[BreachExchange] 2017 - The Year We All Need To Become Cyber Smart
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jan 12 20:04:50 EST 2017
http://www.huffingtonpost.co.uk/vince-warrington/2017-the-
year-we-all-need_b_14101814.html
2016 was a significant year for cyber security. We saw the Russian 'Fancy
Bears' hacking team leaking athlete's medical data, the Tesco Bank hack,
and the Bank of Bangladesh heist - where US$101 million was stolen in a
cyber attack. And all this before we get to the alleged Russian hacking of
the US Election campaign...
The hackers and cyber criminals are seriously upping their game. Amongst
the most concerning developments is the continuing escalation of
ransomware, and the release of the Mirai malware onto the Dark Web in
October 2016. Mirai can turn 'Internet of Things' (IoT) devices such as
webcams, CCTV systems and home broadband routers into large, malevolent
networks called a 'Botnet', which can be used to undertake very large scale
Distributed Denial of Service (DDoS) attacks against websites. There is no
doubt that we will see an increase in the size and frequency of DDoS
attacks in 2017 as a result.
Businesses - as well as the general public - will consequently have to get
smarter and more agile if they don't want to fall victim to an increasingly
sophisticated and well-coordinated network of cyber gangs.
Is 2017 The Year That Toasters Take Down Big Business?
Whilst the significant DDoS attacks in the latter half of 2016 - including
one incident which took down popular sites such as Twitter and Reddit -
utilised around 150,000 Mirai infected IoT devices, there are already
criminal gangs offering to rent botnets consisting of over 400,000
compromised IoT gadgets on the Dark Web. Such botnets are likely to be
included in the arsenal of hacktivist groups such as Anonymous, as well as
that of the cyber criminals. We could see DDoS attacks with the capability
to knock banks, governments and businesses offline for a significant period
of time.
Growth In Crime-as-a-Service Will Require Increased Cyber Education For All
Hackers are now looking to further monetise their skills by offering a
range of cyber attacks for hire on the Dark Web. Whilst hiring out IoT
botnets for undertaking DDoS is a growing area, I foresee that the real
expansion is in ransomware, where the profits can significantly exceed the
required investment.
Some cyber criminals are now offering a customised ransomware package for
as little as US$100, enabling people with almost no technical expertise to
launch a campaign. With one version of the CryptoWall family estimated to
have generated US$325m in 2015, it's easy to see why people are tempted.
It's not easy to defend against ransomware - the attackers need only be
lucky once, whereas you need to be lucky all the time. Make sure you take
effective anti-spam and anti-phishing measures and get used to backing up
your data - ideally on a daily basis.
Inspiring Young People Is Key To Bridging The Cyber Skills Gap
The global lack of suitably qualified cyber security personnel - especially
at a senior level - is likely to become an increasing issue in 2017. As
Boards start to come to terms with the scale of the cyber threat and
initiate programmes of work within their organisations, an already small
group of available experts will start to reduce. To address this skills
shortage quickly, the UK must introduce more information security courses
in both schools and universities, create a robust apprenticeship scheme to
service a growing SME industry that is crying out for interested and
talented young people to train up; and inspire young people early on. We
should also look at opportunities for getting those looking to change
careers into the industry. After all, what's not to like about a career in
cyber security? The pay is good, there are opportunities for global travel
and it's certainly a growth industry.
Get Yourself Security Savvy
It's easy to read the stories in the news and get a sense that we cannot
win against the cyber criminals. The good news is that there are several
measures that we can all take to protect our key data - it just requires
some focus and effort. Businesses need to get the fundamentals correct,
identify where their weaknesses are, and start plugging the gaps. As
individuals there are a number of measures we can take to help protect
ourselves and our families. Learn how to construct strong passwords,
back-up your data frequently and re-set those factory default passwords on
all your smart devices moving forwards.
You lock your front door to help prevent burglars from getting inside your
house - in 2017, you need to take measures to prevent the cyber criminals
from getting access to your digital life
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170112/71344b5c/attachment.html>
More information about the BreachExchange
mailing list