Ransomware attacks are expected to increase in numbers and complexity.
For those who are unfamiliar, ransomware is a malware software that infects and takes over a company's computer systems and other electronic devices. Attackers typically demand a ransom to restore access to the systems. While law enforcement officials advise organizations not to pay these ransoms, companies can be placed in precarious positions when the ransomware virus threatens to expose sensitive customer data or disrupt patient care, for example, in the case of a hospital or medical institution.
Board veteran Betsy Atkins advises all boards to outline a ransomware policy as part of their cybersecurity preparedness. A ransomware policy establishes the chain of command in the case of a ransomware attack, along with appointed decision-makers and anticipatory stakeholder messaging. At the least, boards should take the necessary steps to educate themselves on the nature of ransomware attacks and should discuss how company operations could potentially be impacted.
Smartphones and mobile devices will become greater targets as malware evolves beyond PCs and laptops.
Billions of under-protected IoT devices will be deployed in the next few years leading to greater connectivity, but also greater risk.
As the connectivity between personal and business devices becomes even more fluid, cybersecurity experts expect to see a notable increase in attacks related to IoT devices. In a survey of 800+ IT security professionals, 90% of respondents said they expect connected devices to be a major issue in the years ahead (The Internet of Evil Things, Pwnie Express).
The healthcare industry has been a prime target for cybercrime in recent years. As they bolster their defenses, experts expect criminals to transfer their efforts to other industries like construction, education, advertising, financial services, governments, and law firms. Cybercrime in the legal field could compromise the confidentiality of court cases. Cyberattacks against governmental agencies could affect employment, payroll, elections, and cause other paralyzing damage. No industry or organizational structure is immune.
As attacks against government and businesses are growing increasingly more sophisticated, the cybersecurity skills gap is widening at an alarming pace.
'The greatest virtual threat today is not state-sponsored cyber-attacks; newfangled clandestine malware; or a hacker culture run amok," said John Reed Stark, former Chief of the SEC's Office of Internet Enforcement. "The most dangerous looming crisis in information security is instead a severe cybersecurity labor shortage.'Boards and management teams need to examine their own talent development and training efforts to ensure programs are in place to internally develop these skill sets, as they will become invaluable to the company in the years ahead. From a long-term perspective, what are today's companies, government agencies, and education systems doing to address the talent shortage and spark interest/opportunities in cybersecurity for today's youth?
As cybercrime continues to evolve at a rapid pace, today's boards and management teams must be prepared to assess the significant risks these trends pose to their companies. The impact of these trends ripple outwards to the corporate secretary, who must also find new ways to educate directors on cyber risk and curate relevant information from across the company. Finally, how are the members of your board communicating with one another? A recent research report by the New York Stock Exchange and Diligent allows boards to compare their communication practices to other boards, and more importantly, to identify ways in which they might be putting the company at risk. Download the report here.