blog hero2x
Data Security & Privacy

2017 Cybersecurity Trends: What Every CISO Needs to Know


By Josh Young Dec 29, 2016

2017 cybersecurity trends what every ciso needs to know

With 2016 winding down, it's time to turn your attention to the future -- mapping out new projects, determining budgets, and preparing for the trials and tribulations of next year's cyberattacks.

Over this past year, the number of cyberattacks continued to rise steadily with the average data breach now costing a business roughly $4 million. This figure represents a 5.4 percent increase from the previous year, mostly due to:

  • Higher costs per document lost or stolen
  • Larger breaches that touch more records on average
  • Higher rates of customer loss after a breach.

And in 2017, you can only expect these trends and costs to rise.

Where Will Cyberthreats Come From in 2017?

Smart devices

The proliferation of "smart" devices will pose greater risk, with Cisco estimating that the number of devices contained within the Internet of Things (IoT) will increase to 50 billion by 2020.

Many of these devices lack sufficient security measures, offering new entry points into your network and providing cybercriminals with additional tools to exploit during distributed denial of service (DDoS) attacks. In fact, analysts at Gartner, Inc. predict that by 2020, more than 25 percent of cyberattacks will involve IoT.

Third party vulnerability

With many larger businesses shoring up network security to protect their data and assets, criminals are utilizing less direct avenues to access these systems -- third party vendors and suppliers.

Earlier this year, fast-food chain Wendy's uncovered malware on the point of sale (POS) systems of more than 1,000 restaurants. After investigating, the company was able to determine that the malware was introduced via a compromised third-party vendor's credentials.

Social engineering

Research suggests that since 2015, cybercriminals have relied on social engineering techniques as their primary exploit for bypassing network security. And this fertile avenue for attack will only continue into next year.

While you previously could identify phishing schemes by their poor spelling and grammar mistakes, scammers have grown more savvy, creating targeted spear fishing attacks that address employees by name and use easily gleaned details to create an air of credibility.

The rise of social media is providing new avenues for these schemes, circumventing most security filters and offering the ability to easily create fake accounts. And with these fake social media accounts, fraudsters can easily gain useful information about your employees or more easily convince them to click on harmful links.

Ransomware

While the explosion of ransomware seems to be slowing, software security firm Trend Micro still predicts 25 percent growth in these attacks for the upcoming year.

The firm also suggests that ransomware may become a common component of data breaches. After the cybercriminal has stolen whatever confidential data they can, they'll introduce ransomware to hold your servers hostage, further increasing their profits.

What Steps Can You Take To Protect Your Business?

Shore up your defenses

If your organization embraces a bring your own device (BYOD) policy or employs IOT technology, consider creating a tiered network architecture that limits access by user and device type. Establish clear requirements for personal devices, including security software, password requirements, and device location services.

One of the soundest strategies for mitigating the damage of ransomware is having a business continuity plan that involves regular file backups. If your business critical files are protected, then the potential loss of server data is less frightening.

Invest in the future

One positive trend that your business can take advantage of is the increased use of data analytics to identify potential threats. These tools can help catch intrusions that don't involve malware, such as identifying when valid employee credentials are used to access a system for the first time from an unknown device at a new location outside of business hours.

Encourage group participation

With so many threats targeted at and designed to use your employees, you need to make every member of your staff aware of the role that they play in network security.

Offer regular training that outlines common social engineering attacks and provides them with skills to detect when they are being duped. Make it clear to them the importance of maintaining strong passwords and an attitude of security awareness.

Kick the tires

Conduct regular vulnerability scans to thoroughly vet your cybersecurity measures. Coordinate with your IT staff or work with outside experts to perform penetration tests that include social engineering techniques.

The Next Step

While experts have toiled tirelessly this past year to patch security holes, criminals and hackers have worked just as hard to find new avenues of attack. Vigilance is critical, and your business can no longer rely on a handful of technicians to keep its operations safe. For 2017, security must become a shared responsibility.

To learn more about our security awareness courses, you can fill out the form on the right to request a demo.

Workplace Answers &
Click 4 Compliance Join Forces

We’ve created the world’s most comprehensive and engaging online compliance training library for companies around the globe.

Learn more View courses

We're sorry this resource is no longer available, we've redirected you to our Resource center.