By Greg Mosher, Avast’s VP of Engineering
As fast as cybercriminals adapt to work their way around security defenses, new techniques and tactics for preventing hacks, infections and data breaches come into play. While the size of the average data breach increased by nearly 2% last year, the global average cost is down 10% on previous years to $3.62million – and by keeping up with the latest cybersecurity updates, businesses can help to keep that number falling.
Certain weaknesses and challenges are likely to come into play for all businesses if they haven’t already. But there are new trends set to help fight cybercrime, and a few key facts to remember this year.
1. The Internet of Things increases vulnerability
The growing trend for internet-connected devices is showing no sign of slowing, with everything from TVs to refrigerators getting hooked up to the web. But the Internet of Things is a serious weak point in online defenses, with smart devices often not made with even the most basic security features. An estimated 8.4 billion ‘things’ are now connected to the internet worldwide, and while this level of connectivity comes with plenty of benefits, it also brings increased cybersecurity risks.
Many connected ‘things’ – such as security cameras and baby monitors – are left to rely on default passwords that grant hackers easy access. Those that aren’t left on default passwords are often still woefully under-defended and easily accessed by hackers looking to create Botnets and carry out huge spam attacks.
Listed by security provider AVG as one of the top 10 points of entry for hackers to access your network, the Internet of Things is not just a problem in the sense that devices can be used to form attack networks or for hackers to co-opt devices for their computing power, it’s also possible to access private information or simply cause a nuisance.
That means devices like security cameras can be viewed and switched off, posing serious physical security risks as well as digital ones. In January 2017, hackers locked a dozen guests out of their rooms at the lakeside Alpine hotel in Austria after accessing the electronic key system, holding the hotel’s managing director to ransom.
As the mobile office and IoT becomes increasingly prevalent in day-to-day life, the need to find ways to secure the Internet of Things is only going to increase for SMBs and their staff.
2. AI and machine learning can boost cyber defenses
Cybercriminals move quickly, and machine learning grants us the ability to predict and accurately identify attacks faster than ever before so that we can keep up. A recent survey by Avast Business found that 46% of respondents were worried about problems with Artificial Intelligence affecting their security, but the reality is that AI and machine learning are fast becoming a crucial tool for cybersecurity.
A prime example of this can be seen in PayPal. To increase its cybersecurity, PayPal now uses ‘deep learning’ AI to spot possible fraudulent activity in customer accounts. Users who might have fallen victim to phishing scams can be protected thanks to detailed, real-time behavior analysis by artificial intelligence systems. Many other companies are also beginning to implement similar techniques.
The key obstacle stopping widespread acceptance of AI is that, in theory, any computer system can be compromised. Super intelligent machine learning can outrun the criminals, but if they catch up, many fear that the damage that could be done with a hacked super AI could be far worse than anything that has come before. Machine learning can absolutely assist in improving security classifications, recommendations, and reinforcements. Network traffic analysis, intrusion detection, database firewalls, and anti-malware layers can all be strengthened through the use of machine learning – something that can protect a lot of data and save a lot of money.
3. Worms may begin to outrank other forms of malware
Some of 2017’s major cybersecurity headlines were the result of WannaCry and Trickbot – a pair of attacks which both used worm functionality to spread malware and cause almost immeasurable damage. This kind of malware tactic can affect a huge number of victims in very little time, which is why an increasing number of malware families are expected to attempt this technique throughout 2018 and beyond.
In 2017 a new type of malware emerged every 4.2 seconds, and in the past worms have been some of the most destructive infections – the infamous ILOVEYOU worm successfully infected 10% of the worlds internet-connected computers in less than ten days.
Worms are much like viruses in that they replicate copies of themselves but differ in their ability to execute and propagate without a host program or human help. They can be defended against using locked down firewalls and other security measures that are nothing out of the ordinary, but without these in place, systems lie open to major corruptions and data loss.
Total defense and security can feel impossible but making sure that the basics are in place will greatly lower the risk of a hack or infection. To help establish this way of thinking, SMBs should develop a security mantra to make sure that their business is prepared to tackle new threats. Simple protections that are often forgotten, such always updating software with the latest patches, installing a reputable anti-virus and keeping it up to date and ensuring employees get regular security training are the most effective way to minimize the risk of worms, trojans and other malicious programs from reaching your businesses’ computers and devices.
About the Author
As Avast’s VP of Engineering, Greg Mosher leads product management and R&D for all Avast Business products. Greg brings nearly 20 years of experience in the anti-malware industry, starting in the early 90s when he created his first antivirus engine as both developer and researcher.