Though we're only in the early stages of 2014, data security experts have already identified a number of growing threats and new trends in cyber security.
As an IT professional, you know that new malware and cyber threats evolve for a number of reasons. First, as new platforms, devices, and other technologies emerge, hackers adapt their attacks to take advantage of new security exposures. Second, hackers are smart people, and just like other software developers, they are constantly innovating and developing new techniques and modes of attack.
With that in mind, let's look at the changing landscape of cyber attacks and what new attacks you can expect to see over the next twelve months.
New Cyber Threats: Symantec and Other Security Experts Weigh in
Symantec Labs recently released itspredictions for what cyber threats we'll see in 2014. Here’s a list of trends IT security consultants and other experts are most concerned about:
- Mobile malware. Phones, tablets, and phablets are all likely to see more cyber attacks in the coming year. The multi-platform experience is great for users, but a nightmare for security. An employee who accesses your network with their phone or tablet simply brings some of your company's private data with them when they walk to get a cup of coffee at a café with open Wi-Fi. Hackers have been notoriously good at taking advantage of weak security settings and open Wi-Fi to access data on mobile devices. IT businesses need to put systems in place to integrate phones, tablets, and PCs without exposing their data.
- Dangers of NFC. Near Field Communication is the use of radio signals to send information to smart phones in your immediate vicinity. Through NFC, smartphones are able to make quick payments and share information with a "bump." But unfortunately – just like open Wi-Fi – NFC exposes smartphone owners to local malware attacks.
- More android malware. Before Apple had its resurgence, the company would often point out how secure its products were. Skeptics countered by saying that Apple computers were under fewer attacks than Windows machines. 2014 will see a similar issue with the Android mobile platform. As Android has expanded its market share, hackers have been developing more and more malware to infect Droid phones and other Android devices.
- Attacks customized through social media. Symantec expects hackers to develop more sophisticated phishing scams by customizing their phishing emails to each victim based on data they pull from social media. New and more dangerous phishing emails will look like they are coming from friends and will include information that makes the email look personal.
- Ransomware. The last 12 months saw the proliferation of ransomware attacks. These attacks are simple, small-scale, and dangerous. Randsomware is a strain of malware that affects a device or PC, encrypting all its data. A prompt will appear on screen telling the user that if they don't pay the hacker a few hundred dollars, their data won't be released. These attacks are more or less like a bully threatening to beat you up if you don't give them your lunch money. They attack on a small scale and there's little you can do but cough over the money to protect your business.
A Preemptive Strike: Build Your Cyber Defenses in Anticipation of New Threats
Here's what you can do to prevent these new cyber threats from attacking your clients.
- Update, update, update. Anytime there's a new risk, remember that outdated software is even more exposed. Whether you're using android or other mobile platforms, it's vital to install new updates immediately. Even waiting a day exposes you to more risk. (For an example of how old mobile software is at risk, read our post "Stale Coffee: Old Versions of Java Expose Programmers to Cyber Liability").
- Know which insurance covers you. E&O Insurance covers most small IT firms' cyber liability exposures. When your clients are hacked or attacked by malware, they can sue you. Without E&O insurance, you would be forced to pay for the lawsuit yourself. Fortunately, E&O coverage can pay your legal expenses for data breaches and other cyber liability lawsuits.
- Know which insurance covers your client. On the flip side, Cyber Liability Insurance (also called Data Breach Insurance) is something your clients might want to purchase themselves to cover their computers from attacks. Clients concerned about ransomware can purchase CL Insurance, which pays for the "ransom" and pays for the costs of a data breach to their network. (To learn more about the differences between CL and E&O Insurance, read "Where's your Cyber Liability Hiding?").
- Stay current. The metaphors used to describe cyber security are often medical. Attacks are "viruses" which "infect" your computers. The nomenclature is apt because, like viruses, malware is constantly adapting and evolving. Each year a new flu vaccine is developed to counteract that year's particular strains of flu. Unfortunately, there's no yearly malware vaccine. Instead, IT consultants, developers, and other techies need to advise their clients and develop software with an eye on the latest threats. Reading cyber security and risk management blogs or following important security experts on Twitter is a great way to be alerted to new threats and trends in data security.
- Educate clients and employees. Having policies about the use of NFC or unsecured Wi-Fi will go a long way toward preventing malware and other attacks. Teaching clients and employees the proper settings for mobile devices, strategies for password management, and other base-level security protocol is a simple and effective way to reduce the risk of a data breach.
In the coming year, IT consultants should expect more attacks on mobile devices. Those attacks will be more sophisticated and possibly even tailored to each user. Small IT businesses can protect themselves from these attacks by adopting smart security practices, covering their business with E and O Insurance, and staying abreast of current threats.
To learn more about the cost of protecting your data breach liabilities, check out these sample E&O Insurance quotes for IT consultants.