Cybersecurity has emerged as a realm of action-packed drama over the past few years, complete with heroes and villains, predators and victims, fallen heroes, and high-stakes battles where countries face off against their enemies. The mounting risks had businesses across sizes and sectors scrambling to defend themselves against the top cybersecurity threats of 2015.
Privacy Rights Clearinghouse has recorded 220 million data breaches from 2014 to 2015 in financial and retail businesses, government and military, educational institutions, healthcare, and nonprofit; the breaches included physical loss, malware, unintended disclosure, payment card fraud, and more. According to PriceWaterhouseCooper’s “Global State of Information Security Survey: 2015,” the damage inflicted by hackers is “wide-ranging and severe,” and the financial toll gets worse every year.
A breach does serious damage not only to a business’s ability to operate, but also to its relationship with consumers. All the time spent developing great products, responding to customer needs, and investing in growth will have been for nothing if an organization isn’t effectively protecting itself. Let’s take a look at the top four cybersecurity threats of 2015 and what IT decision makers can do to defend against security breaches.
1. Mobile malware
The BYOD movement is unstoppable, but it elevates risk as much as it enables productivity, flexibility, and convenience. According to Gartner, “by 2017, 75 percent of mobile security breaches will be the result of mobile application misconfiguration.” This includes misuse on an app level. The more actively an organization and its employees embrace BYOD, the more vulnerable they become to attack because mobility opens up several avenues for exposing data and applications to serious risk.
For example, if an employee accesses an enterprise network from their smartphone without security measures in place, it opens the door for a hacker to roll right in and unleash malware to steal information (or money), wipe data, damage the network, and more. Or if an employee loses their smartphone, anyone who picks it up could potentially gain access to and infect the network. To mitigate these risks, enterprises need a strong, cohesive BYOD policy in place that includes strong password guidelines and provisions for remote lock, wipe, and entry.
2. Third-party attacks
Another top cybersecurity threat of 2015 was third-party attacks, where hackers break into an enterprise’s network through a partner service provider. Just as personal mobile devices present “easy” access points to hackers, so do relationships with third-party providers. It doesn’t matter how many deadbolts you have on the front door if the side door is unlocked—unwanted visitors can still get in.
Many of the breaches occur because third-party providers don’t take the requisite security measures. In the Target cyberattack in late 2013, hackers accessed Target’s network through a heating, air conditioning, and ventilation company the retailer contracted with. However, not all third-party breaches are this straightforward; according to Wired, hackers are increasingly attempting to breach certificate authorities so they can steal certificates to make their malware look legitimate.
Organizations can protect themselves by being careful about who they work with and hyper-vigilant about ensuring that their third-party vendors follow the same set of security guidelines. Cybersecurity should be part of any RFP process and enterprises should work closely with their contractors to make sure standards are in place, rather than relying on trust alone.
The cybersecurity attack waged against Sony in which hackers leaked troves of the company’s internal communications to the public—including some raucous emails—resulted in jobs lost and reputations damaged. The Sony attack was one of the first high-profile cases of ransomware.
The Sony attack attracted excessive media attention and could inspire a wave of similar attempts. McAfee Labs reported that the number of ransomware attacks on mobile devices is increasing and getting more sophisticated. Businesses with the most to lose are likely to be the most vulnerable.
You can protect your business from this cybersecurity threat by educating employees about phishing, which is one of the primary vectors of these threats. In addition, you should employ content scanning and filtering on mail servers, block end users from being able to execute the malware, and deploy a comprehensive backup solution.
4. Card breaches and identity theft
The Target attack was one example of a high-profile retail breach, but there have been hordes of others. A vibrant black market for bank card information creates a lucrative proposition for hackers. Contactless and mobile payments also present opportunities for hackers if a retailer doesn’t store data securely.
Any business that collects payment information online, whether the business is a provider of marketing automation software or a home goods retailer, has a responsibility to protect their customers. A breach seriously undermines customer trust and results in lost revenue. Working with a highly secure payment provider that uses tokenization, adheres to high PCI compliance standards, and uses data anlaytics to prevent fraud is key for reducing the risk of this threat.
Cybersecurity is constantly evolving: as soon as one threat fades, a more intrusive, damaging, and virulent threat takes its place. Cybersecurity can’t be an afterthought—it has to be a core part of the way a business approaches everything it does. Learn from the examples and mistakes of the past, and don’t let any of these top cybersecurity threats of 2015 get you in 2016.