With 2.7 billion more IoT devices brought online in 2017, businesses saw that the attack surface – or number of exploitable vulnerabilities – expanded significantly. And with more susceptible doors to lock, the year began with 918 reported data breaches during the first six months, an increase of 164% from 2016. The year then ended with a number of high profile, devastating attacks, including the Equifax breach and the Wannacry attack.
Unfortunately, the silver lining’s not yet in sight. 2.8 billion more IoT devices will come online in 2018, and individual data breaches are now costing larger enterprises on average $1.3 million, and small and medium-sized businesses $117,000, according to a Kaspersky Lab Report.
The days when an anti-virus and a firewall would cut it, in other words, are long gone. Businesses need to be prepared. So let’s take a look at some ways companies can make certain they’re protected in the coming year:
With more doors to lock, make sure you control the keys to the kingdom
A larger attack surface means that businesses must show greater care in defining and managing the access privileges of users. This need is exemplified by the fact that, according to a report by analyst firm Forrester, 80% of data breaches actually involve hackers gaining access to privileged user credentials.
Accordingly, businesses should pay special attention to privileged identity and access management (PAM) – that is, to monitoring access rights for privileged users given administrative access to critical systems. With careful management of these privileged credentials, businesses are able to eliminate one of the main avenues and vectors hackers use to gain access.
>See also: 2017 was the year that defined cybercrime
The vigilant company will deploy PAM solutions, as well as enact company policies to enforce the correct use of those solutions. A cautious business will also aim to grant the least amount of access possible without completely inhibiting onboarding, offboarding, and necessary permission authorizations.
Don’t count on AI or blockchain to save you – not yet
On the subject of cyber security, there is a lot of hype surrounding AI and blockchain technologies right now – and for good reason: in the future the two will prove to be effective weapons in the war against cybercrime.
However, while an estimated two-thirds of global firms will be using blockchain in 2018, and the number of enterprises using AI will grow from 38 to 62% this year, the notion that a business can rely entirely on these technologies to safeguard its data is misguided.
That’s because the chief culprit underlying the vast majority of data breaches is inattentiveness to low-level security basics – like training employees to recognize threats, monitoring employee behavior in accessing data that can be used for financial gain, and revoking access immediately when employees leave the company. Around 90% of attacks, in fact, occur because of simple human error.
In other words, though cybercrime is a complex matter, the biggest step a company can take in the right direction need not be a complicated one. AI and blockchain might someday provide silver bullets, but for now firms should prioritise traditional security measures and utilise new technologies to supplement these more basic defensive measures.
Update software: today and every day
Speaking of neglecting simple security measures, the consequences of ignoring software updates were once more underscored by back-to-back global ransomware attacks this year.
The WannaCry ransomware attack of May 2017, which encrypted data from an estimated 300,000 computers worldwide, exploited a vulnerability for which Microsoft had provided a patch via a software update months earlier – the problem was many users had not updated their systems.
In the wake of the attack, media outlets, technology firms and cyber security companies around the world insisted people update their systems to avoid such catastrophes. The call, once more, wasn’t heeded by many – and a second attack, nicknamed “Petya” and exploiting the very same security flaw, attacked computers whose systems remained outdated the next month.
Though the consequences of not updating can be drastic, Avast’s 2017 PC Trends Report Q1 revealed that 52% of the most popular PC applications around the world remained out of date.
Nevertheless, updating your company’s software is the only way to fix the most recently discovered security holes. Often, it’s not updating simple applications like Flash and Java that leaves people most vulnerable to attacks.
To keep your data safe, keep your software updated.
Turning the tide
Though it’s often assumed to be an unwinnable game of catch-up between the good guys and the hackers who stay one step ahead – wreaking havoc by exploiting some newly discovered software/hardware vulnerability – so-called “zero-day attacks” are relatively seldom.
>See also: How can banks fight cybercrime?
When assessing the state of the war against cybercrime, therefore, it’s critical to remember that the majority of attacks are instances of criminals using “the same old bag of tricks” against companies which have failed to update software and/or be vigilant with low-level security basics.
So don’t despair. Rather, get your security ducks in a row. It can go a long way towards protecting your company and turning the tide in the fight against cybercrime.