2017 predictions for Information Security and Cyberattacks.
People are and will continue to be the Weakest Link!
Because most organizations only provide annual information security training and because most deliver the awareness training for the wrong reasons (one or more state/federal compliance requirements), they are not really addressing their weakest link – People’s lack of ongoing awareness. Annual compliance training efforts are not actually addressing the weakest link because people cannot, and do not remember a training session for the next 364 days. If people think the awareness training is just for compliance, they will continue to just get through it and not pay attention to the awareness training for the right reasons. C-Level and Board Members must understand it is their obligation is to deliver the right awareness and ongoing information security awareness training/reminders their people need for the other 364 days of the year after their annual required compliance training is completed.
Connecting the Dots… Hackers will continue to take advantage of people’s lack of awareness and incompetence from C-Level down in 2017!
Endpoint Security is focused on devices! (yet they are not the actual endpoint)
The Endpoint Security market is estimated to be over $12B in 2016 and over $17B by 2020 and Endpoint Security is focused on devices. In 2017, CIOs, CFOs, CEOs must realize the “real endpoint” is their people.
Connecting the Dots… One of many examples where CIOs and C-Level people are spending (wasting) a lot of money on Information Technology products that do not address their weakest link – people.
Spear Phishing and Phishing are top hacking threats!
In 2017, Department of Homeland Security Secretary Jeb Johnson recently cited Spear Phishing would be the top hacking threat going forward and went on to say:
“The most devastating attacks by the most sophisticated hackers almost always begin with simple act of spear phishing”.
Connecting the Dots… Hackers will continue to Spear Phish people in 2017 and execute sophisticated attacks as long as C-Level people fail to provide the right awareness and the ongoing awareness people need.
It does not matter how sophisticated the “hackers” are if they do not get inside your network!
In 2017 we will see article after article, from expert after expert, blogging and talking about state sponsored hackers (Russia and China and others) and how their attacks are increasingly more sophisticated. The truth is, if your people have the right awareness and do not get phished and tricked into clicking on infected web links, or opening infected attachments that allow the hackers to get inside your network, it does not matter how sophisticated the hackers are!
Connecting the Dots… Hackers will continue to get inside your network until all people connected to your network (employees, contractors, vendors, third-party service providers, etc.) have the right awareness and ongoing awareness to not get phished or tricked and let hackers in.
Information Security Technology solutions are like a bad addiction!
The list of symptoms for an addiction often includes behaviors such as taking more and more of a substance, ongoing desires to cover up weakness, failing to fulfill obligations as a result of continued use, developing a tolerance to consequences, and other behaviors. An addiction is happening with CIOs as they are buying more and more Information Security Technology products with desires to cover up weaknesses and they are failing to fulfill obligations as a result of continued use. In 2017, CIOs, CFOs, and CEOs must “acknowledge their addiction problem”, be honest about addressing the core problems, be open to doing the right things to improve their information security efforts, and eliminate their weakest links.
Connecting the Dots… It does not matter how much Information Security Technology you buy, it only takes one person who lacks the right awareness and ongoing awareness to click on an infected web link or open and infected attachment and that Information Security Technology “high” comes crashing down.
Business E-mail Compromise, Ransomware, and more!
Business E-mail Compromise attacks take advantage of business executives lacking awareness and being tricked into wiring money to overseas accounts and this is costing organizations billions of dollars.
Ransomware is surging and the FBI says there are 4,000 ransomware attacks per day, a quadrupling of such attacks in just one year. And it has been reported that 93% of phishing attacks contain ransomware and the “ransom” costs to organizations are soaring.
Connecting the Dots… Hackers will continue to succeed with Business E-mail Compromise and Ransomware attacks as long as C-Level people fail to provide the right awareness and the ongoing awareness all people need. (executives too)
If you want to eliminate incompetence and learn more about the right awareness solution for 2017 and beyond, click here.
If you still have questions, do not understand, or did not click on the right security awareness solution link above… you need to re-read this blog again and again until you realize “People are and will continue to be the Weakest Link!” which is why you need to implement the right awareness solution for your people.