Every year we see the security landscape evolve, with attacks becoming more sophisticated and targeted. Today everyone is at risk of becoming a victim of an online attack; businesses large and small as well as at home users, says Carey van Vlaanderen, CEO at ESET Southern Africa.
In 2016 we saw the willingness of some humans to participate in cybercrime activities at scale, these include: holding computer systems and data files hostage (ransomware); denying access to data and systems (Distributed Denial of Service or DDoS); and infecting some of the things that make up the Internet of Things (IoT).
Sadly, these trends will continue in 2017 and there is potential for cross-pollination as they evolve. For example, using infected IoT devices to extort commercial websites by threatening DDoS attack, or locking IoT devices to charge a ransom.
Let’s have a look at the five IT security trends that we predict will dominate 2017.
Ransomware
The demand for ransomware has risen, and will continue to do so – ransomware attacks against businesses increased threefold in 2016. The rate of ransomware attacks against businesses increased from one every two minutes to one every 40 seconds during January and September. Consumers fared even worse, with one attack taking place every 10 seconds in September.
In 2017, new ransomware families are to rise 25% as attackers increasingly look to target industrial environments in the new year. Cybercriminals will diversify to hit more victims and platforms. Among these could be ATMs, POS systems and even industrial environments.
The Internet of Things
The Internet of Things (IoT) brings household and other devices together via the Internet. IoT is creating lucrative opportunities for organisations. It is predicted that by 2020, there will be 34-billion devices connected to the internet up from 10-billion in 2015. IoT will account for 24-billion, while traditional computing devices (e.g. smartphones, tablets, smartwatches) will comprise 10 million
While IoT creates many positive opportunities for African businesses, with all connected devices come security risks, – whilst these flaws may not be of interest to hackers right now, it is just a matter of time. More than likely, a notable breach will occur when a newly launched product has a massive adoption by either businesses or consumers – or both.
Mobile security breaches
While mobile devices collect and store increasingly sensitive data, mobile malware is constantly evolving and becoming more complex – reinforcing the importance of, and the need for, secure mobile technology.
The success of Pokémon Go has spurred greater interest in Artificial Reality (AR) in general, making future AR applications attractive to cybercriminals seeking to inject them with malicious code, and then distributing their creations through malicious servers, hacked sites, unofficial stores and even official app markets. The technologies pose new security risks, together with other mobile dangers
Common sense – or the lack of it – will play a crucial role in security, and consumers and businesses need to be more aware of the risks of mobile.
Cybersecurity legislation
The ascendancy of technology in today’s societies, and the risks associated with its use, demonstrate the need to protect information and other assets at various levels and in various fields, not just for industries, companies and users, but also for countries.
The promulgation of laws relating to the scope of cybersecurity highlights the importance of implementing large-scale regulatory frameworks, which would contribute to reducing security incidents and preventing IT crimes, while developing and establishing a culture of cybersecurity.
The reality is that there are various tensions, positions and counterpoints, which means that setting it up is not an easy task. There is, without a doubt, a lot to be done, requiring collaboration between governments, private initiatives, the academic sector, and of course, users. All this will aim to achieve a broad objective: working towards the development of a cybersecurity culture.
Security education and social responsibility
It seems likely that 2017 will see the continuing of different types of malicious code, that ransomware will continue its infamous reign as the fastest growing threat and that most IoT devices will be targeted for a broader range of cybercriminal attacks.
We have reached the moment where we need to stop talking about security risk in generic terms. It is critical that users are aware of the type of attacks that can affect them. From email fraud to information theft – all must be considered plausible, and it is important to take the necessary measures, to avoid them.
The need for all users to be aware of the many threats, the ways in which they operate, and the best options for protecting their devices, are all points on which users should be focused to stay safe.
Information and its management are key aspects of today’s societies, and therefore its protection is vital.