Cybersecurity risk will certainly grow in 2018, warns Christopher Skinner, CEO of technology security firm SpiderOak. “We trust our devices and systems to drive our cars, deliver vital medical treatments, and protect our homes and supply chains, but these have never been more insecure,” he says.

Read more: Don’t Be a Cybercrime Statistic

Here are some of the most pressing cybersecurity threats to businesses in the new year, according to SpiderOak:

Software updates: The new Trojan horse. How do you know the latest software update isn’t a virus? Criminals are using normal update processes to infect computers. “This is the kind of breach that destroys trust between users and software providers,” says Skinner.

Spies may be on your phone. “Gaining access to your phone essentially puts its functionality in the hands of a remote user, who can geolocate you, take pictures of where you are, eavesdrop on your conversations, and gain access to personal information that can be used to intimidate you,” says Skinner.

Criminals will wait to attack. “One of the most frightening things about the breaches at Equifax, Target, and elsewhere is what we haven’t seen yet,” warns Skinner. Once criminals have stolen the data they need, such as Social Security numbers, birth dates, and other personal details, and they may hold onto the data for years until people let their guard down. “Your data can just be sitting out there on the dark web, waiting to be sold or used, well after you think you’re safe,” Skinner says.

Passwords are failing. “The most common password last year was ‘123456’—that’s a problem,” Skinner says. “Human nature wants to simplify, so we use weak passwords and the same password for multiple sites.” He recommends using the “one-two punch” of authentication and encryption to secure data.

Compliance gets your security up-to-date some 10 years too late. “The problem with regulations is that they address what’s gone before—not thinking about what’s to come,” says Skinner. “Hackers are forward-thinking and creative, staying far ahead of current security protocols. … Checking the boxes on compliance doesn’t begin to secure systems and data the way they need to be.”

Too many people have access. “Imagine if a landlord gave a master key to all apartments to every single resident in the building—that’s how most companies’ systems are structured,” says Skinner. “When one computer or set of credentials is breached, you have now opened the door to the whole system. In the vast majority of companies, employees have far too much access to information that they don’t even need. And given the interconnected systems companies have with their vendors, and then their vendors’ vendors, they don’t even know how far out their connected system stretches. This opens companies up to so many risks that they don’t even know about.”

Breach fatigue. Skinner worries the public is becoming desensitized to these security issues with every new hacking story. “It’s easy for employees to get complacent, and the consequences of this can be extremely harmful to a business,” he says.  “CEOs and boards need to make sure that no corners are cut that can put the company at greater risk. Ultimately, cybersecurity is going to be only as strong as the top of the house makes it.”

Source: SpiderOak