Where to start? 2018 was not the greatest year for cyber protection.
As many of my cybersecurity colleagues have brought up constantly this past year, cybercrime—especially in non-profit organizations—has become “another day, another data breach.”
Team members, security experts, security researchers, donors and clients, alike, all have succumb to breach fatigue. That numbing apathetic feeling of “this isn’t going to happen to me” or “they’ve already hit our neighbors, they’re too busy to hit us too” that ultimately puts your organization—your staff, your clients and your community—at even bigger risks for a full blown ransomware attack.
The reality is that cybercriminals are cutting through the apathy and fatigue. They’re getting even more personal with your team member’s activity online. They’re taking new approaches to penetrating your network (think about stealing your staff’s personal identities) while sticking to old favorites that work (looking for unpatched networks) to hit businesses and organizations harder than ever before.
My message to everyone in 2019? You can do it!
The tools to keep your business or organization safe are out there (one of the easiest ways to help evaluate what your organization needs is through a network security assessment). Rather than tuning out news on the latest attacks or warnings from big tech companies like Microsoft on newly identified threats, make sure you have someone on your team planning for changing security in 2019.
To realize the threats hitting 2019, I want to give you all a heads up on what the threat landscape looks like.
Here are the top 5 threats to look for:
Cryptomining Malware—when your computer is running a little slow, did you ever think it might be infected with malware? Well, in 2019 cybersecurity experts believe that criminals will hijack your computer by infecting it with a virus and then using your processing power for their own needs (including mining cryptocurrencies). Cryptomining has become more lucrative than ransomware. Criminals using your computers and servers to cryptomine do not have to depend on someone paying a ransom.
Software vulnerabilities and devices on your network—outdated software has started to provide some of the most effective means for criminals to break onto networks. If you’re thinking that software is only a concern on desktops or laptops, that notion is entirely outdated. When thinking about your network’s securities, think about all the different types of devices that connect to your network. Which have and have not been updated recently? Which pose the most risks? By evaluating devices on your network and prioritizing means to resolve security threats posed by outdated software associated with those devices will help make sure you’re not the lowest hanging fruit.
Free software might not be so free—cybercriminals are getting smarter by the day and one way they’re penetrating networks is by enticing users to download free seemingly helpful software. They are appending malicious viruses to helpful free software downloads. Cyber experts believe that downloaded viruses will be on the rise.
Ransomware is on the rise—as it has been for the last few years, ransomware is not going away anytime soon. Today, organizations get hit every 40 seconds. Why has ransomware persistently been on the rise? It’s easy. Criminals release a campaign and wait to reap the winnings.
Phishing attacks will be their way in—at this point, I’m sure you’re quite familiar with some of the common phishing scams hitting organizations. Emails asking for you to reset your credentials? Microsoft alerting you to log into your O365 account? Scammer pretending to be Cheryl from accounting wanting all of your personnel files? Email is one of the cheapest ways for criminals to get personal with your users. Phishing scams target 3 out 4 organizations every single day. If your team isn’t up to speed on the latest schemes and messaging, someone will probably open the door to a full blown attack.
Bots make them more dangerous—making one of the biggest threats in 2019 is definitely the use of bots. Criminals are seeking out botnets—remote controlled viruses and malicious software that automatically seeks and destroys on your network. To date, botnets have been the cause of the majority of mass-cyberattacks and ransomware events that have crippled the likes of the city of Atlanta, other governments and healthcare facilities. If your network isn’t detecting malicious or suspicious activity or isn’t configured to deal with botnets, you may have a big surprise when all of your networked devices are suddenly rendered useless.
My question to you is simple: Are You Prepared?
Do you know where your vulnerabilities lie? Have you prioritized what is essential to keeping your organization running? Could your organization even survive an attack?
Most organizations think they are safe until it’s too late. Every time I get a call asking for help after an organization has suffered a complete network shut down from a cyberattack (staff not able to work because they cannot access files, clients turned away because staff aren’t working and organizations at the brink of bankruptcy because donors and their communities losing faith in their data security), it pains me to have to step in to help, knowing whole-heartedly that their event could have been 100% preventable.
Are you really prepared for 2019 cyberattacks? The very least you could do to get on the right track is get a third party network security assessment.