Ramya Menon on April 11, 2017
Divining Cybersecurity: What could be the biggest threats in 2017?
If 2016 was the curtain raiser for cybercrime, 2017 is predicted to be the year hackers are going to put up their magnum opus performance.While we are by no means glamourising the cyber crime that is rampant today, the reality is that data theft and information security risks are now being packaged with extremely creativity. Almost a billion compromised accounts on Yahoo, state sponsored cyber strong arming of the US elections; 2016 unveiled the dark realities of cyber crime to a hitherto happily ignorant world.
Machine-to-machine attacks, two faced malware, ghostware, ransomware; the cybersecurity vocabulary is getting increasingly daunting. But is is merely panic, or is there truth to the many fears that is gripping the information security industry? .
Unfortunately, our current analysis points to the latter. There is definitely need for concern and what makes it even more scary is that information security breaches have transitioned from being primarily associated with IT departments into something that is affecting and at times even costing us human life.
The Rise of Machine to Machine Attacks
Research company, Gartner predicts that by 2020 there will be over 20 billion connected devices. Simply put what this means is, for every human being on the planet, there will be between two or three connected devices. This sheer number of connected devices dubbed ‘The Internet of Things’ poses a challenge that the cybersecurity industry has not confronted before. Poor IoT security has made embedded devices an appealing frontier for hackers, who have been building massive IoT botnets. Malware infects inconspicuous devices like routers and DVRs and then coordinates them to overwhelm an online target as a disrupted denial of service attack (DDoS).
Apart from this smartphone use is posing a huge challenge, especially from a consumer perspective. Drive-by attacks — websites or apps that will fingerprint your phone when you connect to them and understand what that phone is vulnerable to is another phenomenon that is becoming increasingly commonplace. With more and more companies following the Bring Your Own Device to work strategy, data security has become even more difficult to manage. So it’s imperative to educate employees and customers about the risks associated with the evolution of cloud and mobile technology.
All things combined, the IoT has created a huge challenge for information security.
Cybersecurity and Governments
The allegation of the Russian hacking of the US elections in 2016 has opened up a can of worms when it comes to the information security of entire governments. Information security breaches have been happening in government organisations for a considerable amount of time, but it’s impact hasn’t been felt on such a scale before. In 2013 for example, the energy company BP said it experienced about 50,000 daily attempts at cyber intrusion, but that is peanuts compared to what the Pentagon and National Nuclear Security Administration face. 200 times as many online attacks. The extent of harm that can be perpetrated through state approved hacking has been evidenced during what is now referred to as the first Cyber War (Cyber War I). In 2007, Estonia removed a famous Soviet statue from their capital, provoking the anger of Russian hackers. What began with sharp rhetoric and mild protests became a serious economic offensive when Russian Internet forums urged sympathetic hackers to act. Soon, the computer networks of Estonian banks, government agencies, and media outlets began failing. ATMs were knocked offline. It became so serious that the country had to “pull the plug,” severing access to all Estonian websites from abroad.
And the predictions for this year are grim when it comes to cybersecurity and governments. Everything from small drone attacks to data manipulation have signalled the arrival of cybercrime as a dangerous enemy for governments.
Ransomware Expanding Targets
Ransomware attacks have already become a billion dollar business, and incidents of cyber criminals using ransomware to extort money from hospitals and corporations that need to regain control of their systems quickly are becoming quite common. The more success attackers have, the more they are willing to invest in development of new techniques. Individuals and organisations at an equal risk. Attackers may be emboldened to take on large banks and central financial institutions, because financial gain is at the core of the hackers incentive. Attackers could also demand money in exchange for ceasing an IoT botnet-driven DDoS attack. In other words, ransomware attacks are going to get bigger in every possible sense of the word.
These are some of the biggest issues that will confront industries which are looking to maintain the sanctity of their data. But what this also opens up is avenues for innovation and invention. For instance, startups are already building anti DDoS , to directly attack and patch botnet systems. Adaptive and behavior-based authentication will grow in importance. Anti ransomware tools are flooding the market even as we write this. And finally, the importance of cyber security has become the talking point it should be.
While it was easy to ignore it all these years, the fact that more invasions are being made through cyber criminals has created a demand for skilled professionals in the cybersecurity industry. Even though the challenges are many, this is indeed a direction towards positive change. So even if that magnum opus we talked about at the start is unveiled, we are confident that we along with our brethren of cyber security professionals will find a way to match wits with the hackers.