As we close the door on 2017, it is time to look back on a year in which data thefts and ransomware attacks touched the lives of millions of people across the globe. 2017 was an excellent year for criminals and hackers, which means that for web hosting clients and users, 2017 could have been better.
Looking back is only valuable if we use what we’ve learned to plan for the future. Emboldened by their successes, criminals will redouble their efforts in 2018, so everyone who does business online needs to be ready. In this article, we’re going to take a look at four security-related topics we think you should be thinking about as we head into 2018.
Historically, ransomware has spread by phishing and other social engineering attacks, but some of the biggest ransomware attacks of 2017 used worms to propagate their malware. The effect was devastating, with government agencies and healthcare organizations disrupted for days at a time.
Cerba, WannaCry, Petya, NotPetya — even non-technical news readers have heard those names, and we’ll be hearing more from them and their descendants in 2018. Ransomware is a big money spinner for organized crime, and we can expect attacks of increasing sophistication.
One of the most worrying trends of 2018 will be the further spread of Ransomware-as-a-Service platforms. Not content with making money from the attacks, ransomware authors are selling “kits” that allow anyone to run a ransomware campaign.
The best defenses against ransomware are up-to-date software and comprehensive backups.
The EU’s General Data Protection Regulation (GDPR) comes into force in 2018, and it looks like many organizations aren’t ready. If you do business in the EU or handle the data of EU citizens, you have until 25th May to comply.
GDPR stipulates what businesses can do with the data of EU citizens, data privacy rules, and that companies are required to get the consent of users in advance. The regulations are likely to have a major impact on data storage and processing, so, if you haven’t already, now is the time to begin preparing. Read this 12 step checklist to begin taking action now.
DDoS attacks have been overshadowed by ransomware in 2017, but that doesn’t mean there has been any reduction in the ferocity of distributed denial of service attacks.
DDoS attackers have enthusiastically embraced the Internet of Things, co-opting tens of thousands of phones, IP cameras, and other connected devices into huge botnets capable of generating massive floods of data. Difficult to block attacks like those that send data through SSL encrypted connections are on the rise.
In 2018, DDoS protection will be vital for anyone who relies on their site, store or application to generate revenue.
Lack Of Technical Expertise
Most online criminals are not masterminds or genius developers. They use automated bots and cookie-cutter vulnerabilities to compromise sites, stores, and applications – vulnerabilities that have often been patched months previously. In some cases, developers, agencies, and site owners leave the doors wide open, as was the case with the multiple data thefts from MongoDB databases.