Spotlight on leadership and cybersecurity in changing times
Metin Mitchell, Managing Partner, and guest contributors
Top 10 emerging cyber security risks facing businesses
Rumi Contractor recently spoke to Metin Mitchell about cyber security in the boardroom and as a follow up, has written this guest blog on the biggest cyber security risks facing businesses.
I collected this list of cyber security risks, based on some of the reports and trends I read and came across on the Internet. These are risks as they exist today and will continue proliferating at a fast pace, impacting all of us individually and as corporates going forward ….
1) IoT device manufacturers will need to address major threats
The Internet of Things or IoTnternet of Things or IoT refers to the litany of devices that have come online in recent years. Everything from your dishwasher to your coffeemaker is online now—your refrigerator probably has a Twitter account at this point. With all of these devices coming online – and perhaps more importantly, networking with other devices online – it creates a new attack surface that is extremely vulnerable.
Until IoT manufacturers identify authentication risks and establish identity assurance requirements, the threat will ensue. Many organizations are trying their hardest to build Open Platforms to allow manufacturers such as Alexa and others to access other vendor products – I personally am wary of this technology as it exists in its current guise and maturity! As a matter of fact I shy away from using technology which is still very much bleeding edge and not established through industry accepted standards.
2) Mobile payments will come under attack
If you’ve been to a Wallgreens, a Starbucks or any of the other large retailer lately, you know how many people are paying for things on their phones these days.
It seems like everyone – from retailers to technology titans like Apple and Google to banks – are designing NFC (Near Field Communication) and RFID (Radio Frequency Identification) mobile payment platforms these days. The idea is to make us all transact electronically without the need of any physical currencies! The other reason is that as humans we have a tendency to spend more when we are not transacting with physical tokens and currencies, this is a human, psychological issue which the retailers love to exploit in the name of convenience.
As you can imagine, this is an exciting new target for cybercriminals, who are already actively looking for a way to breach these systems and gain access to money and valuable financial details. Think about the Open Banking Platforms and PSD2 standards etc. that are already coming to banks in Europe. This is where regulators are asking banks to open up client accounts to established APIs so that Fintechs can piggyback on banking accounts and the power goes from a bank to the client! Crazy stuff is coming our way …….
3) Ransomware will continue to evolve as a threat
Ransomware is just one part of a larger threat: digital extortion. To date, it is the most effective weapon in the digital extortion tool box. The ability to take over a system and effectively hold it hostage until a financial (aka Ransom) is made is an attractive new business for the cybercriminals and this form of extortion will likely grow substantially from here onwards.
Even with certain strains, such as the CrySiS Ransomware strain having been defeated in 2016, others are already actively taking its place. Watch this space – this is a money making solution and while at the moment the target is unsecured individual PCs, the reality is that this will affect corporations in a big way in the future.
4) Autonomous vehicles and the lack of security standards
Each year more and more automobile manufactures advertise advanced digital systems that they have added to their cars and trucks in order to stay competitive and technically relevant. From promises of ‘hands-free’ driving to providing an in-house internet experience to passengers when they are in their automobiles!
While this is exciting, it also creates a brand new attack vector. Consider for a second just how terrifying it would be if any of your car’s online systems were to come under attack while you’re in transit on a highway—or anywhere really. This is something the automobile manufacturers will need to address quickly.
Worse than this, if a virus were introduced in a car’s digital DNA it could ‘leak’ itself into your mobile phone or tablet – which we also connect to these days while driving in the car!
5) Learning to live and operate in the Cloud
As part of a continuing trend, expect to see a greater number of attacks on cloud-based management platforms, workloads and enterprise Software-as-a-Service (SaaS) applications. This, in turn, will cause the majority of companies and organizations to reassess their security budgets and redistribute a greater portion of it to cloud-based security, which could weaken the level of security on traditional servers and desktops.
The reality is that more and more systems are going to be hosted in the Cloud or Hybrid Environments where some systems will be in your premises, some with AWS, some at Azure and some others with Dell/EMS etc. This means that not only do you have to worry about your environment being secure, you also need to worry about your partner hosting environments also being secure and hacker-proof.
6) Password hygiene @ Client and Server end will be challenging
Major password breaches at established Internet Services organizations such as Twitter and Yahoo should have scared all of us into a greater awareness about our password hygiene. These breaches will continue in 2018++. At the core of the issue is our human tendency to re-use the same password across multiple accounts. Meaning with just a single compromise, the hacker gains access to passwords across multiple other accounts as well.
The right behaviour for all of us should be to use varied passwords or password sequence, and whenever possible to use two-factor authentication or other biometric recognition technologies. These technologies are becoming more and more mainstream and worth investing in. Using multiple biometrics across all devices by clients and employees can help mitigate this risk but all of this comes at a cost.
7) Social engineering attacks on employees will continue to grow
With companies and organizations across the world spending more and more time on their digital security strategies, cybercriminals have been forced to become increasingly creative in their attacks. We are now entering an era where Social Engineering Attacks are reaching the level of an art form.
Social Engineering is a tactic where cybercriminals attempt to create a believable cover from which to breach a network or to take advantage of a known vulnerability. In this context, it’s usually an email-based phishing attack which impersonates an employee’s co-worker or superior in a believable-enough way to get them to click a link or open an attachment—though it can take other forms as well.
It’s absolutely crucial that all companies and organizations spend time and resources training all their employees on threat detection and how to handle anything suspicious that gets sent their way.
8) Open Source risks
The move to Open Source has been an amazing change in the world of Information Technology over the past 20 years with the early advent of Linux in the late 90s to the myriad number of systems, applications, software development enablers and applications. How does one protect and ensure that code and functionality that is being developed by many of the commercial organizations is not fraught with some time bomb(s) hidden within the code? IT teams in organizations will need to develop new techniques, skills and processes to ensure that this new vulnerability does not destroy their organization in the days, weeks, months and years after the code is released into production.
9) Commercialized anti-DDoS will emerge
This is a threat with the potential to affect entire countries—not just companies and industries. Recently, we’ve seen DDoS (Distributed Denial of Service) attacks in excess of 100’s of GB. This is a staggering amount of power on the part of the attacker. These attacks can take entire server farms down for as long as they continue to be executed, and put companies and organizations at the mercy of their attackers.
It’s only a matter of time before a start-up is formed in a largely unregulated country that can directly attack or patch botnet systems. This will mark a new chapter in the history of cyber warfare as it will give lesser developed countries access to a powerful weapon while forcing entire nations to reckon with the threat.
10) The attack of the Bots
The future looks amazing with the advancement in technology and programming languages. There is an opportunity truly to turn many of the science fiction and Hollywood imaginations into realities.
Humans can handle exception processing and reasoning better than machines can ever do. However, machines can handle repetitive processes which are voluminous much better than humans can ever do. And the one place where ‘software robots’ can truly make a difference for the better is in handling repetitive client requests and manual processing AND unfortunately this strength is also going to be aimed at bombarding networks and millions of servers and routers in the ever expanding world of connected devices. This means that going forward the amount of DDoS attacks will multiply at an alarming rate – and ‘HW based software patching’ will continue to pose a big challenge for the large hosting organizations, as they try to manage the growing number of devices and automatic software updates. The Attack of the Bots is coming at a theatre near you – shortly.
Published in Cyber securityTagged under business Cyber Security cybercriminals digital security strategies internet IoT Ransomware technology back to top