Last year was a landmark year for cyber attacks, with security breaches, alleged hacks and cybercrime assaults hitting the headlines almost daily.
While high-profile incidents have brought cybersecurity to the public's attention, cybersecurity was already a top priority for startups and corporations. And the problem is only expected to grow: According to Cybersecurity Ventures, global annual cybercrime costs are predicted to increase from $3 trillion in 2015 to $6 trillion by 2021. This includes a whole host of nasty byproducts of cyber attacks, such as damage and destruction of data, theft of intellectual property, embezzlement, fraud, business disruption and damage to the reputation of an individual or organization.
To combat the rising tide of cybercrime, cybersecurity spending is also going to keep climbing. According to Gartner, firms spent more than $80 billion on cybersecurity products and services in 2016, and that figure is expected to increase to more than a trillion in the next five years.
Cyber defense is a major concern for all businesses, but firewalls and virus protection can only do so much. In 2017, the main point of attack will be the humans in your business – hackers will attack through social media listening and using the growing mobility of the workforce against companies. Firms that suffer from the lack of cybersecurity professionals will be most vulnerable.
IoT Devices Open the Door to More Cyber Attacks
This year will also see an explosion in the number of devices hackers can launch assaults on, as the proliferation of the Internet of Things (IoT) gives hackers wearables, cars, smart energy meters, fridges, voice assistants and a whole host of other machines to try to crack.
From the beginning, experts have warned that the explosion of IoT devices would leave people, businesses and countries more open to cyber attack than ever. Microsoft estimates that by 2020, four billion people will be online, 50 billion devices will be connected to the internet and online data volumes will be 50 times larger than they are today.
Microsoft's IoT estimate is fairly conservative. Intel is predicting that there will be 200 billion devices connected by 2020. These will include 173 million wearable devices, according to IDC, and 90 percent of cars, according to Spanish telco Telefonica.
Each and every one of these devices will have to be secure at all times or they will provide a backdoor onto the network. That means the cars parked in the company garage, the wearables employees are using to track their steps and the smart energy management device the company is using in the building are all potential stepping stones to the sensitive data the firm has locked away in its servers.
A number of avenues are being explored to secure IoT devices, including a mandated level of security built in by manufacturers of IoT devices and getting ISPs to help block malicious traffic. But companies will also need to educate employees and ensure that their cyber team is aware of every avenue of attack.
Hackers Target the Weakest Link
The human aspect of cybersecurity is by far the most difficult for companies to manage. Firms need to be constantly educating their workers on the latest scams and spoofs to ensure they don't fall for hacker tricks. But those tricks are becoming ever more sophisticated.
For example, social media listening has been used by companies for some time to analyze and monitor what's being said about the firm for brand awareness and marketing purposes. But hackers can use these same tools to trace employees, learning birth dates, places of birth and mothers' maiden names and other personal identifiers for direct hacks — or picking up information about medical or financial concerns that can be used to launch phishing attacks.
On the other side of the human equation is the lack of trained cybersecurity professionals. There were a million open jobs in cybersecurity in 2016, according to Cisco, and the shortfall is expected to reach 1.5 million as demand climbs, according to security firm Symantec. Companies can outsource their security to third-party firms, and this is something that is likely to become ever more common as the skills gap widens, but outsourcing carries its own risks.
Companies must stay up-to-date on cybersecurity risks in order to play the best defense. But this year, IoT devices and human vulnerabilities require additional attention from cyber security professionals.
Interested in more reads like this? Subscribe to our Corporate Innovation Blog!