Remember those Tom and Jerry cartoons where Tom, the ornery cat that is always trying to catch the cute little Jerry the mouse? Tom is constantly tries throughout each cartoon episode to snatch, grab, or finish off Jerry. The funny part of Tom and Jerry? Tom never ends up getting his paws on Jerry.
While many security experts call cybercrime and security a cat and mouse game, that game isn’t really like the antics of Tom and Jerry. If we were to think of cybercrime like a Tom and Jerry episode, Tom would always get Jerry—an outcome pretty dire for Jerry.
You see, our global community—along with our local communities—has become almost completely reliant on digital platforms (from accounting to marketing to operations). Essentially, our stakes in the digital world keep getting higher.
The cybercriminals of this world have become expert hunters.
They are looking to hold all the cards—penetrating your network and ransoming your data, leaving you with little or no means of retaliation. The potential for profiting from hacking is so huge that they’re even recruiting and making big business out of hacking, stealing and ransoming your sensitive data.
In the world of cyber, the Toms are winning. This cat and mouse game is more serious than many of us might first think.
Cybersecurity Experts Are Saying “Plan Now For Emergency Threats”
The cybersecurity landscape projections for 2019 don’t look very good from a standpoint of criminals closing shop, switching careers, or getting worse at what they are currently excelling at. On the contrary, experts see these criminals—some of which may be in our backyards—planning for 2019 in hopes of making it the worst year for businesses and organizations yet.
Plan Now For Those Threats
My advice to you is this: start planning now. With threats getting worse in the near future, you have the opportunity to take action. Start learning about threats (reading this blog is a good first step!), evaluate your systems (experts recommend performing a network security assessment) and prioritize and shore up your critical network vulnerabilities.
Just to give you a glimpse into what criminals are planning in 2019, take a look at some of the “hot off the presses” attacks they’re testing and releasing this month:
Swarmbots—cybercriminals are now using nearly autonomous viruses that are capable of learning and optimizing their attacks specifically leveraging behaviors and setups in your specific organization. Their goal is to distribute across your network, working together to gather information and evaluate the right time for a complete network lockdown. Swarmbots are predicted to increase the speed and efficiency at which criminals are able to penetrate or breach your network.
Fuzzing—fuzzing is the process of finding vulnerabilities in devices. Criminals with highly technical skillsets actually look through source code on devices (think medical devices for instance) for vulnerabilities. They try to inject code, corrupt data or change an interface to give them access to either control vulnerable systems (systems your organization may depend on) or find ways to steal data (maybe donor information) to ultimately steal more from you and your community. While fuzzing has been around for years, criminals are getting more focused on discovering vulnerabilities in commonly used devices (many of which manufacturers have no real wish to improve or upgrade) and are finding ways to get onto your network through these devices.
How should your organization think about cybersecurity moving into 2019?
Identification— know where your weaknesses and vulnerabilities lie. First, make sure you have someone on your team that is monitoring where the cyber threat landscape is going. This person should know what the latest attacks are, where they are coming from, who they are targeting, how to detect them and be able to communicate any information users should know. Second, using the most current information on how criminals are getting into networks, your technical team should evaluate your network for easy vulnerabilities that could give them access to all of your sensitive information and files. As I mentioned above, the easiest way to address vulnerabilities is to perform a network security assessment.
Prioritization—Of the issues identified through a thorough network security assessment, identify which vulnerabilities should take priority. Most organizations fail at security because they are either NOT addressing any of their issues or they are addressing everything at once (resulting in nothing ever getting completed). Prioritization—identifying what vulnerabilities have the most impact on your organization as a whole—will help your team get through vulnerabilities and keep up with growing attacks and security threats.
People, Process and Technology—one of the biggest areas for security in most organizations is finding how to integrate security that is able to reach people, process and technology. Most often we simply blanket technology (organization-wide networks) with security, not taking any consideration of people and process. The problem with this is that people and process are severely impacted by many unilateral security decisions. Rather than mandating security top-down, experts suggest finding ways to improve process and habit towards securing your environments. Gradually change security through small process changes, with an ultimate goal on integrating your security stack to work with (rather than against) your people and their processes and habits.
The most important consideration with security?
Think proactively. Criminals are hunters. They’re scoping out ways (even as you read this blog) to get into networks. They’re passionate about technology and understanding intricacies of how networks are set up, the code your platforms are based on and finding ways to break through your technology. They’re hungry for big pay days. Unless you are keeping these things in mind when proactively strategizing for greater network security, you’ll miss the mark protecting your network against breaches and ransomware attacks.
Concerned you might not be doing enough? Take that first step. Evaluate where your vulnerabilities lie.