IBM recently announced the shocking average cost of data breach. While down around 10 percent, the global average for a data breach is $3.62 million. For many companies, the cost of suffering a cyberattack is enough to take the business down entirely, so it has never been more vital for all organizations to invest in their cyber defenses. In order to equip suitable security, you first need to understand exactly where the danger comes from. Looking ahead to 2018, we examine the biggest cybersecurity threats both to individuals and companies across the world.

Ransomware

With each passing year it feels like cybercrime hits the headlines more often than ever before. This was certainly the case through 2017, as criminal hacking and attacks seemed to be constantly in the news. Many of the most memorable cases came as a result of ransomware. Likely the most famous was the WannaCry attack, which saw a huge number of businesses and, most notably, the United Kingdom’s National Health Service locked out of their computer systems with a ransom demand for the return of sensitive data. It was reported that this attack alone saw more than £105,000 paid to criminals.

It seems that in 2018, ransomware will remain an extremely acute and common threat against companies and organizations. The technology is becoming more effective, and for as long as businesses are still willing to pay for the return of data, cybercriminals will continue to use the technique.

Businesses that wish to protect themselves against these forms of ransomware attack should invest in backups and data encryption. Doing so limits the effectiveness of an attack, as sensitive data is not available to hackers and files can be easily restored.

Lack of Expertise

One of the biggest cybersecurity threats to small and medium-sized businesses comes not from the criminals that would look to attack them, but from their own lack of expertise and knowledge. As criminals become more knowledgeable and sophisticated, it is down to businesses to ensure that they are properly protected against the dangers.

For example, small businesses that attempt to manage their own web hosting without a good understanding of how to defend themselves against attacks can leave themselves extremely vulnerable. It has been estimated that more than half of British businesses suffer cyberattacks, so those with the weakest defenses will always be the ones that suffer the most.

It is imperative that companies that lack cybersecurity expertise should invest either in internal staff or outside agencies. Many firms specialize in personalized cybersecurity for small organizations or offer managed hosting solutions to take the responsibility away from small business owners.

The Vulnerability of the Internet of Things

The Internet of Things (IoT) is becoming broader and more encompassing. Almost every piece of electronic equipment is capturing data – from personal devices storing sensitive medical details to industrial equipment holding important company information. This came to a head in late 2016, when Dyn was targeted by an enormous distributed denial of service (DDoS) attack leveraging the IoT.

In 2018 this will become even more dangerous, as hackers and criminals look for ways to gain access to networks using unsecure IoT devices. It is important for companies and individuals to take the time to understand the security measures on their IoT devices to ensure that they are not putting themselves at risk.

Phishing

Only a couple of years ago, the most significant cybersecurity threats came from external hacking attacks. DDoS and password cracking were some of the major tools used by cybercriminals, which meant that businesses and organizations invested heavily in powerful defenses to make it harder for hackers to operate effectively.

While it’s good news that these cyber threats are no longer as effective as they once were, this meant criminals sought other techniques. Phishing scams are more sophisticated than ever, for example, as bad actors can now skilfully replicate emails that appear to be from supervisors or co-workers. Throughout 2018, businesses will need to prepare themselves with additional training to ensure their staff are safe. If a hacker can gain access to internal systems, they can covertly steal data internally, which can be very difficult to detect.

Internal Attacks

Of course, the point above raises an interesting issue: given that companies find it very difficult to protect themselves against attacks perpetrated with internal credentials, organizations can be at risk from their own employees. Indeed, statistics from Infosecurity Group revealed that 43 percent of all data breaches were caused by internal actors, and half of these breaches were intentional.

This indicates that companies need to be aware of the risks that their employees and staff can pose against them. That’s not to say that businesses should begin witch hunts against their team, but rather stress the relevance of proper internal systems so that any suspicious behavior or losses of data can be traced back to individuals easily. In 2018, companies should look to invest both in training staff to make them aware of the security measures in place and also in computer systems that limit access to sensitive data only to those individuals that need it.

The Accessibility of Hacking Tools

Unfortunately, one of the other major issues in 2018 will be the fact that potential hackers are now able to gain access to tools far more easily than ever before. Individuals with little or no experience can purchase tools that allow them to break into computer systems, and hackers have also begun to use their numbers to their advantage – realizing the gains that can be made in working together.

Throughout 2018 and beyond it will be up to businesses and organizations to invest in cybersecurity features and highly trained and knowledgeable staff.

Smart hubs have become one of the hottest trends in tech in recent years, and it’s not hard to see why. Powered by sophisticated artificial intelligence (AI) high-tech digital assistants like the Amazon Echo, Google Home and Apple HomeKit offer the ability to control a whole constellation of devices, from lights and thermostats to cameras, security systems and more. These devices also allow you to search the web, check your email, place online orders and handle a variety of other tasks with simple voice commands.

These cutting-edge gadgets also come with a downside, however: many consumers worry about the security of their personal data, and the always-listening nature of smart hubs raises real concerns over privacy in the home. Fortunately, with the proper precautions, many of these fears can be laid to rest. Here are a few crucial things you need to know to keep yourself and your personal information safe when using a smart hub in your home or business.

Practice Holistic Security

If you’re like most users, your smart hub is only one part of your broader network. If you own and use other smart products, it’s essential to focus on securing your entire Internet of Things (IoT) network rather than focusing exclusively on your smart hub. Be aware of each device on your network, what data it records or has access to and how it uses it. Keep all of your devices up to date, change the default passwords and take steps to ensure that each device is as secure as possible. After all, with a closely interconnected IoT, every connection represents a potential security flaw that could be exploited to gain access to the entire network.

Be Aware of Who’s Listening

One of the great things about smart hubs is that they’re always ready to respond at a moment’s notice. However, this also means that your AI assistant is always listening in – even when you’d rather it not. In order to build a more accurate profile of your voice and preferences, your smart hub may record on everything you say, whether or not you use the designated action phrase, such as “Okay Google” or “Alexa.” To remedy this issue, consider muting your hub whenever it’s not in use. While it may be slightly less convenient, it’ll give you peace of mind knowing that you can speak freely without Alexa or Google Assistant eavesdropping.

Stay Updated on Security Threats

When it comes to securing your smart devices, knowledge is often your best line of defense. New attacks and exploits arise quickly, and it’s important to stay updated on the latest security risks in order to keep your devices properly protected. In particular, keeping abreast of emerging risks and recent attacks ensures that you’re aware of critical security patches and software updates that may otherwise not be downloaded and installed quickly enough to protect you. It also allows you to more accurately assess the risks before you divulge personal information.

In recent years, we’ve seen various smart home devices get hacked, and many of these have been found out to be very easily “hackable.” Therefore, it’s important to also do your research before biting the bullet and spending a fortune on devices that do not have the appropriate security measures integrated or that have a history of being vulnerable to attacks. Find the right security cameras for your home that others cannot easily take over to spy on you or use them in any other way against you. We have also seen that even smart thermostats can be susceptible to ransomware, so staying updated on these threats and knowing how to stop or prevent them are imperative.

Employ Defensive Measures

If you choose to share your financial information with your smart hub, such as connecting a credit card or bank account, it’s important that you stay proactive in safeguarding your data. This begins with using strong, unique passwords for each account and device. Even better, consider setting up multi-factor authentication whenever possible. Multi-factor authentication requires a second “factor” in addition to a password – such as a verification code or a biometric security measure – to provide an additional layer of security.

Additionally, be sure to regularly review your security and privacy settings for each device and account that you use. If you own an Amazon Echo product, consider regularly deleting your old recordings. This can be done quickly from the Amazon website, allowing you to delete either individual queries or your entire history.

The voice-controlled digital assistants that power products like the Amazon Echo and Google Home are capable of revolutionizing the way we interact with our technology – and with the wider world around us – but they also demand no small degree of caution and vigilance. With the tips above, you’ll have the knowledge and skills you need to use your smart hub with the confidence that your privacy and personal data are properly protected.

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers. Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Hackers have successfully infiltrated numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The breach is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

U.K. regulators including the National Crime Agency are also looking into the scale of the breach. London and other governments have previously taken steps toward banning the service, citing what they say is reckless behavior by Uber.

In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.

The new CEO said his goal is to change Uber’s ways. Uber said it informed New York’s attorney general and the FTC about the October 2016 hack for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The men didn’t immediately respond to requests for comment.

The company said its investigation found that Salle Yoo, the outgoing chief legal officer who has been scrutinized for her responses to other matters, hadn’t been told about the incident. Her replacement, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.

Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser. He will help the company restructure its security teams. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc., to investigate the hack.

The company plans to release a statement to customers saying it has seen “no evidence of fraud or misuse tied to the incident.” Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection.

Holiday shoppers beware, consumer advocates are warning: Danger lurks in U.S. toy aisles, where dolls and robots can be used as spies and unlabeled potential choking hazards are disguised as "Disney Princess Punchball Balloons." "My Friend Cayla," a popular talking doll, uses a hidden microphone and an unsecured Bluetooth connection that can allow anyone within range to spy on your family and talk back to your child, said Kara Cook-Schultz, one of the authors of the U.S. Public Interest Research Group's annual "Trouble in Toyland" report.

"If you are an adult and have decided to share data with an internet-connected device, fine. But if you're a child, you probably have no idea that this doll that you think of as a friend can be used to spy on you," she said.

German authorities banned the Cayla doll in February, saying it violates Germany's privacy laws. Last summer, the FBI also issued a consumer warning about Internet-connected devices, saying that toys containing sensors, microphones, cameras, data storage and other multi-media capabilities could put the privacy and safety of children at risk because of the large amount of personal information that your children — and you, when you're in earshot of the device — might unwittingly disclose.

And Cayla isn't the only culprit.

The Mozilla Foundation, a non-profit aimed at fostering a free and functioning Internet, issued a report Tuesday that cited several other toys with identical Bluetooth risks — "Dash the Robot" and "BB-8 by Sphere," a Star Wars themed toy. Both Bluetooth-enabled devices could allow everyone from neighbors to the person sitting next to you at the park purposefully (or inadvertently) connect to the toys, listen to your kids' conversations and even talk back to them.

Worse, says Mozilla Foundation's vice president of advocacy, Ashley Boyd, is that these devices store all the personal information they've gathered. Yet it's not clear whether the data is stored in the device, in the "cloud" or elsewhere, nor is it clear how this data is secured.

"There isn't a lot of transparency," Boyd said. "As parents, we should know where the data is stored and whether it could be shared with others."

"Adidas miCoach" soccer ball poses even greater privacy risks, according to the Mozilla report. The ball has a camera, microphone and location tracker, but no privacy controls. Consumrs are also invited to create an account to use the game system, which could reveal more of their information.

"Privacy has really emerged as a theme with all of these Internet-connected devices," Boyd said.

Cheers to a cybersecure holiday season! Cyber Monday 2017 is expectedto be the biggest shopping day in U.S. history. According to a Pew Research Center survey, Americans use a wide range of digital tools and platforms to shop, and roughly 80 percent of adults purchase products online. Mobile has taken over holiday gift giving: last year, half of website visits and 30 percent of online sales were conducted via mobile devices. Gift givers are going mobile to conveniently compare products, read reviews and make purchasing decisions while out and about. Technology also ranks high on shopping lists – from new laptops and gaming systems to tablets, the latest phones and Internet of Things (IoT) devices like video cameras, toys and appliances.

Whether you are giving the gift of connectivity or using it yourself, don’t let hackers mess with the merriment. The National Cyber Security Alliance (NCSA) reminds everyone that all devices connected to the internet – including mobile and IoT – must be protected. And young people receiving technology for the first time need to understand how to use it safely and securely. In addition, older adults must make it their mission to continue to learn about and practice good cyber hygiene.

“All tech users – especially vulnerable audiences like teens and seniors – need to take responsibility and protect themselves against cyber threats, scams and identity theft – not only during prime shopping time, but every day,” said Michael Kaiser, NCSA’s executive director. “In past years, we have seen that scammers, hackers and cybercriminals are actively on the prowl during the holidays. Stay alert for phishing emails, deals that look to good to be true and warnings about packages that can’t be delivered or orders that have problems. Continually learn about and always initiate basic safety and security practices, and you will connect with more peace of mind during the holidays and year-round.”

GET READY TO CYBER SHOP SAFELY:

KEEP CLEAN MACHINES: Before searching for that perfect gift, be sure that all web-connected devices ‒ including PCs, smartphones and tablets ‒ are free from malware and infections by running only the most current versions of software and apps. LOCK DOWN YOUR LOGIN: One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media. CONDUCT RESEARCH: When using a new website for your holiday purchases, read reviews and see if other customers have had positive or negative experiences with the site. WHEN IN DOUBT, THROW IT OUT: Links in emails, social media posts and text messages are often how cybercriminals try to steal your information or infect your devices. PERSONAL INFORMATION IS LIKE MONEY. VALUE IT. PROTECT IT: When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.

NAVIGATING THE DIGITAL MARKETPLACE WHILE ON THE GO:

GET SAVVY ABOUT WI-FI HOTSPOTS: If you are out and about, limit the type of business you conduct over open public Wi-Fi connections, including logging in to key accounts such as email and banking. Adjust the security settings on your phone to limit who can access your device. SECURE YOUR DEVICES: Use strong passwords or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out. THINK BEFORE YOU APP: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps. NOW YOU SEE ME, NOW YOU DON’T: Some stores and other locations look for devices with Wi-Fi or Bluetooth turned on to track your movements while you are within range. Disable Wi-Fi and Bluetooth when they’re not in use.