The Future of Security Threats: New Risks, and an Old Threat Resurfaces

Computer and network security is an ever-evolving field. As technology advances, cybercriminals find new ways to exploit vulnerabilities in order to get at your personal, financial, or organizational data. We recently spoke with Symantec's Director of Security Response Kevin Haley to get an idea of what threats you'll face in the next year or two.

In short, expect a continuation of common threats like ransomware, as well as the emergence of new threats from connected devices and the so-called Internet of Things. Plus, keep an eye out for the resurgence of an old threat made new.

Ransomware with a Twist

Ransomware — malicious software that locks your data or otherwise compromises your computer in an attempt to extort money — is not a new threat. It's been around for a number of years in various forms. But according to Haley, a new form of ransomware doesn't just lock your files; instead, it threatens to publicly release your data unless you pay up.

For many individuals, this may simply mean an embarrassing leakage of personal data — browser history, emails, photos, and so on. For a nonprofit, especially one that deals with sensitive sociopolitical issues, the possibility of data leakage can have more serious ramifications. It could pose a threat to the community you serve.

Email That Looks Like It Came from a Co-worker

In traditional phishing attempts, scammers create an email that appears to be from a legitimate source — say, Google, Amazon, or Apple. Then they attempt to steal account information, such as usernames and passwords. But in an emerging form of phishing, hackers may use emails purportedly from co-workers or business associates to try to steal information from your organization.

For example, Haley says, you may receive an email from a vendor or a colleague asking for specific pieces of information (such as tax forms) or for money outright. The only problem is that these emails originate from scammers, not your colleagues. And once you email an important piece of information to these impersonators, there's no way to get it back.

With proper data handling, though, you can avoid these sorts of nightmares. See our recent post, 5 Data Security Risks for Nonprofits (and How to Fix Them), to learn more.

The Internet of Things Can Make People Vulnerable

From smart locks to Internet-connected appliances, the Internet of Things promises to change the way we interact with all sorts of items within our homes and offices. But with this comes the potential for security headaches.

According to Haley, these "smart" devices are rarely protected properly, and are easy to infect with malware. And this isn't just an issue that may cause problems some years down the line. Last year, as CNET reported, a network of malware-infected DVRs and webcams overloaded a number of popular websites and online services, temporarily knocking them offline.

Word Macro Viruses Make a Comeback

Perhaps the most surprising threat Haley warned about was the revival of Word macro viruses.

Macro viruses use Microsoft Word's macro programming feature — typically used to automate certain tasks within Word — to infect your computer. Macro viruses have been around for many, many years. And Word disables macros by default: If you open a Word document with a macro, you'll have to click a button to tell Word to turn on any macros within that document.

With this new wave of macro viruses, however, criminals employ social engineering trickery to goad you into turning on macros, allowing the macro virus to do its thing.

Fortunately, you can easily protect yourself from getting infected. First, don't open file attachments from people you don't know. If you receive a Word document with macros from someone you do know, confirm with that person to make sure that they intended to send the macros and that they are safe to run.

As Always, Vigilance Is Key

Although specific threats may evolve over time, good security practices never go out of style. Use a security software package and keep it updated. Enforce good account security practices within your organization.

Don't open file attachments from people you don't know, and don't open unexpected file downloads. Secure all your devices as best you can. And if something seems fishy — perhaps that email from your boss doesn't seem quite right — don't be afraid to question it.

By taking small steps like these, you might save yourself — and your organization — some serious pain.

spanhidden