Trend Micro is counting down the top threats to be aware of heading into 2018, looking at the vulnerabilities and potential points of attack to take into account for next year’s priorities.
This year saw the rise of some increasingly dangerous ransomware samples, including NotPetya and WannaCry. The latter in particular garnered 300,000 infections for hackers, resulting in losses topping $4 billion. Ransomware will continue to be an especially impactful threat next year which should be built into security planning and employee education and awareness.
Business Email Compromise
BEC attacks currently represent one of the most pressing threats for enterprises, with employees from across the business being targeted with sophisticated, legitimate-looking emails. The FBI reported that BEC scams have cost companies $5.3 billion so far. What’s more, losses will only increase as BEC schemes continue to be leveraged by attackers.
Threats to the supply chain
An attack on the supply chain could halt business, and not only for one organization, but for every company connected to that supply chain. Enterprises will have to be particularly vigilant when it comes to bridging gaps in supply chain security in order to maintain beneficial relationships with suppliers, partners and customers.
The information Security Forum (IFS) found that 2017 experienced a considerable increase in cybercrime due to Crime-as-a-Service, and that this trend will continue in the months to come.
Lack of employee awareness and training
Between sophisticated phishing and social engineering techniques, employees still represent a weak link in enterprise security. Without the proper training and awareness, this gap can become increasingly large, creating gaping holes through which hackers can exploit and breach the company.
It’s imperative that employees are educated about the most recent threats, as well as the responsibilities as part of the company’s security posture.
Sophistication of new threats
“The first half of 2017 saw the emergence of 382 new vulnerabilities.” In addition to the use of older, previously identified vulnerabilities, hackers have also been apt at spotting weaknesses before security researchers and software vendors. The first half of 2017 saw the emergence of 382 new vulnerabilities impacting top-used platforms from Microsoft, Apple and Google, according to Zero Day Initiative researches.
Connected devices and the IoT
As the capabilities of technology increase and disruptive systems are deployed in new industries, they will become prime targets for hacking and malicious activity. Trend Micro noted this pattern within connected devices being utilized within smart factories in industrial and manufacturing settings. By next year, more than one million connected, robotic devices will be utilized in this capacity, and it’s imperative that any organization – within industrial environments and beyond – using connected devices ensure that these are properly protected.
Unsurprisingly, the mobile platform will continue to be a top attack vector for hackers next year. As enterprises continue to enable employees to use their mobile devices for enterprise pursuits, it’s imperative that security is in place to prevent unauthorized access and ensure sensitive data remains secure.