Cyber-criminals are smarter than ever, and 2018 promises to bring some of the most advanced attacks the world has seen. With an estimated cost of around $6 trillion per year attributed to cybercrime, it’s easy to see that digital crime is just as lucrative for criminals as it is damaging to businesses. Cybercrime isn’t going away, but you can do a lot to prepare for attacks by understanding new technologies criminals are employing to steal your data and money while destroying reputations along the way. Here are the four biggest threats to watch out for.
AI and Machine Learning-Based Attacks
AI and machine learning are two of the biggest buzzwords in technology today. Cybercriminals are beginning to harness these tools in a number of clever ways as well. According to Martin Giles in a piece for MIT Technology Review, “Machine-learning models can now match humans at the art of crafting convincing fake messages, and they can churn out far more of them without tiring. Hackers will take advantage of this to drive more phishing attacks. They’re also likely to use AI to help design malware that’s even better at fooling “sandboxes,” or security programs that try to spot rogue code before it is deployed in companies’ systems.”
McAfee’s annual threat prediction report also suggests that sophisticated attacks using AI and machine learning are likely to be some of the biggest threats we face. While these attacks are becoming more advanced, they still typically rely on classic phishing tactics, and you can prevent them by educating users about how to spot and avoid various online scams.
With threats like WannaCry and dozens of others, we’re permanently reminded of the damage ransomware causes, and the problem continues to grow. According to a report by McAfee, ransomware issues grew 56% in 2017. Trend Micro also lists ransomware as its number one cyber-threat for 2018, calling it the “land of milk and honey for cybercriminals.” Luckily, the cyber security world is beginning to catch up. Consumers are more scrupulous, fewer off-the-shelf ransomware is appearing, and law enforcement agencies are working to crack down on this type of cyber-fraud. But despite these efforts, the growth of ransomware is a clear indicator that we should stay vigilant. The best way to prevent ransomware (in addition to firewalls and anti-virus software), is to make sure you have rock-solid backups and recovery point objectives that are within your data loss tolerances.
Email Compromise Scams
As we noted in another piece about social engineering, email scams are becoming more innovative, and indeed, cybercriminals are stealing billions of dollars simply by sending spoofed emails that look quite convincing to the untrained eye. The FBI reports that business email compromise scams increased 2,370 (!) percent between January 2015 and December 2016. This adds up to $5 billion in domestic and international losses, with a total of 22,292 victims. Trend Micro predicts that this number will increase to closer to $9 billion in global losses this year.
One important thing to remember is that companies must create protocols for various types of transaction so a system of checks and balances within the organization can stop fraudulent transactions from going through. When it comes to phishing attacks through email, users should know how to spot spoofed emails, so they never open them by mistake.
Connected Device Attacks
According a report by Trend Micro, cybercriminals will likely spend more time attempting to abuse connected devices. Last year alone saw many distributed denial-of-service (DDoS) attacks that leveraged hundreds of hijacked Internet of things (IoT) devices. These attacks are likely to increase because they often allow hackers to create proxies and hide location data and web traffic, making it difficult for law enforcement to figure out where the attacks are coming from. Trend Micro also notes that many IoT devices take longer to patch, so vulnerabilities can remain unpatched for longer periods of time.
Other vulnerable devices include aerial drones, wireless home devices, and even bio-implants such as pacemakers. Trend Micro notes that many devices don’t have built-in security, which means users must take responsibility for their own security by ensuring that passwords are secure, and that device firmware is always up-to-date.
A single data breach can cost a company millions, but there are plenty of indirect costs too, including loss of reputation, a change in customer and investor perception, legal settlements, and more. While a specific dollar amount is difficult to calculate, it’s obvious that investing in technologies that prevent the latest attacks is the only wise move. When it comes to protecting data, and preventing various cyberattacks, the tools you buy can easily pay for themselves if they prevent even a single cyberattack.