Moving into 2019, small and medium businesses face several, growing IT security risks. As companies continue to invest in IT, hackers also adapt. A proactive approach to IT support is necessary to mitigate the risks these threats pose. Below are three security threats to watch out for next year.
Internet of Things (IoT)
Many small to medium business owners do not realize the vulnerabilities their IoT devices present. The IoT comprises everything from WiFi synced thermostats to RFID inventory management systems. Part of what makes IoT devices such prime targets for exploitation is a lack of security standards in managing these devices and inadequate authentication mechanisms. IoT devices pose such a problem that a recent poll revealed 97% of IT administrators said that an IoT attack on their business would be catastrophic. Leveraging the IoT without implementing security best practices has created new opportunities for criminals. Consider the rise in cryptojacking, wherein hackers force company network infrastructure and devices to generate cryptocurrency. Not only can cryptojacking result in slower internet, but it can also incur significantly higher electricity costs. Another problem is that IoT devices create an increased vulnerability to distributed denial-of-service (DDoS) attacks. Last year, organizations across the world saw a 91% increase in DDoS attacks because of the growing use of the IoT. With IoT investment predicted to rise in 2019, small and medium businesses should begin thinking of how to manage their security risks with the gains of productivity from using the IoT.
Ransomware
Since the 2017 Wannacry and Petya attacks, Ransomware has been thrusted into the cybersecurity spotlight. Ransomware is malware that disables a computer and threatens an organization or individual with permanently locking the device or publishing confidential files unless the victim pays a fee. Several increasingly widespread technologies from cryptocurrency to the expansion in IoT devices are facilitating a growth in ransomware attacks. One trend among these attacks is extorting companies to make a payment in Monero, a cryptocurrency favored by criminals because of its difficulty in tracing. Ransomware inflicted a staggering $5 billion economic loss in 2017, making it one of the costliest cybersecurity threats.
Advanced Persistent Threats (APT)
APT is a type of attack where an intruder breaks into a network and collects data for an extended period, usually with the intent of stealing privileged information. According to the Ponemon Institute, these attacks are often undetected for as long as seven months. This past year, we saw a slew of nation-state sponsored APT attacks on the United States government as well as large corporations. Most of these attacks originated from countries such as Russia, China, North Korea, and Iran. Even though large corporations or states are usually the primary targets, small and medium businesses within the supply chain are often exploited to gain access to these larger institutions. Tactics of APT attacks run the gamut from spear phishing to deploying rootkits. Particularly devious of APTs is forensic destruction, preventing system administrators from determining if information has been stolen.
Key Takeaways
- 97% of IT administrators think an IoT attack would be catastrophic
- Poor security practices towards IoT devices will make more businesses vulnerable to cryptojacking and DDoS attacks
- Ransomware caused a five-billion-dollar economic loss in 2017
- APT will affect more small businesses part of the supply chain of larger corporations