A new report finds hackers are poised to target small businesses that use Internet of Things (IoT) technology to gain access to data from larger global firms in 2018. The 2018 Cybersecurity Predictions by Aon’s Cyber Solutions predicts a small business Internet of Things (IoT) breach will create a domino effect that damages a larger company.
2018 Cybersecurity Predictions
The report also found that while 55 percent of small businesses were breached between 2015 and 2016, only a small minority see cybersecurity as a critical issue. This is despite the fact that the overall money spent on cybersecurity in 2017 was $86.4 billion, an increase of 7 percent over 2016.
The Internet of Things (IoT) is at heart of this new threat. It’s loosely defined as all software enabled devices we use (from appliances to smartphone sand computers) that can exchange data.
Criminals hijacked hundreds of thousands of Internet of Things (IoT) devices worldwide in 2017. They’ve even fine tuned social engineering and spear-phishing tactics according to the report.
Jason J. Hogg, CEO of Aon Cyber Solutions explains the looming threat as small businesses use this technology.
“IoT is notoriously unsecured: manufacturers often lack necessary security expertise, constant product innovation creates vulnerabilities, and companies frequently overlook proper patch management programs. Hackers exploit this reality, targeting IoT as a pivot point to enter systems and take control of physical operations.”
The report found that hackers favored botnets like “Hajime” and “IoT_reaper” last year. The growing trend caused concerns about DDoS attacks and other issues. DDoS attacks occur when hackers flood servers with bogus data and websites and networks get shut down.
Any attack can really harm a small businesses’ operations as well as a larger organization. There’s always a high cost to having your business shut down for any amount of time. What’s more, there’s lasting reputational damage because these smaller firms are working more and more with big organizations that have a large reach.
Hogg also says there are some other reasons why small businesses are ripe for this new Internet of Things (IoT) cybersecurity threat.
“Small businesses, lacking resources and/or awareness to effectively secure their systems, are particularly vulnerable to cyber attacks on IoT,” he says. “The breach will serve as a wake-up call for small and midsized businesses to implement better security measures so as not to risk losing business.”
The report also predicts passwords will continue to be hacked. Multifactor authentication will become critical as hackers learn to get around biometrics. Larger businesses will adopt standalone cyber insurance policies and chief risk officers will play a larger role.
The report also sees the spotlight on regulation strengthening and widening as calls for a harmonized approach to cyber security get more intense. It points to the EU’s attempt to set a universal standard for consumer data privacy and Global Data Protection Regulation (GDPR), that oversees companies collecting data from EU citizens.
Criminals will also target transactions that use points as currency like retailers who use rewards, gift and loyalty programs. The use of cryptocurrencies will encourage an increase in ransomware attacks in 2018 like the WannaCry ransomware that affected 200,000 computers in 150 countries in 2017.