Cyber security predictions make it important for organisations to stay one step ahead of cybercriminals’ exploits. Here are crucial key security predictions for 2017.
By RICK ROGERS
Prediction is very difficult, especially if it’s about the future,” as Nils Bohr, the Nobel laureate physicist put it. But as we begin 2017, it is useful to look forward and try to anticipate the cyber security trends that lie ahead; and reflect on what has happened over the past year, to see how accurate previous predictions were. Check Point Software Technologies predicted the following security threats in 2016:
1.The emergence of sophisticated and custom-designed malware designed to get past organisations’ defences.Attackers are using bespoke variants of existing malware, which can bypass traditional antivirus and sandboxing tools. The Check Point Software 2016 Security Report revealed that 971 unknown malware variants were downloaded to enterprise networks every hour.
2. Mobile attacks
In 2016, it was predicted that they will increase as mobile devices became more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. This too was borne out – we saw major vulnerabilities like Quad rooter emerge and new zero day threats discovered, as well as ongoing increases in mobile malware targeting vulnerabilities.
3. Attacks on critical infrastructure.
We expected these to rise as cybercriminals sought to take advantage of both the inherent vulnerabilities in critical infrastructure computer systems and the potentially huge damage that can be wreaked. Sure enough, an attack using ‘Black Energy’ malware struck a Ukraine power company. Warsaw’s Chopin Airport was also attacked as well as the systems of the Bowman Dam in Rye, New York.
4. Cyber criminality taking advantage of the growing Internet of Things and targeting smart devices.
2016 saw one of the largest DDoS attacks ever targeting security blogger Brian Krebs’ website, which was launched from millions of IoT security cameras and similar devices.
Unfortunately, these predictions for 2016 proved to be accurate. Like most cyber security professionals, I would prefer that they were not realised. I would much rather organisations didn’t get infected by malware, hacked, or suffer data breaches. But by predicting the next wave of threats, it is vital for organisations to stay one step ahead of cybercriminals’ exploits. So here are five key security predictions for 2017.
Mobile: moving targets
As attacks on mobile devices continue to grow, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern. The recent discovery of not one, but three zero-day vulnerabilities in Apple’s iOS following an attempted attack on a human rights activist’s phone, highlights how rapidly the mobile surveillance and cybercrime industry is expanding – and the need for organisations to deploy protections on their mobile estates against malware, interception of communications and other vulnerabilities.
IT and OT convergence
In the coming year, we expect to see cyber attacks spreading further into the Industrial companies. The convergence of informational technology (IT) and Operational Technology (OT) is making both environments more vulnerable, particularly the operational technology. These environments often run legacy systems for which patches are either not available, or worse, simply not used.
Many critical industrial control systems are open to the Internet – a recent report found over 188,000 systems in 170 countries were accessible this way. 91 per cent were remotely exploitable by hackers, and over three per cent had exploitable vulnerabilities. Manufacturing, as an industry, will need to extend both systems and physical security controls to the logical space and implement threat prevention solutions across both IT and OT environments.
Once again, we are placing critical infrastructure in our predictions for the coming year – globally, as it remains highly vulnerable to cyber attack. Nearly all critical infrastructure, including nuclear power plants, electricity grids and telecoms networks, were designed and built before the threat of cyber attacks. In early 2016, the first blackout caused intentionally by a cyber attack was reported. Security planners in critical infrastructure need to plan for the possibility that their networks and systems will see attack methods consistent with multiple potential threat actors: nation-state, terrorism and organised crime.
For enterprises, Check Point predicts that ransom ware will become as prevalent as other forms of cyber attacks. Successful attacks can shut down a business’s day-to-day operations, and mitigating them demands a multi-faceted prevention strategy, including advanced sandboxing and threat extraction.
Businesses will also need to consider alternative ways to cope with the people who launch cyber attacks. Collaborative strategies like coordinated take downs with industry peers and law enforcement will be essential. While paying a ransom is never recommended because it encourages future attacks, sometimes it is the only option for recovering data and the ability to function. As such, the establishment of financial reserves to speed up payments will become increasingly common.
We also predict more targeted attacks to influence or silence an organisation, with ‘legitimate’ actors launching such attacks. The US Presidential campaign and elections showed this possibility and will serve as a precedent for future campaigns.
As enterprises continue to put more data on the cloud, providing a backdoor for hackers to access other enterprise systems, an attack to disrupt or take down a major cloud provider will affect all of their customers’ businesses. While generally disruptive, it would be used to impact a specific competitor or organisation who would be one of many affected, making it difficult to determine motive.
Ransomware attacks are expected to impact cloud-based data centers too. As more organisations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure, through either encrypted files spreading from cloud to cloud or by hackers using the cloud as a volume multiplier.
Rick Rogers is the Manager for East and West Africa at Check Point Software Technologies.