Amongst the discussion on emerging security trends for the year ahead, one thing is becoming evident, we as individuals are the weak point for any security system. It has been reported by KnowBe4 that 98% of cyber attacks rely on social engineering. As the threat and security landscape evolves, individuals are a constant weak point for businesses’ security. The following article outlines new forms of attack which are likely to become prevalent in 2018 and the ways in which businesses are vulnerable.
98% of attacks rely on social engineering
Humans are the weak point in any security system, and hackers take advantage of this when attempting to breach your security.
Trends to watch out for in 2018
As defences against traditional ransomware continue to improve, the profitability of such attacks will decrease. This will prompt a shift towards non-traditional types of attack. One thing is clear, more ransomware attacks are expected in 2018, and they will likely be targeted towards individuals such as senior managers and high-profile executives.
Here is a snapshot of expected trends this year:
- Email will still be the number one attack vector, with phishing becoming increasingly sophisticated, however, other forms of social attack will increasingly become part of the landscape. Vishing (voice), smishing (text) and others will be utilised.
- Search result tampering driving users to compromised websites.
- More highly targeted attacks on senior managers and high-level executives.
- Increasing adoption of serverless apps and its associated risks.
- Cyber insurance policies will still not cover human error – unless specifically asked for.
Ways in which your employees can put you at risk
James Beswick, Co-Founder of Indevelo claims that the majority of security breaches result from mundane occurrences often related to staff and procedural failures.
Whether, or not malicious intent is involved there are various ways employees can put you at risk:
- Data access breaches
- Not careful enough with email
- Uploading work documents to personal cloud storage systems
- Installing web applications without consulting IT first
- Sharing login credentials
- Choosing weak passwords, or not changing passwords frequently enough
The common consensus when it comes to cybercrime is that human error is our biggest vulnerability. Therefore, adopting and encouraging behavioural change is the best form of defence in this area.
To achieve behavioural change, it is best to focus on two to three behaviours at a time. Start first with high risk behaviours, such as an employee uploading company documents to their private cloud storage system. Once these have been corrected you can move onto implementing solutions for lower risk behaviours, such as password changes.
Companies must develop strong processes for new starters and leavers to ensure company data is safe from unauthorised access. Read our article on Employee Offboarding to find out more.