Despite their small size and the common misconception by SME owners that they are not at risk from cyber threats, the reality is very different. It is because of their size and smaller budgets that make them a popular target for criminals. So what are the threats to SMEs in 2017 likely to be?
As we have seen, 2016 was the Year of Ransomware and it is unlikely to change significantly next year. Enterprise-targeted ransomware attacks have become mainstream and will continue to be a major threat, while new methods of attack may include exploiting vulnerable web servers as an entry point to gain access into an organisation's network. Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code will also pose a significant threat. We also expect Mobile ransomware to continue to grow.
Internet of Things (IoT)
The IoT encompasses thousands of types of devices in every industry. IoT should be thought as networks of devices enabling and offering services, many of which are cloud-based. The threat is multifaceted; ranging from ransomware to cloud. IoT devices will also be useful attack vectors into control, surveillance, and information systems, as seen with the recent Mirai malware.
During the past few years, the rapidly growing use of cloud services and an increase of new devices are challenging traditional methods of protecting everything digital. Increasing amounts of sensitive data and business-critical processes are shifting to public and hybrid clouds. Attackers are adapting to this shift and will seeks to attack cloud infrastructure.
BEC & BPC
Simple-but-effective Business Email Compromise (BEC) attacks will continue to grow, while we will begin to see more hard-hitting Business Process Compromise (BPC) attacks like the US$81-million Bangladesh Bank heist.
Third parties such as vendors and contractors pose a risk to companies. Most have no secure system or dedicated team in place to manage these third-party employees. High-profile breaches of US chains Wendy’s and Target illustrate how cyber criminals have become increasingly sophisticated.
General Data Protection Regulation
European adoption of the General Data Protection Regulation (GDPR) in 2018 will mean a change of processes to comply. They comprise: