This Week in Getting Hacked: The Best and Worst Passwords of 2017 EditionDecember 22, 2017
This Week in Getting Hacked: This Year in Getting Hacked EditionDecember 29, 2017
2017 is coming to an end, and it’s safe to say it’s been a wild ride. From a security standpoint, we can’t really say it’s been a particularly good year.
We’ve witnessed a global ransomware outbreak that cost America’s economy roughly $4 billion, more data breaches, and even a repeal of FCC’s privacy rules that allowed us, the consumers, to choose how our IPSs use our personal data.
Although some people claim that the rejection of FCC’s data rules won’t affect our privacy at all.
As we said before, the ride was pretty damn wild.
On a positive side, the vast majority of what’s happened in 2017 is basically business as usual for the cybersecurity industry. Companies that are still adapting to new cyber threats can actually learn something from all of these incidents…
The world of cybercrime is constantly changing. However, that doesn’t mean that your company should be left behind. While the next year will certainly hold some surprises, let’s see what lessons we’ve learned in 2017 that can help you prepare for the following year.
Security Lesson #1:
Companies can’t function without data. That’s just a simple fact. And that’s why his fact that so many companies around the globe do such a poor job of backing up their data is so shocking.
As Small Business Trends reports, a recent study revealed that around 58 percent of companies don’t have a backup plan for data loss. Perhaps the most concerning part of this is the fact that data backups are one of the best security methods against a number of attacks.
For instance, you practically can’t remove ransomware from any device without removing your data along with it, which is why most professionals recommend the so-called “3-2-1-backup.” The process requires you to make three copies of data and store it on different mediums, like a flash drive and cloud.
Security Lesson #2:
Hollywood has skewed our picture of reality in many different ways. So when we’re talking about cybercrime, most people imagine a hacker, dramatically typing away in a dark basement somewhere. But our reality is far more mundane than that.
In reality, a huge portion of hacks has something to do with social engineering. This method of hacking uses everything from deceit to emotional manipulation to get the information the hacker wants from an actual employee.
The problem is, most people don’t even know about this method…
And the worst thing about it – most of us are vulnerable to his. According to a recent study sponsored by Social-Engineer, staggering 90 percent of people are susceptible to social engineering.
Some people willingly give up their emails, phone numbers and even home addresses without knowing the person they are talking to. That’s not even the worst part, so bear with us here: around 66 percent of people will reveal their social security numbers employee IDs.
If you don’t want your employees to leak any sensitive information, you need to educate them on the matter. In some cases, this involves company-wide meetings where you discuss these risks with your workers. Naturally, this involves some effort on your part—but trust us—it’s more than worth it.
Security Lesson #3:
Lastly, we have some good news and some bad news. Let’s start with the good news. While this year saw the single biggest ransomware attack in history, according to F-Secure Labs research, we are going to see fewer variants of ransomware.
The bad news is, experts also think that companies, both small and large ones, are going to see far more targeted ransomware attacks in the next 12 months.
Of course, hackers and other cybercriminals are going to continue to develop new types of ransomware, but not nearly as much as the last few years.
This is because individual attacks aren’t too profitable at the moment. On the other hand, attacking companies is much more secure.
Cybercrime is a business after all, and no matter how weird it may sound, these large attacks are a proven business model. Targeted ransomware attacks against enterprises are sure money. In essence, cybercriminals want to make bigger sums from fewer victims.
The Bottom Line
The future is uncertain, but that doesn’t mean you should just sit around unprepared and wait for the next attack to happen.
By taking proper precautions and preparing yourself for whatever cybercrime can and probably will throw at you will allow you to avoid some of the more common pitfalls and help your company to prosper without any problems down the line.
Ransomware, phishing and other cyber-attacks are huge problems that some people still aren’t taking seriously. Just remember: Those who cannot learn from history are doomed to repeat it.