The information security threat landscape is constantly evolving, but it’s not getting any less complicated. In 2017, Ponemon Institute research revealed that 1 in 4 businesses in the U.S. suffered a security breach. Threats aren’t equally distributed by business size, 50 percent of small businesses were targeted by hackers and health care organizations were also heavily-targeted by 15 percent of last year’s incidents.

Recent headlines have revealed plenty of scary threats, including ransomware epidemics and the emergence of wiper viruses. While it’s possible 2018 has new super threats in store, it’s likely you’ll face a well-established threat. From social engineering to weak passwords, you may be surprised by today’s most common information security threats.

1. Crimeware-as-a-Service

Some of today’s smartest hackers are selling ready-made crimeware to wanna-be hackers on the dark web by subscription, including malware-as-a-service and ransomware-as-a-service. Last year, 51 percent of security breaches involved malware, which can now be purchased through illegal channels for just several hundred dollars each month. Criminals are getting bolder–one pre-packaged threat called “Philadelphia” was recently advertised openly on YouTube.

2. IoT Vulnerabilities

Experts predict one of the worst trends in 2018 will be security vulnerabilities caused by connected internet of things (IoT) devices. InfoSecurity Magazine’s Tara Seals attributes this to the fact too many “devices are manufactured without security regulations or industry standards.”

If your business isn’t powered by high-tech sensor or beacons, you’re not necessarily in the clear. IoT devices include office technology. Like IP phones, printers, and routers–all of which could represent possible modes of entry into your company’s network. In one survey, 63 percent of companies admitted to a printer-related security breach.

3. New Compliance Requirements

If your company collects data on European Union Citizens, you’ll need to prepare to comply with the General Data Protection Regulation (GDPR) by May or face fines of €20 million–that’s approximately $24.3 million. Many companies will need to adjust processes and systems to meet requirements from the GDPR, PCI, HIPAA, or other legislation.

While compliance isn’t a threat, it plays an important role in discussions of information security. Just 28.6 percent of companies are still compliant a year after assessment, and failing to meet standards can indicate security risks. Compliance can also demand significant IT resources. If your company is struggling to balance compliance and cybercrime risks, you may need security help.

4. Password Theft

A staggering 81 percent of 2017 security incidents involved weak or stolen passwords, which was often combined with tactics like phishing, hacking or malware. One emerging trend is “password aftershock“–when hackers are able to successfully gain entry to a company’s network using username and password combinations stolen from other breaches due to people’s tendency to recycle the same passwords over and over again.

5. Email Risks

Phishing still works–66 percent of installed malware last year was delivered by an email. Hackers are getting savvier and increasingly employing techniques like social engineering to “spoof” malicious emails into appearing like they were sent by a colleague or personal friend.

Email is a critical business communications tool, but it’s also one of the easiest ways for hackers to get inside your network. Information security awareness training and testing are likely a necessity.

Conclusion: Are You Prepared for These Security Threats?

While 2018 could bring next-generation security risks, businesses are wise to take a look back at the most common threat trends that affected half of small businesses in 2017. Planning for the most common risks–like unsecured printers, weak passwords and phishing–could significantly mitigate your chances of suffering a data breach in 2018.

Avoid the costly impact of a security breach remediation with a complimentary assessment of your organization’s IT security. Click here to learn more.

Sources

• https://securityintelligence.com/know-the-odds-the-cost-of-a-data-breach-in-2017/
• https://www.cnbc.com/2017/04/05/congress-addresses-cyberwar-on-small-business-14-million-hacked.html
• http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
• https://www.darkreading.com/threat-intelligence/the-rising-tide-of-crimeware-as-a-service/d/d-id/1329102?
• https://nakedsecurity.sophos.com/2017/07/25/ransomware-as-a-service-how-the-bad-guys-marketed-philadelphia/
• http://quocirca.com/content/print-security-cost-complacency-121
• https://www.gdpr.associates/what-is-gdpr/understanding-gdpr-fines/
• http://www.verizonenterprise.com/resources/report/rp_pci-report-2015_en_xg.pdf
• https://www.bna.com/people-dont-seem-b73014447747/