Critical cyber security trends to watch

Companies lost an estimated $375 to $575 billion last year on "hack attacks," according to security software company McAfee.

"Intel Security claims 80 per cent of small and medium-size businesses don't use data protection,. Less than half use email security."

"The ability for small businesses to safeguard their critical data continues to be one of the top areas for IT investment in 2016 and beyond—and that screams opportunity for Microsoft partners to introduce customers to new solutions and technologies," Microsoft  Senior Partner Marketing Manager Alex Sessoms said on the Microsoft Partner Network website.

Mobile malware (malicious software) growth will result in more security issues.
"2016 will be a year when cybercriminals focus on targeting mobile devices by attacking underlying operating systems and releasing more malware-infected apps," Sessoms warned.

"China leads the world in the number of mobile users, and malware on these devices will surface as a huge problem. A study by Tsinghua University, Microsoft Research, and China's Ministry of Science and Technology found that only a quarter of apps in the country's local app stores are safe."

You can help ensure that sensitive data on mobile devices are protected with built-in encryption capabilities like Enterprise Data Protection and BitLocker. 

Online extortion and hacktivism will continue to increase in 2016.

"According to Microsoft Partner TrendMicro, rapid growth in online extortion and hacktivism is expected in 2016 with more sophisticated ways to steal information and gain control of web-enabled devices."
"Malware programs like ransomware, which TrendMicro argues is potentially one of the most dangerous types of computer malware, might be used more frequently by hacktivists in order to encrypt the victim's personal information like photos or conversations and extort money online to regain control of online accounts and devices,"
Sessoms said.

To stay safe from attacks, learn more about ransomware and how to protect yourself and your customers from it. 

Password recovery scams, including spear phishing and smishing, are on the rise.

"Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data.  . . Since phishing attacks are no longer limited to email, SMS phishing (smishing) is becoming more common, especially by hackers creating password recovery scams."

A criminal hacker only needs a victim's email address and a mobile phone number to start a password recovery process and compromise their account,. 

Use built-in threat protection on your PC and devices with Windows Defender. You can also get alerts about security breaches with Advanced Threat Analytics (ATA) as part of the Microsoft Enterprise Mobility Suite (EMS), he recommends.

Cyberattacks cause physical damage.

"One of the recent hacking attacks in late December 2015 caused physical damage at an unnamed German steel mill. Cybercriminals used sophisticated social engineering and spear-phishing tactics to manipulate control systems and gain initial access to the steel mill's office network. . . . In the event of this type of a hack attack or even a natural disaster, it is very important to have a disaster recovery and data backup plan."

Microsoft Azure Site Recovery is one option of many.
The internet of things (IoT) is resulting in even more vulnerable devices.

"All mobile devices that connect to IoT devices through Bluetooth or Wi-Fi are vulnerable to cyberattacks, and this makes it easier for hackers to access private or secure networks, causing mobile device driven attacks.
"To protect devices, be sure to look into Microsoft Intune, which provides mobile device management, mobile application management, and PC management capabilities from the cloud. The tool includes comprehensive settings management for mobile devices, including remote actions such as passcode reset, device lock, and data encryption."