS/IDS, antivirus and antimalware capabilities.
- Businesses should have a robust email filtering system to prevent delivery of malicious messages.
- Whether you’re a business or not, practicing safe password policy will help in keeping your network safe.
It’s hard to say for sure what the future holds for cybersecurity, but experts fear that malicious acts will get worse in the coming years. They foresee ransomware continuing to hold strong and social engineering rising. Hackers may not go for simply encrypting information, but will aim to take over entire systems, files and machines including system backups. It is critical that action is taken now to help yourself and your business get ahead of what might happen going forward as cybersecurity threats increase.
Originally published on 04/25/2017