December 12, 2012 – the day that’s fated to be the ‘end of the world’. Humbug? Whatever your opinion on the Mayan prophecies, there are more important causes for concern this year that should get you brooding – particularly in the world of cybercrime.
So let’s take a look at a few predictions which are more likely to hit the mark:
1. Social Networks
Social networks are malware creators’ field of opportunity. Why? Think about it, social media users share information (sometimes too personal) with their ‘friends’ and click on their friend’s posts and links without the slightest suspicion that that link might be malicious. They don’t see the link; they see who posted it and associate it with him/her – a friend they trust. This is just what hackers want – victims delivered on a silver platter. There are various methods of stealing social networking logins, gain access and then use these trusted profiles to send spam email and share other malicious content. We’ve already seen this happen in 2011 with the Ramnit virus which was used to steal 45,000 passwords, and it will surely be used more often. Social network details will be sold in the online black market, and will become a much sought-after resource leading to more and more attacks.
On the same lines, celebrity Twitter accounts will also become lucrative targets. With millions of followers, a compromised account could result in millions of victims in a few hours. Lady Gaga was the notorious target in 2011. Who will it be in 2012?
2. Social Engineering
Highly targeted social engineering will remain hackers’ top method of attack. Malware creators will design new and highly targeted techniques which will win them their victims’ trust and guide them into giving the information they’re after. We can expect variants of existing techniques to flourish as well.
3. Mobile Malware
What about your mobile device? With so many smartphones around (especially in the business sphere – where people are using these phones to check their work mail even when outside the office), this is a brilliant opportunity for malicious individuals to get information from their victims. And to add insult to injury, few mobile users are aware of the threats. They tend to install any app without reviewing permissions or the small print (or lack of it), making it so easy for rogue apps to make it onto their device. There’s definitely going to be more news of adware, spyware and other malware targeting mobile devices this year!
4. Topical News
And once we’re at it, the end of the world predictions (and with it, the Mayan calendar), the London Olympics, the elections in the US, and any other major events will definitely be used to spread more malicious attacks.
How can you prevent these threats from turning 2012 into a year that will mark the end of the world for your business?
The first and most important step is to educate your employees. You can invest in the best security software and control most of what goes on in your infrastructure, but what about what happens outside work? Who is going to stop an employee from giving out confidential information to malicious sites whilst working from home? Your employees need to understand the danger and they need to know how to distinguish phishing and malicious mail from genuine email, malicious URLs and downloads from the real thing and so on.
One way to educate employees is for the IT department and Human Resources to work together to create an acceptable use policy which employees can refer to. Not only will this document clearly state what is acceptable or not, but it will help employees to understand what threats exist and how their actions can cause problems for the company and for themselves.
The next step: do not believe that every employee is going to follow policy to the letter or do everything right. You need to complement education with an investment in the right security tools. Even the most cautious of employees can be misled by websites that appear to be genuine. Protect your corporate network by investing in good web monitoring, web filtering, and web security solutions; suggest to your employees to invest in a good anti-virus solution for their phones; and if those phones are sanctioned by the company, make sure you have the tools in place to implement security and protect the network. Also invest in a comprehensive email security solution.
Are you seeing any other forms of cybercrime making the headlines this year? Leave us a comment and let us know!