2016 proved to be another year of devastating data breaches, spanning across multiple industries, across both large and small companies alike. There have been many sobering moments throughout the year, validating once again, that no one is immune to sophisticated cyberattacks.
According to the Identity Theft Resource Center, as of October 19th of this year there were 783 reported breaches, exposing more than 29 million records (please note this number does not include the majority of breaches in which companies did not report the number of records affected). What does this tell us? Data breaches are becoming more prevalent and attack trends show no evidence of slowing down. Again, we see these breaches targeting high-value data – social security numbers, protected health information, credit and debit card numbers, phishing, subcontractor/third party breaches, even email, password and other user access information.
As we look ahead into 2017, we expect to see the following security threats and trends:
As attacks on mobile devices continue to grow, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern. The recent nation-state sponsored attacks on journalists’ mobile phones means that these attack methods are now in the wild and we should expect to see organized crime actors use them.
Industrial Internet of Things (IoT)
In the coming year, we expect to see cyberattacks spreading into the Industrial IoT. The convergence of informational technology (IT) and operational technology (OT) is making environments more vulnerable, particularly the operational technology or SCADA environments. These environments often run legacy systems for which patches are either not available, or worse, simply not used. Manufacturing, as an industry, will need to extend both systems and physical security controls to a logical place and implement threat prevention solutions across both IT and OT environments.
Critical infrastructure is highly vulnerable to cyberattack. Nearly all critical infrastructure, including nuclear power plants and telecommunications towers, was designed and built before the threat of cyberattacks. In early 2016, the first blackout caused intentionally by a cyberattack was reported. Security planners in critical infrastructure need to plan for the possibility that their networks and systems will see attack methods consistent with multiple potential threat actors, including nation-states, terrorism and organized crime.
For enterprises, ransomware will become as prevalent as DDoS attacks, the prevention of which is a cost of doing business. Given ransomware’s success, enterprises will have to employ a multi-faceted prevention strategy, including advanced sandboxing and threat extraction, in order to effectively protect their networks. They will also need to consider alternative ways to cope with the people who launch ransomware campaigns. Such methods would include coordinated take-downs with industry peers and law enforcement, as well as the establishment of financial reserves to speed payments, if that is the only mitigation option. We will also see more targeted attacks to influence or silence an organization, with “legitimate” actors launching such attacks. The current U.S. Presidential campaign shows this possibility and will serve as a precedent for future campaigns.
As enterprises continue to put more data on the cloud, providing a backdoor for hackers to access other enterprise systems, an attack to disrupt or take down a major cloud provider will affect all of their customers’ businesses. While generally disruptive, it would be used as a means to impact a specific competitor or organization, who would be one of many affected, making it difficult to determine motive. There will also be a rise in ransomware attacks impacting cloud-based data centers. As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure, through either encrypted files spreading cloud to cloud or by hackers using the cloud as a volume multiplier.
Data from the recent Check Point Security Report presents a complex and, in some respects, very alarming picture for information security in 2017. As far as mobile, cloud and IoT are concerned, the tipping point came and went a long time ago – these technologies are an integral part of doing business, and cybercriminals have adapted their techniques accordingly. What’s scarier, hackers are keeping up with the technology when it comes to malware and ransomware, releasing new variants on a minute by minute basis. The days of signature-based antivirus being enough to screen out malware are long gone. Using these predictions, organizations can develop their cybersecurity plans to keep them one step ahead of emerging cyber-threats and prevent attacks before they have the opportunity to inflict damage.