1. Social Engineering remains a major tool in the landscape and culture of hacking. As long as humans socialize with each other, as long as we depend on each other for information, this will remain true. Machines and technology may have the ability to operate with “zero trust”, but humans must have a certain level of trust to create the experiences around us. In order to eat we must trust the farmers, delivery drivers, cashiers, and grocery stores. In order to wear clothing, we must trust manufacturers, designers, and those who operate the machines that make the clothing. Trust is a must, so we must create ways in which we verify the credibility of each other and those
that we establish these relationships with. Machines, systems, and networks, even those operating based on the theory of “zero trust” eventually talk to each other after that trust is established. Regardless of the level of technological protections, a human can at times bypass those protections. More simply put, a locked steel door is not effective if those inside open the door and allow the bad guys in.
2. Ransomware will likely remain a staple amongst bad actors, due to its profitable nature. The more often companies pay, the more often bad actors play.
3. Cyber Insurance is a very necessary tool for companies and can help offset some of the profits potentially lost during attacks such as these. Cyber Insurance unfortunately cannot repair the reputation of the company or reverse the hit that a company’s stock price may take.
4. Data such as social security numbers, names, addresses, and much more remain a hot commodity. Although data is taken as a common occurrence during breaches, when and where that data will be used isn’t always known. Some hacker groups resell the data that was harvested immediately, while others hold for more opportune times.
5. Education and Policies are just as important as technology such as firewalls, intrusion prevention/detection, encryption, and more. Just as hackers use Social Engineering in order to trick some users into giving up information, security teams, ethical hackers, and system administrators should use every opportunity possible to socially engineer their users into being more vigilant.