Wow, what a year for cybersecurity. Companies saw more than their fair share of data breaches in 2016, as Gemalto reported over 3 million records were stolen each day throughout the first half of the fiscal year.
The problem is clear—hackers are getting better at what they do best. How organizations choose to respond to this growing threat, and other trends, will ultimately dictate how 2017 will be seen in the eyes of cybersecurity analysts this time next year.
1. Ransomware will be the tool of choice
You heard it here first—ransomware will grow increasingly popular among cyber criminals, if it's even possible as it's already a favorite. A Symantec 2016 Internet Security Threat report estimated that 4,000 ransomware hacks were conducted each day in 2016, a number that grew three-fold over the previous year.
Ransomware allows criminals to hold data hostage in an effort to extort money from corporations, which can be a lot more lucrative and less time consuming than actually stealing information and selling it on the black market. All it takes is one vulnerable endpoint and someone can have unfettered access to an organization's entire database, which is why all-encompassing, preemptive cybersecurity solutions like Network Protection XGS will be pivotal to success in 2017.
2. Decision-makers pay more attention to mobile security
Smartphones are commonplace—when's the last time you saw a pay phone, let alone, someone actually using it? While mobile phones have undoubtedly made life easier, they've presented a unique challenge for organizations: How do you stop hackers from breaching the network through either company-owned phones or personal ones?
Many IT departments focus strictly on computer-based attacks, but a Ponemon Institute survey found 2 in every 3 respondents suffered a data breach originating from a hacked mobile phone. Cyber criminals are finding unique ways to hide complex viruses in seemingly innocuous devices—this can be a nightmare for any organization not properly equipped with a mobile cybersecurity solution like MaaS360. It's time to think outside the box—hackers have already started.
3.Access gets granular
Pretty much anybody with authority at a company is gifted access to all sorts of information nowadays, whether they need it or not. CIO.com reported this practice will likely die down as IT departments begin to realize this is more of a threat than it is a privilege.
Rather than offer up open access to the company's most valuable assets, IT departments will likely spend the time characterizing users' network habits, dialing in on the information they actually need and preventing them from getting to data they don't. This practice makes it more difficult for hackers to identify top-level employees and successfully phish for access. Privileges will most certainly get granular, as programs that monitor network topology and abnormalities like QRadar will undoubtedly become more popular among the cybersecurity community.
"80% of small businesses don't have a cybersecurity plan."
4. Small businesses start caring
Organizations of all sizes have a ton at stake when it comes to protecting internal, proprietary information, but perhaps most confounding is the way small businesses are approaching the matter. While Tech Republic reported that 63 percent of smaller companies see data as valuable as cash, a Nationwide Insurance survey uncovered that 4 out of every 5 respondents didn't even have a cybersecurity plan in place.
According to CIO, most organizations are finding themselves asking what they'll do when a data breach takes place, rather than if. This is the right mindset to have—and not just for larger companies. Small businesses are just as valuable targets as their competitors, and perhaps even more so because hackers know the chances cybersecurity solutions are in play is low. Expect many new startups and newcomer corporations to take a better stand on protecting information.
5. More employee training
Sometimes it's not a network vulnerability that invites a hacker in, but rather an employee unaware of any potential threat. An Experian study found exactly 2 in every 3 IT professional respondents identified employees as the weakest link in the cybersecurity chain.
Organizations will likely take more time in 2017 to teach workers about the warning signs of a phishing scheme or malware attack, and encourage them to develop better habits that mitigate the company's risk of exposure. A couple of educational sessions could mean the difference between a safe year or paying millions due to a data breach.