Does your crisis management planning include cyber crime?
Every year brings new threats to the forefront, and according to experts 2014 is going to see an explosion in the number, and severity of, cyber attacks. If your crisis management plans don’t already include the possibility of data theft, systems being held ransom, or even completely being locked out of the ‘net, then you’re playing with fire.
Need ammo to convince others in your organization? We’re running down McAfee’s list of 2014 Threat Predictions, and what they mean to you.
1. Mobile malware will be the driver of growth in both technical innovation and the volume of attacks in the overall malware “market” in 2014.
We’ve already seen huge growth in terms of malware targeting Android (currently the most widely used phone operating system), and as mobile devices increasingly becomes the keys to our entire lives we’re certain to see more. Mobile devices are also predicted to become Trojan horses themselves, carting malware past the security perimiter on enterprise systems.
Many experts also predict Apple’s iOS is long overdue to see a high-level malware attack, and 2014 is likely to be the year it happens.
2. Virtual currencies will fuel increasingly malicious ransomware attacks around the world.
The world saw firsthand how frighteningly well this can work with Cryptolocker, whose creators have raked in an estimated $27 million while evading authorities by forcing those affected to pay the ransom via BitCoin.
Undoubtedly other criminals saw this profit and are racing to develop and deploy similar software of their own.
3. In the spy vs. spy world of cybercrime and cyberwarfare, criminal gangs and state actors will deploy new stealth attacks that will be harder than ever to identify and stop.
At first thought this might appear to be a problem isolated to government systems and political groups, but what about the thousands of contractors who work either directly with, or are associated with those who work with, government entities? What about companies that created software, or manufacture tangible goods for said entities? What about the maid service that comes in to clean the offices of said contractors? When you really stop and think, you realize politically-motivated cybercrime could harm a LOT of bystanders in the process.
Of course, the biggest scare here is the possibility of losing control of water systems, power grids, and other major resources that would cripple organizations of all kinds simply by removing critical infrastructure that supports society as a whole.
4. “Social attacks” will be ubiquitous by the end of 2014.
The pilfering of account access info from vast numbers of social media users is already going on, for the most part without the knowledge of those affected. In 2014, hackers will increase their ability to gain access and gather information, and use their access to spread malware and attack other targets.
5. New PC and server attacks will target vulnerabilities above and below the operating system.
We rely on our computer’s operating systems to support the applications we use for security, so smart hackers are aiming to bypass the OS altogether. Whether it’s injected malicious code into websites which then directly apply malware to the user’s system or attacks that focus on the BIOS, the core software that supports basic system hardware operation and tells your computer what to load on startup, and how.
6. The evolving threat landscape will dictate adoption of big data security analytics to meet detection and performance requirements.
In other words, the threats are growing too complex to be identified by traditional antivirus and antimalware progams, which operate off of, essentially, a “Good/Bad” list to block out known malware, malicious websites, spam, and network attacks.
Security experts are in a race against hackers to develop tools that will use massive loads of data and advanced analysis to identify the sneaky tricks hackers are learning to employ.
7. Deployment of cloud-based corporate applications will create new attack surfaces that will be exploited by cybercriminals.
Ah the cloud. This is going to be huge, and it’ll likely take a couple of devastatingly large security breaches before the general public truly understands. Even when forbidden by IT, an incredible percentage of users store company info in the cloud, whether to facilitate sharing with team members, work seamlessly on multiple devices, or just because it’s easier.
Problem is, placing trust in the cloud is giving cyber criminals a whole new angle to attack, and one that, once penetrated, can yield enormous amounts of lucrative information.
To sum this up, if you think 2013 saw a lot of high-profile hacks, you ain’t seen nothin’ yet. Protect yourself as much as you can, educate employees and coworkers on how to both avoid and detect possible cyberattacks, and above all plan for the possibility that you could be the first major victim of 2014.
——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-
[Erik Bernstein is Social Media Manager for Bernstein Crisis Management, Inc., an international crisis management consultancy, and also editor of its newsletter, Crisis Manager]
Jonathan L. Bernstein, founder and Chairman of Bernstein Crisis Management, Inc. has more than 25 years of experience in all aspects of crisis management – crisis response, vulnerability assessment, planning, training and simulations.
Erik Bernstein is president of Bernstein Crisis Management. Erik started with BCM in 2009 as a writer and subsequently became social media manager for the consultancy itself as well as for a number of BCM clients before moving to the president position.