As technology continues to make the world ever more interconnected, 2017 could mark a significant shift in cybersecurity threats that small and medium-size businesses face. The issue is not that the security outlook will get better or worse, but rather that businesses will need to pay attention to threats that don't make them primary targets yet still render negative consequences.
Most of the time security experts have spent tracking ransomware has mainly involved direct, intentional attacks on a high-profile target. Key examples include going after major U.S. hospitals that had the funds to pay large ransoms and a particularly urgent need to regain access to their data. However, that changed last November when a ransomware attack on the San Francisco transit system turned out to be the result of self-propagating malware that had no intended target and instead spread as widely as possible.
Ransomware scammers may well try to duplicate the success of this scattergun approach in 2017, and the relatively low level of resources needed to do so means many will hit small and medium-size businesses for small but reliable ransom payments.
Businesses must go back to basics and revisit their security software now that a "simple" breach could result in direct financial costs beyond mere disruption. In some cases, cloud hosting services might offer a level of security that is not viable on an internal network.
Internet of Things
The Internet of Things is really a simple concept with possible significant consequences. The term itself describes the rocketing number of devices other than traditional computers that are connected to the Internet. The danger is that we often do not think of these devices as computers in need of security protection.
For the multinational giants that make the devices, be they smart light bulbs, electronic locks or internet-connected security cameras, the obvious threat is of hackers trying to disrupt or disable devices to exact extortion, access data or simply cause trouble. Or, gain control over these devices and pivot to more critical systems. For small and medium-size companies, the real danger is being among those inconvenienced by such attacks if they too use smart devices.
The consequences can be overblown, and the level of exaggeration can distract attention away from genuine damage. For example, a recent story about a hotel’s electronic room locks being remotely activated by hackers and leaving guests locked into or out of their rooms turned out to be mundane in reality. The attack simply meant staff could not reprogram keys when guests checked in. However, the hotel has since decided to return to old-fashioned physical keys, which could result in inferior customer service.
With smart devices offering so many benefits for SMBs – for example, cutting energy bills through smarter heating and power controls – the key is to not simply rely on the manufacturer’s reputation but to proactively prepare for the risks of devices being compromised and the knock-on effects on day-to-day business. IT consulting experts could offer value-for-money advice in this field.
Mobile internet is another area where businesses risk indirect consequences from a wider trend. 2016 marked the first time that mobile devices made up more internet usage than traditional computers worldwide. Within the U.S. alone, mobile users made up 42 percent, and that number is rising rapidly. This will inevitably lead to cybercriminals exploiting security weaknesses in mobile operating systems through browsers and mobile apps.
That could be particularly bad news for smaller businesses where “bring your own device” is a useful way to keep costs manageable while letting staff work on the move. Rethinking mobile strategies will be a valuable exercise – looking at how to make sure staff devices aren’t compromised, how business-critical data can be isolated from such attacks, and how to prevent a hacked device becoming a route into the business’s network. It may also include searching for dedicated mobile apps that include enhanced security.