Expect 2017 Cyber-Attacks To Far Surpass 2016 In Damage, Frequency

HSBC, security, hacking

ANALYSIS: Constant bad news about Russian hacking and the increasing prevalence of ransomware made 2016 an IT security disaster… but 2017 will be worse

Unfortunately, it takes very little in the way of resources to set up Distributed Denial of Service Attack, especially now that entrepreneurs are renting out botnets by the hour. These attacks that are increasingly launched from the Internet of things are extremely difficult to counter and nearly impossible to defend against. 

While there are ways to mitigate such attacks, usually by using cloud-based anti-DDoS services, the arrangements have to be made in advance of an attack if they’re to be most effective. 

Not that many companies are willing or able to spend money to prepare defenses when an attack hasn’t taken place. 

Hacker, cyber crime, anonymous © gualtiero boffi, Shutterstock 2014

Worse than DDoS 

But there are worse things than a DDoS attack, if only because they end eventually. Another rapidly growing trend facing the enterprise are corporate ransomware attacks in which critical business data is encrypted and held for ransom until the victim pays up, usually to the tune of tens of thousands of dollars.  

Such attacks are becoming more frequent and some companies have been willing to pay up to get their data back. But it gets worse. 

The latest ransom attacks have combined the loss of access to online corporate data via a DDoS attack and coupled it with the ransom like you’d find in a ransomware attack and the attack will continue until the victim pays the ransom. 

For good measure, they may also encrypt corporate records just so that anti-DDoS services become pointless. All of this assumes that the person or cyber-criminal group holding a business for ransom actually provides the decryption key and that it works.  

What’s becoming more common is that the ransom is paid and the key doesn’t work. Or that the criminals never send a decryption key and the victim has lost their data and money. 

What can you do? 

Those attacks are just what we already know is coming and that’s bad enough. What’s not obvious is what will be the targets of future cyber-attack targets and what new attack strategies will emerge. 

Unfortunately cyber-criminals have seen that the current level of security at most organizations is pretty lame. This means that they are free to attack at will and hold pretty much anyone or anything for ransom. 

How long do you suppose it will be until we see that the White House website encrypted and held for ransom? How long before the National Security Agency is successfully hit with an attack that causes serious damage? I don’t know the answers to those questions, but I think such attacks are possible right now. 

So what can you do? If you don’t already have everything in place to fight defend against cyber-attacks then you’re running on borrowed time.

Whatever tactics the next debilitating cyber-attack apply, you can assume that the bad guys will try out their weapons on business before they attack the government. The attacks may have already begun and you may not have heard about them because the victims are afraid to speak out. 

But now’s the time to start religiously backing up your data, to confirm that you can recover it and to make sure that you have storage in the cloud that you can also use for recovery. Then you need to be prepared to abandon your data center and bring up a new one so you can continue your business while you recover from the original attack. 

These measure aren’t going to be easy or cheap. But all you can do is to be prepared for anything and hope that’s enough. 

 Originally published on eWeek