New cyber risks emerge daily, and companies can find it challenging to maintain protections against known threats while also adjusting their response plans to account for new ones. While it’s virtually impossible to know exactly what cyber-criminals will think of next, it pays to be aware of new tools and concepts they may incorporate into their arsenals.
In our 2017 Data Breach Industry Forecast, we made some predictions about emerging threats companies would need to be vigilant for this year. Among them were:
- Hackers would find a way to exploit the growing popularity of virtual and augmented reality to steal personal information.
- Lackluster security and notification around tax return filings would allow cyber-criminals to continue filing fraudulent tax returns.
While no headline-grabbing virtual reality hacks appear to have yet occurred, many in the cybersecurity community are stepping up the call for companies to give more attention to virtual reality risks. Because virtual reality applications often interact with other systems via wireless connectivity, they’re as susceptible to hacking as any other system. What’s more, security measures to protect virtual reality or augmented reality applications are not yet at pace with the progress of the technology.
Tax fraud continues to be a concern, with W2 phishing attacks on the rise. Hackers use social engineering and spear phishing emails to trick employees into sharing W2 information that can then be used to commit tax fraud.
On the horizon
In addition to the risks already predicted for 2017, additional threats are emerging, including:
- Smaller data breaches that don’t require consumer notification are tempting some companies to forgo communicating with potentially affected consumers. While the number of attacks and breached records remains high, businesses should not adopt the mentality of notifying consumers only when legally required to do so. Notifying affected consumers is the responsible thing to do, and can help sustain customers’ confidence and trust.
- Phishing scams are becoming increasingly sophisticated, targeting bigger fish such as CEOs and high-ranking employees who have access to financial accounts and valuable data. The FBI reports that such scams have caused actual and attempted business losses of more than $3 billion.
- Small businesses have always been a favorite target of cyber-criminals, even though many small businesses continue to underestimate their exposure. Targeting of small businesses continues, and these smaller companies need to take defensive measures, such as moving data to the cloud and investing in cyber insurance.
- High-profile attacks on big-name organizations and celebrities are growing in number and scope. From a hacker leaking the new season of “Orange Is the New Black” in April when Netflix refused to meet the hacker’s ransom demands, to the high-profile attack on the Ashley Madison social website, the potential for fame is drawing hackers as surely as monetary gain might. Those in the limelight must make security a priority, take steps to prevent an attack and prepare to respond when one occurs.
- The WannaCry ransomware attack affected countries, businesses and consumers around the world; it’s a frightening example of the near future of ransomware, in which companies must prepare for large-scale attacks.
As new threats continue to emerge, businesses must prepare with preventive measures and well-organized, tested response plans.