2016 Security Threat Predictions - Part 1

At Innovation Project 2015, the former National Security Agency (NSA) Director, General Keith Alexander had some pretty dire news to report. Cybercrime is going to get worse, before it gets better. And the experts have a list of threats they think are going to be at the top of the bad list. They also have some ideas that will make it a little less bitter.

In the first two parts of this article series, we discuss the threats. After you have had a moment to soak that up, a separate article will talk about the future mitigation and how security experts think we will all try to stay ahead of the curve. In addition, there are some recommendations on how you can help yourself.

The following are in no particular order. They are all troublesome and all worth attention.

Ransomware becoming a primary form of attack. This type of malware can encrypt and hold your data for ransom. The dollar value to get it decrypted ranges from a few bucks to hundreds. Experts at the security company Norton did a study over a period of one month. The numbers were astonishing. Over 68,000 computers were infected with ransomware. Of those, 2.9% paid the ransom resulting in $394,000 in payouts to cybercriminals…in a single 30-day period. Often this type of malware is loaded from malicious websites that are visited via clicking links in phishing email messages. Other times just accidently typing in an incorrect URL will result in infection.

Do This: Make regular backups of your computer. Then, if this happens to you, a restore can be done quickly and easily without paying a dime. Also make sure anti-malware is installed on all your devices and that it is kept updated. Don’t click links in email messages unless you are 100% certain they are safe. If you do find your files held for ransom, don’t pay the money. That backup will be priceless at that moment and paying it out only encourages more of this criminal activity. Use caution when typing URLs into the browser to avoid accidently doing a “drive-by” and infecting your devices.

Phishing isn’t going away and will become more targeted. Phishing is the top method for getting users to install malware, click links that lead to malicious or undesirable websites, and to extract information from targets. Spearphishing is taking it one step further. These are considered Advanced Persistent Threat (APT) actors. The hackers actually seek out those who can provide the most value to them within an organization or an industry and stick with them over time until they can get what they are after. Often these targets are people with ability to make financial transactions. Business Email Compromise Scams are in this category and recently, the FBI issued a warning to businesses about this very thing. In 2015, this type of crime has resulted in over $1.2 billion in losses and it isn’t expected to decline in the near future.

Do This: Pay attention to what arrives in email messages and don’t click links in them that are not expected. If the sender is unknown, just delete the message immediately. If you are not sure, confirm via voice or separate email with the sender. Look for messages that use incorrect grammar, punctuation, and have typos. Make sure to confirm where links are directing you by hovering over them with the mouse pointer or holding down on them on a smartphone or tablet to see where it actually goes. If it doesn’t make sense to you, skip it. If you make financial transactions for your company, follow a multi-authorization processes before wiring or transferring money and always verify with the requestor via phone or separately composed email messages (in other words, don’t just hit the reply button).

In the next part, we discuss more of the ugly. Don’t worry though. There is a light at the end of this tunnel.

© Copyright 2016 Stickley on Security