[BreachExchange] What will cyber security look like in 2017?

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jan 3 20:13:15 EST 2017


http://www.itproportal.com/features/what-will-cyber-
security-look-like-in-2017/

Throughout 2016, we’ve seen large companies regularly appearing in the
press as victims of cybercrime. Data breaches, malware infections and
social engineering attacks have become common, and almost expected.

Unfortunately, all signs point to this trend continuing in 2017. Tech
innovations and an increase in connected devices mean more gateways for
cyber criminals to access sensitive networks and data, with the Internet of
Things, drones and mobile payment systems likely to be significant targets
next year. Here is what businesses should be expecting:

1. More attacks on mobile payment systems

We are using our smartphones more than ever – research by Deloitte found
that collectively, UK citizens look at their smartphones over a billion
times a day. We incorporate mobiles into as many of our everyday activities
as possible, from walking to our diets and making payments.

Major retailers are keen to take advantage of this and stay ahead of the
competition by adopting the newest near field communication (NFC) and radio
frequency identification (RFID) mobile payment systems, such as Apple Pay
and Android Pay.

In a way, this is great news, making payments easier, quicker and more
convenient. But many people assume that their phones are automatically
secure, and will download a variety of potentially harmful free apps and
files. This belief in the intrinsic security of smartphones, combined with
the inevitable security flaws in emerging mobile payment systems, will
amount to expected attacks on digital and mobile payment systems in 2017.

2. The Internet of Things will be increasingly under threat

Securing the Internet of Things has been a highly scrutinised topic this
year. Every object seemingly has the potential to become a connected
‘thing’, from heaters to shoes and coffee machines.

Of course, many are concerned that these devices are another way for
criminals to access valuable information. At the other end of the scale,
some people believe that because these devices don’t look like, or
necessarily operate in, the same way as laptops and tablets, they are not
prone to the same vulnerabilities. However, as we saw with the Dyn DDoS
attack that took down Twitter, Netflix, CNN and GitHub earlier this year,
one vulnerability in a connected device can lead to widespread
consequences.

We must also seriously consider the value of the data that can be accessed
via these connected devices. We are likely to see an increase in targeted
ransomware attacks, and if an attacker takes control of a businesses’
lights or access controls, companies won’t have much choice but to pay up.

3. Social engineering attacks will become even more of an issue

Humans are, and will continue to be, the weakest link in the cyber security
operations of any company. Although security technologies are bound to
evolve in 2017, if employees are not educated about basic cyber security
measures, we will likely see a rise in data breaches.

Criminals are aware that employees will always be an easy target, and
therefore their attacks will will become even more targeted in order to
continue manipulating people into disclosing sensitive information. These
attacks may include sophisticated spear phishing emails, criminals posing
as contractors to gain access to a building and steal company data, and
monitoring keystrokes to discover passwords.

The string of data breaches in the past couple of years also means that a
growing amount of information is available about a large number of
individuals – certainly enough for a criminal to put together a convincing
phishing email.


4. Drones will be used to launch attacks

In 2017 we are likely to see an increase in physical attacks carried out by
drones. Drones are becoming more widespread, but awareness of them as a
threat to organisations is limited.

Drones can be used to attack short range networks such as Bluetooth and
Wi-Fi connections, and could therefore be used to record keystrokes from
Bluetooth keyboards or intercept communications across a network. Often,
these connections are less secure as many companies may assume that no one
will be able to get close enough to affect them. This is likely to change
with the increased availability of drones next year and as attackers become
more creative in their attempts to access valuable information.

5. Increased likelihood of attacks on infrastructure

With the desire to make everything connected comes the evolution of bigger
and grander connected systems. Smart cities are the perfect example of
this. In a similar way to Internet of Things devices, these systems offer
hackers another way to access a vast database of critical information and
services – only these attacks could have much larger consequences,
affecting energy and water supplies of entire cities or regions.

Even cities that aren’t ‘smart’ are vulnerable, often due to ageing
infrastructure and complex supply chains. Companies associated with
critical infrastructure often have vast supply chains, therefore if
employee working for a contractor or supplier falls victim to a phishing
scam it could potentially bring down the electricity supply of an entire
town.

Overall, whilst 2017 may look bleak in terms of cyber security, innovations
in connected devices, mobile services and smart cities all offer a
multitude of benefits for businesses. However, companies need to be
realistic about the threats that these innovations pose, and be proactive
in preparing for an attack.

Even with the chain-reaction of breaches that we saw this year, as ever,
many companies are likely to bury their heads in the sand when it comes to
cyber security. But, with the new General Data Protection Regulations
coming into force in 2018, businesses may pay a hefty price for ignoring
cyber threats in the near future. Therefore, 2017 is the year for
businesses to put a robust cyber security strategy on their list of new
year’s resolutions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170103/2bbb5b7c/attachment.html>


More information about the BreachExchange mailing list