In the world of cybersecurity, a new year also brings the usual flurry of "predictions". Everyone races to get their unique predictions published. Some predictions are very insightful but sadly, many simply perpetuate the fear, uncertainty and doubt that is already out there, they don't give a reader anywhere to go.
So here's my take on some of these common "predictions":
1. Threats are "increasing" and becoming "more sophisticated": There may be more threats based on more systems that are accessible and being monitored but a vast majority of the phishing emails that deliver these exploits are not "sophisticated".
Perhaps save this overused word for exploits that are at a truly innovative level of sophistication. What's important is to understand what threats are out-there and what your organisation can do to prevent or manage these. Phishing emails are commonplace and are here to stay so it is important to know what to look out for and to think before you click.
2. Cybercrime is "becoming more innovative": Like some cyberthreats, cybercrime by its very nature can be innovative. That's because criminals know that it can be hard to get valuable things and they invest time working out how to steal valuable information.
In addition to this, the tools to carry out all sorts of cybercrime are more freely available. Criminal enterprises can amass vast sums of money with a laptop and connectivity. But a vast majority of cybercrime isn't "innovative".
Sadly, a vast majority of cybercrime exploits human vulnerabilities like the urge to click on links and open malicious attachments or open an email purporting to come from a colleague or friend. Just as we protect ourselves and our organisations from real world criminal threats- we need to do the same for cyber security.
3. Breaches are going to get worse: This is a bit of a variant of the first two 'predictions'. Breaches will certainly continue but whether they will get 'worse' is still up for debate. They may change but this is in part due to the hacker's intentions.
It's possible we will see both hacks and attacks. A hacker will work to steal data but will also intend to manipulate or destroy data. This is a prediction that I don't think is far-fetched. The spike in crypto locker malware - and the fact that people do pay for the return of their encrypted data, suggests that there's a market for this kind of cybercrime.
While there's no silver bullet that provides 100 percent security, it's critically important that you know who is protecting your data and that it is well protected- this will go some way to protecting it from a hacker who has the intention not only to steal your data but also disrupt your network.
It's important to remember that the threat environment is a given. It's noisy and there are lots of low level threats out there - but it's best not to be distracted by this. Follow your valuable data, know who has access, where it is across the globe, who is protecting it and how well it is protected.
My prediction for 2016 is that awareness of the role people play in keeping cyber threats at bay remains key.
Cyber security is as much a people issue as a technical one. Phishing emails will continue to come thick and fast largely because they are a very successful way of compromising an organisation. The best defence is you.
Slow down and think before you click, the human firewall is a critical defence against most cyber threats.
For more security advice go to Telstra Exchange.
Get some insights from the Telstra Cyber Security Report 2016 in the video below.