There may be no field as trend-driven as cybersecurity. This is because cybersecurity is largely a responsive concept rather than a proactive one.
Simply put, we don’t know what the threats are until they make themselves known. Someone has to be attacked before we know how to fend off these attacks. It’s just like your immune system: You need immunization through exposure to dead virus cells so that your body knows what to do when it sees those cells in the wild.
In matters of economy and security, “trend” doesn’t mean quite the same thing as it does in fashion and entertainment. “Trend” does not mean “what’s popular.” Rather, it means what it means in a more logistical sense. In cybersecurity, we follow trends because they point to something concrete, the landscape of the field. Of course, some means of tracking trends are more intelligent than others.
The problem with tracking trends in cybersecurity is that many people tend to focus only on the big breaches.
When SamSam is hit with ransomware or Facebook has a breach, people will take notice and adjust their cybersecurity plan according to these turns of events. In the hard reality of cybersecurity, these attack only give us an idea of what the big brands need to look out for. There is, of course, plenty of overlap, but around fifty percent of all attacks will focus on smaller businesses. Small businesses are a popular target because they have smaller budgets and fewer lawyers. There is less risk in attacking a company with modest resources than there is in targeting a national brand that has millions of dollars to put towards cybersecurity alone, and contacts within the FBI.
We also need to consider that small businesses have more entry points for cybercriminals than ever before. Gone are the days of quaint mom and pop general store that only deals in cash and picks all the apples themselves for the grocery section. Today, no business is too small for an eCommerce site, scanners and readers for assorted credit and debit cards, Internet-of-Things-enabled delivery vehicles and an iPhone app. We are all vulnerable, and small businesses may be more than anyone. They’re bigger targets than individual consumers, but not so big as to not be worth the risk.
So, what trends should you watch out for?
Here are a few that all businesses, especially small merchant, need to be aware of in the coming years:
Ransomware involves your computer automatically downloading files containing malicious code.
This is then used to hold the machine ransom. If you have vital files on the computer with no backup copies anywhere or the ransom is cheaper than replacing the machine, and if time is of the essence, then it’s easy to see how one would be tempted to simply pay the ransom rather than try to rid their machine of the ransomware.
This model has been around for a while and remains popular because of how effective it is. All the hacker needs to do is get you to download the file. Then he can block you from using your computer remotely until you pay up.
There are fewer hurdles to jump, fewer hoops for the hacker to jump through. They don’t need to know anything about your security features, your firewall, etc., they only need to know how to get your computer to download the code. From there, they essentially “brick” your computer, rendering it unusable, until they get what they want.
Of course, they can always just brick it again whenever they see fit, and there’s no guarantee that they’ll allow you access to your machine upon payment in the first place. If this happens to you, there’s no good reason to play ball with cybercriminals. What they hope is that you’ll be too scared to think straight and simply talk to a specialist about getting the ransomware removed.
All too often, it works.
The best way to prevent ransomware attacks: Simply stay up to date. Whenever your operating system updates, it’s usually because they need to patch up some vulnerabilities that allow cybercriminals a backdoor into the system.
This is a form of phishing that does not rely on downloaded files but remotely hijacks your system directly. The hacker can then take control of administrative functions, using the computer against itself. Around three-quarters of all cyber attacks are “fileless” today, and the number may grow in the future. These attacks are hard to detect because they use functions that probably came with your computer. These are not mysterious programs that installed without your knowledge two days ago, but functions that are operating as they are intended to operate, but maliciously.
Attacks from the Cloud
Although the cloud sounds like an ephemeral thing, one that is especially vulnerable to cyber attacks, the truth is that it’s a lot safer than some people seem to think. That said, hackers are getting smarter and learning new ways to attack businesses and other users from the cloud every day.
The proliferation of cloud-based technology owes primarily to fidelity. We’re going more and more high-fidelity, more granular and expansive in our data. All of the data that you need to manage even a small business, it’s hard to fit all of that on a laptop today as you might have five, ten years ago. This means that we rely more and more on cloud-based storage so that we don’t need a 10tb hard drive, we can just access the data remotely as long as our Internet speed i up to snuff. This also means that hackers don’t even need to break into our own systems to hijack our information.
You will find a number of things that you can do to protect against cloud-based attacks and they basically come down to good, common sense protocol.
First, make sure that your passwords are secure. Cybercriminals are opportunists first and foremost. They select targets primarily based on ease, on vulnerability, and on trial and error. In the modern day, one of the most popular means of attack for hackers is the same as it has ever been: Guessing passwords until they find the right one. With software designed to try millions of passwords across millions of accounts in a matter of minutes, all they’re looking for is someone who hasn’t appropriately safeguarded their account.
Secondly, you will want to keep the most important files backed up somewhere offline. Investing in a few external drives will allow you to do this without clogging up your work machines.
Finally, just be smart about who you’re sharing information with. Make sure that any network, any system you connect to is verified and reliable.
Beyond the typical cyber attacks that we’re all used to seeing in the small business sphere, cybersecurity experts need to concern themselves with a whole new breed of technologically-assisted crime and corruption. We’re seeing artificial intelligence becoming more advanced than ever. We also rely on AI for a lot of cybersecurity routines. Sometimes that’s for the better. Day to day, the AI will typically do what we tell it to do. But AI is usually tested in an enclosed, black box environment.
When the AI encounters an unknown factor, be it a cyber attack or just some point of data it wasn’t expecting, who knows how it will react?
Right now, the concerns of AI are a little like the y2k bug. It’s not that we can guarantee something bad will happen, only that we don’t know precisely what the fallout will be.
We also need to be aware of things like fake news and fake user accounts on Facebook and Twitter. Creating a sock puppet used to take a lot of effort. Now, malicious users can create thousands of fake accounts in minutes and use them to spread news articles created by algorithms in order to proliferate false information.
There’s not much that we can do about any of this as small business owners, nor are we necessarily the prime targets of this sort of thing. But the cybersecurity world is changing and will continue to change. Right now, nobody seems to be creating a fake news algorithm to punish a small business for not paying a ransom, but who knows where we’ll be in a year or two.
Cyber attacks in 2020 might have nothing to do with breaking into a system. Malicious actors in the future may be able to rob and plunder small businesses without ever cracking their network. Unfortunately, we don’t know how to tackle those attacks until they begin to happen.
Of course we could speculate any number of scenarios from here, but, fortunately, that’s nothing we need to worry about just yet. Of course, it wouldn’t be a bad idea to stay up to date. The nature of cybercrime and cybersecurity are changing, and we need to make sure that we’re ready to protect ourselves from whatever’s around the next corner when we finally get there. That’s why here at Maverick we provide our merchants with $100,000 worth of PCI breach coverage and unparalleled customer service to help protect our merchants.