2017: Cybersecurity New Year’s resolution

Many of us have just set New Year’s resolutions, usually committing ourselves to a yearlong gym membership that is often abandoned within weeks or promising to partake in a ‘dry January’ which is jilted even quicker. 

But when it comes to keeping our cybersecurity needs in order, it should be a resolution that we really stick to throughout this year especially for CIOs and CISOs. 2016 saw some of the most well-established and public facing companies as the target of cyber criminals attacks, the most notable being the Yahoo hack.

These were among just a few of a staggering 1.6 billion data breaches that took place in 2016. Last year also saw some of the largest DDoS attacks on record, with attacks in some instances topping 1 Tbps - and there is no sign of slowing. 

In 2015, the largest attacks on record were in the 600 Gbps range. Now, only two years later, we can expect to see DDoS attacks grow in size which further fuels the need to tailor solutions to protect against and mitigate against these grand scale attacks which have been apparent throughout the year. 

We can only expect to see more relentless and hard hitting attacks in 2017, so thorough precautions must be taken. The most notorious DDoS attack of 2016 was the Dyn attack, which made major Internet platforms and services unavailable to large swathes of users in Europe and North America. 

The reality is that we need to brace ourselves for an even higher magnitude of cyber-attacks in 2017, hence the need for cybersecurity New Year’s resolutions. Effective cyber defence requires paying attention to the technologies that are available and using them in the way they are supposed to be used. 

Companies that take this approach will construct effective barriers, meaning hackers will go elsewhere and find an easier target to attack. So what are some of the most pertinent threats in 2017 and what can be done to protect organisations and individuals? Ransomware saw rapid expansion in 2016, and this type of cybercrime will develop into more sophisticated types of extortion that add social engineering to the mix. 

We will also see the emergence of the DDoS of Things (DoT) as an attack method, which means we need to really tighten up our security protocols. BYOD and IOT are both emerging trends which pose problems to individuals and organisations. The continued proliferation of devices and the associated attacks will confound CSOs and help threat actors propagate their malicious activity at greater scale. 

In 2017, we’ll see the emergence of the DDoS of Things (DoT) as the attack method. By abstracting the devices and the malware they create, we dig into the root of the problem: the outcome, which, in this case, is a colossal DDoS attack. As the DoT continues to reach critical mass, device manufactures must change their behaviour to help curb it. 

They must scrap default passwords and either assign unique credentials to each device or apply modern password configuration techniques for the end user during setup. These developments highlight the fact that criminals are becoming more complex and scaling up their attacks. Despite this, two of the fundamental issues that allow these breaches to take place are the fact that businesses are unwilling to spend out on necessary security and prioritise and that there is a lack of education among the public when it comes to cybersecurity.

With new European laws coming into force in 2017, companies should feel more inclined to consider security precautions as a priority. But crucially, by giving cybersecurity the attention it deserves and investing in well-managed security controls, damage control won’t be necessary. Organisations also have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches.

Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, but ultimately protection systems need to be put in place to keep hackers out. As employees are an organisation’s greatest tools, the way they contribute to securing the company should also be well-managed. 

CIOs and CISOs should make it a New Year’s resolution to ensure staff have the knowledge, tools and ability to keep themselves and the organisation safe from the myriad of threats that are looking to jump over low barriers or get through chinks in the security armour.

With organisations and individuals facing so many threats in 2017 - including IoT, DDoS, BYOD and ransomware - it is clear that we all need to be more aware of the threats we face. In order to protect our individual data and to keep organisation’s safe and secure it should be a New Year’s resolution to become more personally aware and to invest more in all aspects of security. 

We should all approach 2017 with an enlightened view towards cybersecurity. And hopefully the focus on cybersecurity will last longer than the commitment to the gym or an attempt at a ‘dry January’.

Mike Hemes, regional director of Western Europe at A10 Networks

Image source: Shutterstock/deepadesigns