Cybercriminals Likely to Use GDPR to Extort Money

GDPR Compliance

Cybercriminals are refining and targeting their attacks for greater financial return, and likely will exploit the EU’s General Data Protection Regulation (GDPR).

That’s according to Trend Micro‘s Security Roundup for 2017, which revealed an increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts during the past 12 months. The trend will continue in 2018, with extortion attempts likely to target organizations trying to comply with the new EU privacy laws.

“The 2017 roundup report reveals a threat landscape as volatile as anything we’ve seen, with cybercriminals increasingly finding they’re able to gain more – whether it’s money or data or reputation damage – by strategically targeting companies’ most valuable assets,” said Jon Clay, Trend Micro’s director of global threat communications.

Any U.S. organization that handles data belonging to EU citizens will be required to comply with GDPR by May 25.

Based on the trend of cybercriminals plotting more strategic attacks, it’s likely that some will try to extort money from enterprises by first determining the GDPR penalty that could result from a breach, and then demanding a ransom of slightly less than that fine, which CEOs might opt to pay, Trend Micro said.

The report also reveals: a 32 percent increase in new ransomware families from 2016 to 2017; a doubling of BEC attempts between the first and second half of 2017; and soaring rates of cryptocurrency mining malware, peaking at 100,000 detections in October.

Vulnerable Internet of Things (IoT) devices also are a major security risk across several trending threats. Trend Micro detected more than 45.6 million cryptocurrency mining events during the year, representing a large percentage of all IoT events observed. Software vulnerabilities also continued to be targeted, with more than 1,000 new flaws discovered and disclosed in 2017 through Trend Micro’s Zero Day Initiative and its researchers.

Cygilant's Vijay Basani

Cygilant’s Vijay Basani

And in more depressing news, Cygilant’s Q1, 2018 Cybersecurity Survey shows a lack of confidence in respondents’ ability to protect customer data, with less than 17 percent very confident that they can successfully offer protection. Some 68 percent of the more than 165 IT and security professionals at medium-size companies across the country cite a lack of company resources, including budget and time, as a top cybersecurity challenge.

Vijay Basani, Cygilant‘s founder and CEO, tells Channel Partners there is a sizable market opportunity for the channel, including MSSPs and service providers, that have expertise in a variety of security services, and can address each customer’s needs, compliance requirements and other issues.

“One key takeaway that signifies a challenge to the channel, and a potentially long sales cycle, is that many organizations still aren’t investing in their cybersecurity programs,” he said. “In fact, more than 80 percent of those surveyed said that their companies have underfunded IT security budgets, or no budget at all.”

Among the findings: More than half (53 percent) believe their company was breached once or more in 2017; 63 percent conduct cybersecurity training once a year or less; nearly 25 percent rate phishing and spam as …

Pages:  1 2 Next

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 95665