2016 Predictions for Small Business Cyber Security (Part 1 of 2) 2016 Predictions for Small Business Cyber Security (Part 1 of 2)

2016 Predictions for Small Business Cyber Security (Part 1 of 2)

by Calyptix, January 11, 2016

smb-security-predictions-2016


Note: This is the first post in a two-part series. Click here for Part 2.


2016 is here and we have a full year of cyber security news and trends ahead of us.

But what happened last year? And what does it mean for 2016?

Read on to find out.

Prediction #1. ‘Things’ will show up for work

Employees have brought mobile devices to work for years. Every new device that joins the office wifi slightly expands the network. The same thing happens when a remote employee connects to the office network via VPN.

The constant stream of new devices and connections is expanding the small business network – which increases the attack surface and arguably increases the risk of a breach. How much the risk is increased is open for debate.

internet-of-thingsOne thing is for certain: the small office network is changing, and it will continue to evolve in 2016. The rise of the internet of things – i.e. the growing number of wifi-enabled gadgets – is part of that change.

Whether it’s a security camera, thermostat, or a Fitbit, more devices will attempt to connect to the network this year. Whether and how they are allowed to join is in the hands of the network administrator (you).

The number of new devices that try to join an SMB network next year will be small. It is unlikely to significantly increase the risk of a breach (as long as it is handled well).

In the years following 2016, this trend is likely to pick up steam. Since IoT devices are not known for strong security, this can present significant risk in the future. Thankfully, some vendor alliances are trying to establish IoT security standards to change that.

What should you do? Have policies to manage and control untrusted devices on the network. Isolate them. Minimize their exposure to important assets and network segments. And do not keep every asset on the same LAN.

Prediction #2. The cloud will darken

dark-it-cloud-2The last two years have been marked by a rapid rise of the cloud. Services from email to infrastructure are leaving the office and moving into the sky. The variety of these services and adoption will continue to expand in 2016.

Unfortunately, the risk of using cloud services will also rise.

The cloud trend is placing high-value assets (such as customer data and file servers) outside the organization’s immediate control. Data that thousands of companies previously stored on-premise is now aggregated and stored off-site by Amazon, Google, Microsoft, and others.

Some may argue that their assets are safer in the hands of large companies such as these. That said, every cloud service should be evaluated for the potential benefits, drawbacks, and risks it presents to the organization. As they have grown, some have become drool-inducing targets for attackers.

Cloud adoption in regulated industries such as financial services and healthcare more than doubled from 15% in 2014 to 39% in 2015. Adoption in unregulated industries almost doubled – jumping from 26% to 50% over the same period – according to Bitglass.

“[Thieves] want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are largely considered that fruit-bearing jackpot,” according to an Alert Logic Cloud Security report.

This raises security questions for all organizations, especially those that must comply with industry regulations such as HIPAA and PCI DSS. Not only must these organizations ensure their third-party service providers can protect their assets, but they also must ensure they do so within the bounds of compliance.


View part 2: 2016 Predictions for Small Business Cyber Security (Part 2 of 2)


Prediction #3. SMB networks will grow in size and complexity

The two trends described above – the increase in devices and cloud services connecting to the small business network – are signs that the network administrator’s job is growing more complex. More services are moving beyond the organization’s control.

Control over users is also decreasing as more people are bringing new and untrusted devices onto the network for personal and business use. The attack surface is growing.

What can you do? Establish and enforce strong security policies. Use a small business network security device like AccessEnforcer. Use network segmentation to isolate untrusted devices. Limit access to essential assets and block non-essential services.

Your small business network will change and grow in 2016. Put it on a strong foundation before you build it any further.

ransomware-virus-2Prediction #4. Ransomware will mutate and spread

Someone lit the fuse on ransomware in 2014 and it exploded last year.

Ransomware is a type of malware that denies access to a valued asset – such as data – and demands a ransom payment to restore access.

Crypto-ransomware is the hottest trend. It encrypts the data on a victim’s machine and threatens to destroy the decryption key if a ransom is not paid. Criminals have made millions of dollars with this scheme.

In 2015, several variants of ransomware had new tactics to avoid detection and worsen infection. For example, version 4.0 of the infamous CryptoWall ransomware encrypted not only victims’ files but also the file names.

The Chimera ransomware is also trying a new trick: blackmail. After it encrypts victims’ files, it threatens to publish them and identify the owner if a ransom is not paid. However, according to Malwarebytes, this is an empty threat.


View part 2: 2016 Predictions for Small Business Cyber Security (Part 2 of 2)


Criminals also tried new business models with ransomware. The Tox ransomware-as-a-service platform allowed attackers to set up and use the malware for free by paying a 20% commission the extorted money. The service was so popular that its alleged creator was quickly overwhelmed and tried to sell it.

In 2016, we expect the crypto-ransomware craze to continue. Criminals will find new ways to trap users, spread infection, and squeeze money from victims.

Do not be surprised if cyber criminals experiment next year with extortion techniques that extend beyond ransomware. One way or another, cyber attackers will seize business assets in 2016 and demand ransom payments to release them, whether malware is involved or not.

Also check out the latest Ransomware Prevention Kit from ThirdTier. It includes a ton of helpful information and tools, and it’s available in exchange for a donation to help support women who want to enter IT. You can donate any amount you choose. Learn more here: ransomware prevention kit.

Note: This is the first post in a two-part series. Click here for Part 2.

 

 

Related resources

Egress Filtering 101: What it is and how to do it

Small Business Cyber Attacks that Stole Thousands

4 Reasons Why Healthcare Data Breaches Are Rising

3 Simple Rules to Stop Malware

Photo credits: Global Panorama, Tom Rolfe

No Comments


    Leave a Reply

    Your email address will not be published Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

    *