We're full speed ahead into the new year - and that includes plenty of happenings in the cyber security world. Here are five things to watch out for in 2017.
IoT Threats Will Begin to Take Shape
Gartner predicted last year that we'll have 21 billion connected devices by 2020. While connected devices offer convenience, they also make the possibility of IoT threats more distinct. Recent attacks showed us that the IoT is a valuable tool and target for cyber criminals. The security industry, businesses, and consumers alike all need to come together to tackle IoT security. This starts with education but security should also be front and center in the product development phase. As more devices become connected, we all have to do our part to protect the ecosystem that is created.
BYOD Brings New Era of Workplace Threats
Think about your company - do you use your own mobile device or computer for work? Or maybe the company provided you a laptop, which you take home every evening. BYOD is a perk for many employees, but it can also be a headache for employers. As work from home (WFH) and bring your own device (BYOD) policies continue to take shape, we'll see a new kind of threat facing businesses in the form of devices used and accessed outside of the office and IT's control.
To combat this, companies must prioritize building a BYOD policy in partnership with IT, risk management, and legal counsel. Employee education is also critical since they're among the most likely breach point for companies that offer WFH and BYOD policies. Once employees know the importance of creating strong passwords, updating software on their devices, and not sharing data unless absolutely necessary, they'll be more knowledgeable and willing to play their part in protecting the business.
Consumer Password Practices: Same Problems, New Solutions
Poor password use continues to plague consumers, which leaves them vulnerable to attack. In 2015, "123456" and "password" were the No. 1 and No. 2 most-used passwords, respectively. With the volume of breaches increasing, it will be more important than ever for consumers to use long, unique, and secure passwords across accounts.
We saw more "aftershock" breaches in 2016, and expect that trend to continue. Much like an earthquake aftershock, the effects of breaches may reverberate and be felt long after the initial disaster. Attackers will continue to sell old username and password information on the dark web, months or even years after the credentials were first stolen. As a result, companies that didn't actually experience a first-hand data breach may feel the effects of multiple unauthorized logins or other attempts at accessing information. This is one of the themes being discussed in the wake of Yahoo's most recent breach, which uncovered that information from one billion user accounts had been taken in 2013. To fix this, expect to see some alternatives to the common password - such as two-factor or biometric authentication - in 2017 and beyond.
Hollywoodization of the Hacker Will Bring Mainstream Awareness
Shows like Mr. Robot have started amassing a loyal following over the past several months. While there's certainly some embellishment in any fictional portrayal, these programs do a good job of showing what things are really like within the cyber security world. We expect to see a higher level of interest and fascination with hacker culture and cyber security, particularly from younger individuals, who are more digitally connected than any generation before them. Additionally, major DDoS attacks were ultimately traced back to relative amateurs. This shows hacking is more accessible than ever before. Consumers' rising interest in cyber security, as well as these kinds of attacks in the headlines, will boost the popularity of these shows and mix entertainment with education.
Ransomware Will Threaten Hospitals and Other Enterprises
One of the more overlooked types of identity thefts is medical identity theft. That will change this year, as we'll see a higher number of attacks from cyber criminals targeting hospitals and healthcare organizations. This industry has primarily relied on paper to keep documents and secure information, but as it moves into the digital world with electronic health records and mobile applications, it will become more vulnerable. For most healthcare organizations, losing data would be a devastating blow. Because of that, ransomware will remain the key attack method, as it provides an easy way for hackers to cash out.
Healthcare organizations aren't alone, either. Remember the San Francisco transit system hack? It's a foreshadowing that the transportation industry is a prime target for ransomware, as well. It'll be interesting to see how these industries work to combat cyber criminals.
We'll be keeping a close eye on things in 2017. Much like last year, it's sure to be full of new developments in the cyber security world and new takeaways for businesses and consumers. As always, businesses that are proactive with their cyber security will be in a better position to mitigate risk.
Follow Joe Ross on Twitter: www.twitter.com/CSIdentity