If an organisation is connected to the internet and holds any type of data, it's almost inevitable that it's going to end up in the sights of hackers.
Pretty much any data from personal information and bank details to email addresses and passwords can be attractive to cyber attackers. They could take this information and sell it to others on the dark web[1], they could use it as a jumping-off point for larger campaigns — they could even dump it in public view, just to cause chaos.
The types of potential attacker are also broader than ever. Some large organisations will need to have the ability to fight off skilled cyber criminal gangs and nation-state backed hacking campaigns[2]. But, for the most part, it's likely that those attempting to breach an organisation won't be the most advanced attackers in the world, especially now many cyber criminal marketplaces[3] sell do-it-yourself kits. All of this is visible in the two very different hacking trends that will likely dominate this year. First, the mass adoption of sophisticated attacks by much less skilled attackers, and second, hyper-targeted attacks going after particular companies or even individuals.
Strategies and hacking techniques that may have once required specialist expertise are now sold in easy-to-use bundles, complete with tutorials for the non-tech savvy.
"There's an entire as-a-service ecosystem and it's really everywhere. It started as malware as-a-service, but now there's also phishing as-a-service, exploit kits as-a-service, botnets as-a-service. Anyone can mix-and-match their own attacks, almost without knowing anything," says Maya Horowtiz, director of threat intelligence and research at security company Check Point Software.
SEE: 17 tips for protecting Windows computers and Macs from ransomware[4] (free PDF)
There are various examples of ransomware[5],