Most Dangerous Security Threats of 2018?
What will be the biggest security threats of 2018? Would it surprise you to learn that YOU might be on the list? Read on to learn about the threats to your privacy and security that are most likely to impact you in the coming year… |
Are You Part of the Problem or the Solution?
Ransomware and “people” topped a survey of security pros’ predictions of the biggest cyber-security threats the world will face in 2018. But among the 72 respondents to research firm IDG’s question, there are more specific responses and a few threats that are less than obvious. The latter, I think, may be the more dangerous threats. Read on to learn more.
Ransomware is a proven money-maker for scammers. By encrypting the precious data of a corporation, organization or end user, ransomware inflicts immediate and severe pain. The promise of getting data back quickly by paying a ransom is keenly compelling. Additionally, ransomware and its attendant “victim relationship management” apps are now bundled into easy-to-use “Software-as-a-Service” sites that any aspiring blackmailer with a couple of hundred dollars can rent. So there will be exponentially more ransomware attacks launched in 2018.
The targets of ransomware are predicted to shift from low-value individuals and small businesses to major corporate and government systems. A crook can charge much more for the encryption key to bigger and more critical systems. Targeting key executives within a large organization with carefully crafted phishing emails is becoming a fine art among criminals.
That leads us into the “people” security risk, which IDG’s respondents cited 12 times to ransomware’s 11. There are many ways that human error can allow bad actors into a system whose hardware and software are well protected. You, faithful reader, may already know all about them. But the growing threat to you and your precious data is the staff of the online entities with which you do business.
Front-line employees are under ever-increasing pressure to produce more, leaving them virtually no time to think about whether they should click on the attachment to an angry “customer” complaint, or the link to a web page purportedly showing the cause for the complaint. Many of these staffers are unhappy, underpaid, and ripe to either cause their employers trouble or be recruited by bad actors in exchange for money.
Management, up to the C-level, doesn’t do enough to train staff in best security practices, enforce them, and demand that software systems prevent staffers from doing things that can let crooks in the door. Even IT staffers, who know better, fail to apply patches to software promptly.
An Ounce of Prevention...
In the recent Equifax data breach scandal, it was discovered that a directive to apply a simple patch that would have protected the credit histories of over 140 million Americans went ignored for at least two months. I surmise that the derelict IT employee was not irresponsibly negligent, but simply could not find time to apply the patch without “disrupting” normal business operations, which would have gotten him in trouble.
The insenstivity to security extends across supply chains. As firms become more closely integrated with their partners, a security vulnerability in one member of the group becomes a hazard to all members. Yet very little is being done by any given firm to vet the cyber-security of suppliers and large customers.
The oldest networked information systems, including critical utilities, financial services, and health care providers, are generally the most vulnerable to modern hacking threats. The industrial controls that govern the flows of water, electricity, and even street traffic were designed with only the crudest password protection, if any.
The Internet of Things is the fastest-growing “attack surface” for hackers on Earth. The makers of light bulbs, refrigerators, and coffee pots know nothing about cyber-security and don’t want to pay for pros who do. Even Amazon Key, the company’s latest “smart” innovation, allows delivery people to open the door to your home. But it launched with an easily-exploited flaw that would let a nefarious delivery driver walk off with the entire contents of a customer’s house.
“The IoT-connected world that surrounds each and every one of us is getting more complex, sharing more of our data in evermore opaque ways and getting less easy for the average user to understand, let alone to have any hope of controlling a perfect security storm,” wrote Nigel Harrison, CEO at Cyber Security Challenge UK, in his response to IDG’s survey.
Simply banning “smart” gadgets from your home is not a perfect defense, although it will reduce the attack surface your home network presents to bad actors. You have no choice about the software that the electric company uses in its smart meters, or the security practices of the public works department that controls water delivery and traffic signals, or the practices of 911 system administrators. You don’t even know what your car’s computer is doing under the hood, or how it can be hacked to kill you.
What you can do, and I urge you to do, is apply unrelenting pressure upon your government representatives and business partners - banks, Amazon, et. al. - to publicly demonstrate how they are acting to protect their systems upon which your livelihood and life increasingly depend.
Back to the YOU Part of the Security Picture
It never hurts to repeat a few personal security mantras. Below are some links to other AskBob articles that will help you tighten up your own defenses, and ensure that "YOU" are not on the list of the most dangerous security problems in 2018.
- Keep Your Software Updated
- Use Anti-Malware Protection
- Create Strong Passwords
- Use Two-Factor Authentication
- Guard Against Phishing Attacks
- Backup your data!
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 11 Dec 2017
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: [FIN] Is This the End of Siri and Alexa? |
The Top Twenty |
Next Article: [IFTTT] Here's Your Personal Virtual Robot |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Most Dangerous Security Threats of 2018? (Posted: 11 Dec 2017)
Source: https://askbobrankin.com/most_dangerous_security_threats_of_2018.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Most Dangerous Security Threats of 2018?"
Posted by:
Lucy
11 Dec 2017
BOB.
Now, toward the end of the year, is a good time for my family to express our thanks to you.
Almost every article you post relates to something we do, or should be doing, to keep our information as safe as we possibly can. And to teach us the what, why, where and how of I.T.
It took a long time before I realized the importance of backing up the home computer. Indeed, probably like many others, it took the loss of something to get back ups done on a regular basis.
Merry Christmas, Happy Holidays and a Prosperous and Safe New Year to you and your family, your staff, and all your readers.
Posted by:
Jay R
11 Dec 2017
Allow me to echo Lucy's sentiments.
Posted by:
Marilyn
11 Dec 2017
I learn something new from you all the time. I'm not that tech savvy but am better than most of my family and you help me to continue to learn. Thanks so much.
One quick comment on this post the breach was Equifax, not Experian.
EDITOR'S NOTE: Thanks, fixed now!
Posted by:
charles
11 Dec 2017
You sure create a number of possibilities for one to ponder.
Posted by:
Linda
11 Dec 2017
I use Carbonite backup and do backups on two external drives and even keep one away from the house. I am just a home user, but just cannot lose things I have collected on here in 25 years of computer use.
Posted by:
JP
11 Dec 2017
The Mecklenburg County (NC) government servers were hit by a ransomware attack last week when an employee opened an infected attachment in an email. The County refused to pay the $23,000 ransom to get its data back. From what I've read, it doesn't sound like there was a current backup, if any.
http://www.charlotteobserver.com/news/local/article188310224.html
Posted by:
Stu Berg
11 Dec 2017
Ever since ransomware became so prevalent, I'm using RansomFree by Cyberreason (https://ransomfree.cybereason.com/) in addition to my anti-virus and anti-malware software. It only prevents all ransomwarte, not viruses. I like it because it's very unobtrusive, is highly rated, and is FREE!
Posted by:
RichF
11 Dec 2017
After reading the link to the hacking of the Amazon Key, I'm just wondering how many people jumped onto the bandwagon and installed it.
Posted by:
Kathy
11 Dec 2017
I am wondering what we can or should do about passwords to websites that we used in the past but do not use any more. Do these pose a threat?
Posted by:
Jeri
11 Dec 2017
Hey Bob,
Merry Christmas! Enjoy your Tennis Lesson!
Posted by:
Rich
12 Dec 2017
I continue to use (with acknowledgement of course) your great advice in my monthly newsletter for seniors. Many thanks as usual. Rich
Posted by:
bb
12 Dec 2017
Microsoft added new ransomeware protection in the Fall Creators Update, Windows 10 v1709. Called "Controlled folder access" is it *off* by default. It is off by default because it may break programs from accessing your files and users should know about it first if breakage happens.
It currently a bit hard to find: Click Settings, Update and Security, Windows Defender, then Open Windows Defender Security Center. Click Virus & threat protection, Virus & threat protection settings, and scroll down to "Controlled folder access." Turn it on (or off if it doesn't work for you.)
When on, only permitted programs or apps will be allowed to access your user files; which should stop un-autorized programs like ransomeware touching them. MS notes, Most of your apps will be allowed by Controlled folder access without having to add them to the list. You can add additional folders to be protected if they are not under the traditional c:/users// folder structure.
Posted by:
SharonH
12 Dec 2017
Bob, you rock! Can't thank you enough for all you do keeping us up-to-date and safe. May you have the happiest of holidays.
As far as security problems, making sure we continue to backup often and have more than one way to do so is the key. There are some elderly folks in our tech club and some don't even know how or why to backup--seriously. These are the folks who are prime targets for these criminals. One woman had to pay $350 to get her files back.
Speaking of which, I thought that Equifax got off easy, considering the extent of their damage. Also the way they sat on it (and some of their top guys'behavior) still causes me to wonder what exactly went on.
To Kathy above: Very good question. In this day and age, I would consider every and any website a potential threat. It's a shame the Internet has reached this point :(
Posted by:
RandiO
12 Dec 2017
To be more precise, I am inclined to think that the biggest security threat, which will continue to confront us, stems from our inadequate understanding and careless usage of technology. We played with thermometer mercury as little kids but we was way ignoramous then!
Maybe Mr. Rankin should have used the word "Us" rather than "You"; as I take that finger-pointing personal and as an insult.
EDITOR'S NOTE: Let's compromise, how about y'all? :-)
Posted by:
Brian
12 Dec 2017
Bob, you really do absolutely rock! Thank you so much for all you do by freely sharing your knowledge with those of us less technically gifted. I love learning new things and your newsletters have proved a gold mine of learning.
Thank you again and I wish you and yours a very Merry Christmas and a Happy and Prosperous New Year.
:-)