In 1899, the British scientist, William Thomson, Lord Kelvin, opined that “radio has no future, heavier-than-air flying machines are impossible, [and] X-rays will prove to be a hoax.” Lord Kelvin was not the only “expert” in the past 150 years to have made predictions that were famously wide of the mark. This suggests that expert predictions, particularly those that originate from only one individual, should be taken with a grain of salt.
Opinions that are supported by a broader group of industry participants tend to have more believablity. Predictions from people in the cybersecurity industry, for example, are coming together around the more likely cybersecurity threats that businesses are likely to face in 2017.
Ransomware and Cyberextortion
The FBI estimated that ransomware attacks, in which a business’s information systems are hacked and held hostage pending payment, grew to a $1 billion criminal enterprise in 2016. An IBM study revealed that 70% of all businesses attacked by ransomware paid anywhere from $20,000 to $50,000 to recover their IT operations. Hackers are increasingly aware that businesses in healthcare and other industries that have mission-critical applications in their information technology systems typically cannot afford to lose access to those systems for any amount of time. Given the increasingly lucrative nature of this cybersecurity threat, it is at the top of most prediction lists for the coming year.
IoT Hacking
The growth of the Internet of Things (IoT) industry has created a world of connected devices, and all of those devices are prime targets for hackers who are harnessing them for distributed denial of service (DDoS) and other cyberattacks. One of the more troublesome threats that cybersecurity experts are watching is the prospect of Permanent Denial of Service (PDoS) attacks that hijack and destroy a connected device’s firmware. PDoS attacks can theoretically open a network to other hacking attacks as a company’s IT department is distracted with bringing IoT devices back online.
Internal Threats
Companies are facing growing cybersecurity problems as a result of employees’ careless use of social media and employee connections into corporate networks with remote devices. These threats can be managed with improved employee training and awareness of risks, but younger employees who have come of age in an interconnected world frequently overlook or ignore employers’ cybersecurity protections, particularly if they are inconvenient or cumbersome.
State-Sponsored Cyberattacks
The final part of the 2016 presidential election was rife with news stories about Russia’s purported hacking of the United States election process. The veracity of those stories will be debated for many years, but a few observers agree that foreign state-sponsored cyberattacks are a valid and growing threat in 2017. To the extent that a coordinated, large-scale cyberattack will require substantial resources that may be available only at a state-sponsored level, this scenario is not as far-fetched as it might originally appear to be.
Squirrels
Nobody is saying that squirrels are sitting at their own computer screens and launching cyberattacks, but since 2013, almost 900 electrical grid failures have been attributed to squirrels and other vermin that chew through wires and into transformers. This suggests that the nation’s electronic infrastructure is almost comically susceptible to inadvertent low-tech attacks by hungry animals. At present, power grid engineers can only ramp up redundancies and backup systems to counter these attacks.
Businesses can improve their defenses against these increasing cyberattack risks, but cyber liability insurance will generally be the best backstop for losses they experience from a successful attack. Any business that is still asking “what is cyber liability insurance” should look to the growing list of insurers that are offering robust enterprise insurance packages covering both direct and third-party losses that stem from a cyberattack. Cybersecurity threats cannot be eliminated, but a business can at least protect itself from catastrophic losses that go with those threats.