[BreachExchange] Tackling 2017’s anticipated attacks for CIOs

[Audrey McNeil]

http://www.comparethecloud.net/articles/tackling-2017s-
anticipated-attacks-for-cios/

Along with well wishes, this New Year we have been inundated with warnings
from experts and journalists that 2017 will entail an upsurge of DDoS, IoT
and Ransomware attacks that will exceed by far 2016’s record. So with
warnings must come action – which is where we propose that prevention is
the best form of defence.

2016 saw some of the most well-established and public facing companies as
the target of cyber criminals attacks, the most notable being the Yahoo
hack which saw one billion accounts being compromised and the Tesco bank
cyber-heist which was regarded as Britain’s largest attack to-date after
losing £2.5m. These were amongst just a few of a staggering 1.6 billion
data breaches that took place in 2016.

Last year also saw some of the largest DDoS attacks on record, with attacks
in some instances topping 1 Tbps – and there is no sign of slowing. In
2015, the largest attacks on record were in the 600 Gbps range now only two
years later, we can expect to see DDoS attacks grow in size which further
fuels the need to tailor solutions to protect against and mitigate against
these grand scale attacks which have been apparent throughout the year. We
can only expect to see more relentless and hard hitting attacks in 2017, so
thorough precautions must be taken.

The most notorious DDoS attacks of 2016 was the Dyn attack which made major
Internet platforms and services unavailable to large swathes of users in
Europe and North America. The reality is that we need to brace ourselves
for an even higher magnitude of cyber-attacks in 2017, hence the need for
cyber-security New Year’s resolutions.

Effective cyber defence requires paying attention to the technologies that
are available and using them in the way they are supposed to be used.
Companies that take this approach will construct effective barriers meaning
hackers will go elsewhere and find an easier target to attack. So what are
some of the most pertinent threats in 2017 and what can be done to protect
organisations and individuals?

Ransomware saw rapid expansion in 2016 and this type of cybercrime will
develop in 2017 into more sophisticated types of extortion that add social
engineering to the mix and we will see the emergence of the DDoS of Things
(DoT) as an attack method which means we need to really tighten up our
security protocols.

BYOD and IOT are both emerging trends which pose problems to individuals
and organisations. The continued proliferation of devices and the
associated attacks will confound CSOs and help threat actors propagate
their malicious activity at greater scale. Meanwhile IoT In 2017, we’ll see
the emergence of the DDoS of Things (DoT) as the attack method. By
abstracting the devices and the malware they create, we dig into the root
of the problem: the outcome, which, in this case, is a colossal DDoS attack.

As the DoT continues to reach critical mass, device manufacturers must
change their behaviour to help curb it. They must scrap default passwords
and either assign unique credentials to each device or apply modern
password configuration techniques for the end user during setup.

These developments highlight the fact that criminals are becoming more
complex and scaling up their attacks. Despite this, two of the fundamental
issues that allow these breaches to take place are the fact that businesses
are unwilling to spend out on necessary security and prioritize and that
there is a lack of education amongst the public when it comes to
cybersecurity.

With new European laws coming into force this year, companies should feel
more inclined to consider security precautions as a priority, but
crucially, by giving cybersecurity the attention it deserves and investing
in well-managed security controls, damage control won’t be necessary.

Organisations also have a responsibility to invest in well-managed security
tools, which have controls designed to prevent, detect, contain and
remediate data breaches. Furthermore, organisations should take care to
share simple safeguarding techniques amongst employees and make sure that
they are educated around the type of attacks to expect, but ultimately
protection systems need to be put in place to keep hackers out.

As employees are an organisation’s greatest tools, the way they contribute
to securing the company should also be well-managed. CIO’s and CISO’s
should make it a New Year’s resolution to ensure staff have the knowledge,
tools and ability to keep themselves and the organisation safe from the
myriad of threats that are looking to jump over low barriers or get through
chinks in the security armour.

With organisations and individuals facing so many threats in 2017 including
IoT, DDoS, BYOD and ransomware it is clear that we all need to be more
aware of the threats we face. In order to protect our individual data and
to keep organisation’s safe and secure it should be our resolution this
year to become more personally aware and to invest more in all aspects of
security. We should all approach 2017 with an enlightened view towards
cyber-security and perhaps next year, the doomsday cyber-security warnings
won’t be out in such force.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170116/cd4d6eda/attachment.html>