Why 2016 will be the Year of Internet Insecurity

October 20, 2017 Emily Davidson

Cyber attackers are developing new methods to dodge, circumvent, and leapfrog defenses in ways that leading internet security companies are unable to fully anticipate. From the ground up, from personal use to enterprise-level security, the breadth and depth of cyber security threats grows on a yearly basis — the amount of breaches increased by 23 per cent from 2014 to 2015.

But cyber security analytics experts are reinventing the approach to building cyber defenses, by focusing on vulnerabilities and the exploits linked to them, rather than trying to address each specific form of attack. As more devices are compromised, cyber security experts have more data to work with to determine what the biggest dangers are going forward and you can learn what to avoid doing right now.

WE CONNECT EVERYTHING TO THE INTERNET

Ironically, the single biggest window of vulnerability for cyberattacks is the widespread adoption of internet-capable devices, commonly known as the Internet of Things. The Internet of Things has brought us internet-accessible televisions, gaming consoles, smart watches that open windows for data burglars.

Some research firms believe that there will be as many as 6.4 billion connected devices in use in 2016, which is a 30 per cent jump from 2015. By 2020, the amount could climb to more than 20 billion connected devices.

WE DOWNLOAD APPS WITHOUT THINKING

The race towards a more connected world has seen many developers skipping over the basic security fundamentals in the code of their software as they scramble to meet a rapidly-expanding market. But when developers get sloppy, their customers pay the price. In 2015, Symantec discovered that 52 percent of health apps — a hugely popular mainstay on smartphones and wearable devices — did not even have a privacy policy in place. In addition, 20 per cent of these apps sent all sensitive information (logins, passwords, data) back to their source in unencrypted plain text.

Indiscretions in consumer-level apps have led many experts to claim that smartphones represent the biggest risk category in cybersecurity going forward. The past year saw increasingly creative (and devastating) trends in the use of malware, Trojan viruses, and other traditional forms of cyberattacks.

Unfortunately, the amount of generally uninformed or under-informed users will always outpace the amount of apps and devices without robust security protocols.

WE PAY HACKERS TO GET OUR DATA BACK

The latest reports show that cyberattackers have taken to infiltrating enterprise networks and rigging the security infrastructure to turn the system against its intended users – extorting employees for cash by holding their connected social media accounts or data hostage until they submit to their aggressors.

Another favorite tactic involves planting fake software updates and simply waiting for companies to download them on their own, spreading the malware without any brute-force hacking required. In fact, five out of every six large companies (with more than 2,500 employees) were targeted by spear-phishing attacks alone in 2014 (a 40 percent increase over the previous year). Unfortunately, same fate awaits small and mid sized organizations. No one is safe...

CYBER SECURITY DOESN’T END AT THE FIREWALL ANYMORE

As much as the state of cybersecurity is always in flux, there are some universal best practices to help minimize your vulnerabilities and make sure your organization is in the best position when cyber attackers have it in their sights.

From a business standpoint, effective cyber security is about building up as many effective and non-redundant layers of protection at every point of your network as possible. From network security, to encryption, to authentication, you need to eliminate any weak points of entry.

By pairing with a dedicated managed security service provider, you can extend your IT team without (unrealistically) expecting your existing team to triple their coverage with the exact same level of human power.

TEACH USERS TO PLAY IT SAFE

In addition, mandatory and ongoing education for all of your employees must be established to make sure everyone is on the same page when it comes to accessing and protecting sensitive data on corporate devices. To make sure everyone in your organization really gets it, run practice drills and allow your people to come forward with their concerns and questions; if someone doesn’t know that they’re doing something wrong, they won’t even be aware of the security risk they present.

When it comes to personal use of connected devices, the key is, as always, to use a strong password. If you want a quick breakdown of the sorry state of the average person’s password, look at this list of the most popular passwords of 2015, and realize why it is almost too easy for a cyberattacker to get access to all of your information with little to no real effort. Use strong and unique passwords for each of your devices, and change them quarterly.

When it comes to social networks, be extra vigilant about what you click; Facebook-borne malware is becoming increasingly common, and the average person usually lets down their guard when they see a link from a trusted friend. But your friend’s account can be compromised just as easily as anyone else’s, so always think twice before clicking through.

Finally (and this one is a pain), take the time to read and modify the sharing permissions for any apps you download to your devices. Key factors to watch for are permissions about sharing personal data and allowing remote access; disable both of these if they’re not absolutely needed for your enjoyment of the app.

Get a deeper dive into the security threats we faced in 2015, by reading Symantec’s 2015 Threat Report.

Previous Article
Mobile App Mismanagement
Mobile App Mismanagement

Next Article
Confessions of a Hacker
Confessions of a Hacker