In 2016 it was revealed that personal data from 2.7 billion user accounts at major companies such as Yahoo, Dropbox, MySpace, and LinkedIn, were put at risk as a result of security breaches. That’s the equivalent to more than every single Facebook account being compromised. There is a concern, highlighted by the National Institute of Standards and Technology (NIST) that majority of the typical computer users experience security due to the frequency of the large-scale hacks which leaves people feeling helpless in the face of multiple incidents.
Data breaches are detrimental for both the business and the customer. Personal data is public domain, reputations and brands can be negatively impacted, and businesses can experience financial repercussions. Even though hacks have been so prolific throughout 2016, a recent study revealed that 61 per cent of people continue to reuse their passwords across accounts, even though 91 per cent are aware that it’s a risk. Indeed, password reuse only added to the scale of leaked data in 2016. If one account is compromised, there’s a knock on effect whereby all other accounts that use the same password also become vulnerable. By using unique passwords for all your accounts you ensure that if they’re leaked in a breach, hackers can’t use them to get into any of your other accounts.
In light of this, we’ve put together the key trends which will re-shape how attitudes towards security will be redefined in 2017.
1 - Small businesses will be just as attractive to hackers as large corporations
While big corporation security breaches dominated the headlines in 2016, small businesses will be just as much of a target to hackers next year, if not more so. A smaller business can find it harder than large companies to repair the damage if their data is compromised. Furthermore, financial repercussions will often hit them harder. The latest Government Security Breaches Survey found that over half (51 per cent) of medium-sized organisations reported a security breach in the last year; an increase on previous year. SMEs are now being pinpointed by digital attackers. The same survey found that only 22 per cent of small and 38 per cent of medium businesses have trained their staff in the past 12 months. As a result of this we’ll likely see an increase before we see a decrease in cyber-attacks. It’s in SME’s best interest to invest in cyber security trainings, particularly around the dangers of re-using passwords across accounts and how to spot phishing attempts.
To stay ahead, businesses must invest in tools that align with the realities and working styles of the modern worker and work environment. They must implement systems that provide secure, user-friendly authentication, using providers that specialise in providing security for today’s workforce. The use of a password manager that’s designed for small teams of people, such as LastPass Teams, is a great way to begin protecting your company and its future.
2 - A new target for cybercriminals: wearable devices
Wearables present a great way to motivate people to interact more with the world around them, but they also pose a growing security risk. ABI Research predicts an estimated 780 million wearable devices will be in use by 2019 – that’s about one wearable for every 10 people in the world. Wearables, especially in densely populated areas, will become a target-rich environment for attacks because they collect personal data and are relatively insecure entry points, with few vendors building even standard security features to protect user privacy.
Companies must begin building these devices from the ground up with security in mind, rather than it being an afterthought. Plus, many enterprises are just now implementing mobile strategies and policies – and wearables must be a part of that decision.
3 - A shift towards an offensive cybersecurity stance for government entities and corporations
The government and enterprises will increase their efforts to enhance cybersecurity and combat cybercrime. As users become more aware of online threats, attackers will react by developing sophisticated, personalised schemes to target individuals and corporations. We can expect to see continued dialog on the national level as well as legislation to create a global cyber-defence model. We can also expect to see regulation of device production and usage, and the increasing addition of cybersecurity officers within enterprises. Governments and corporations that do not prioritise security will find themselves unprepared in the face of increasing threats, and citizens will suffer as a result.
4 - More universal adoption of two-factor authentication
The tech industry needs to win back the trust of its consumers by rethinking some of its most established practices around security, identity, and access management. Two-factor authentication (2FA) is one of the most straightforward and secure forms of safety measures currently available, and 2016 has seen an increase in user-friendly, portable options that general consumers can take advantage of. It adds an extra step to your basic log-in procedure to make it more secure. 2FA protects user credentials from password guessing software, eliminates the collateral damage from successful phishing attempts, and adds protection for consumers.
We expect to see more organisations implementing 2FA and managing their 2FA centrally as part of their dedicated security policies, as well as more consumers adopting 2FA for the services and websites they rely on.
5 - Everyone has the means to protect their passwords available to them
2017 will see a shift towards mass adoption of password managers as more people become concerned with protecting their data. Eliminating password reuse and weak passwords is a must. People will look towards password managers to store and encrypt their passwords so they don’t need to rely on their brains or worry about breaking the bank.
There’s no doubt that businesses and consumers will suffer from escalating breaches across all industries in 2017. With companies moving to cloud services to share and host information, anyone in the business of handling consumer or corporate data must harden their systems against data breaches. Businesses must make the safe storage of consumer records a priority, employing best practices in encrypting and hashing consumer records. Those who do not will not only suffer financial losses but will struggle with the impact on reputation and brand.
Joe Siegrist, VP and GM, LastPass
Image source: Shutterstock/deepadesigns