Author: Jason Rebholz
Spear phishing and ransomware attacks dominated the headlines in 2016, a reminder that hackers are only as sophisticated as they need to be: it’s the simplicity of these attacks that makes them so effective. Given the extraordinary success of these attacks, we expect they will continue to be a source of pain for organizations in 2017.
At the same time, advancements in stealth techniques will allow threat actors to better infiltrate, operate, and hide in environments. As security technology advances, attackers will find new ways to gain and maintain access in environments.
With this in mind, here are the top cybersecurity trends to watch in the year ahead:
The Internet of Things (IoT) is exposing organizations and consumers to greater risk.
- Distributed Denial of Services (DDoS) attacks for extortion are making a comeback and going to be a quickly rising attack vector in 2017. Default credentials and other vulnerabilities in IoT devices are the main causes of these issues.
Ransomware is not going away anytime soon.
- Criminals will continue to enter into and play in this lucrative business. Security companies may find better techniques to mitigate the impact of ransomware but having solid backups of critical systems and files is still a priority in preparing for ransomware attacks.
- We will probably continue to see ransomware impact other aspects of our lives by targeting IoT devices and other critical systems. An example of this is the recent ransomware incident that affected the San Francisco transit system in late November, 2016.
Three sectors in particular are becoming more vulnerable.
- They are healthcare, retail, and service industries. Of note, these industries have seen a recent influx of the use of IoT devices and with ransomware on the rise this could impede on business uptime. Additionally, while the retail industry has benefited from better security for credit card transactions, the unique security challenges of protecting real-time logistics data and other valuable information that is accessed from multiple locations will continue for this sector.
There are new hackers “on the block.”
- There is more publicity around hackers originating from Eastern Europe, China, and more recently the Middle East. That does not mean hackers do not exist anywhere else, it is just the larger scale attacks can often be attributed back to those countries.
- Many regions of the Middle East and Africa are the fastest growing “new kid on the block.”
Yes, the number of cyberattacks will continue to grow.
- It is highly lucrative for cyber criminals, the barrier to entry is low, and there tend to be few risks based on the geographic region attacks originate from.
- As we continue to manufacture and adopt technologies that interconnect people or sensitive data, criminals will continue to identify avenues for attack.
- More companies are also paying attention to cybersecurity as part of M&A for the simple reason that they need to know what they are buying. The Yahoo / Verizon deal is a prime example of how an existing breach can change terms.
- Cyber criminals will also find more efficient ways to profit from stolen data. Expect to see some very entrepreneurial and innovative methods to leverage stolen data in 2017.
Cybersecurity will continue to be viewed as a business risk with increased focus from Executive teams.
- The C-Suite will have an increased willingness to invest in risk management services, such as cyber insurance and table top exercises to better prepare their organizations should a cyber event occur.
But merely following these trends is an exercise in futility without the proper preparation. Here are steps you can take to help mitigate cyber threats.
Get to know your own risks.
- Small to mid-size businesses commonly deploy weak authentication mechanisms for remote access and email.
- Is your organization utilizing deprecated or old web applications that are not being updated/patched and can become vulnerable over time?
- How stringent are your configurations for cloud services, including authentication and authorization, and how often are these rules audited?
- Evaluate the risks you may be vulnerable to from partners or downstream providers.
Be mindful of international differences.
- Countries outside of the United States and other developed nations may be using outdated software and operating systems, and are usually more lax about security. If you are expanding to new markets, review regional cyber laws to determine if they will impact security in any way. Certain regions (the EU for example) have strict guidelines as to what a company can/must do with customers’ data.
Create and embrace a culture of security that begins with the C-suite.
- An organization’s culture can both positively and negatively impact security. Some organizations may allow too much access, which leaves information susceptible to attack or theft. There needs to be a balance of usability and security, something that many organizations struggle to find.
- Many organizations still do not receive the security budget they need to adequately defend their environment. A lack of training and understanding of basic security measures compounds that issue. Education on the risks should to start at the C-suite and board level.
- Dedicate time to better understanding your cyber insurance policies and to conduct regular assessments of your cybersecurity preparedness.
Secure your IoT and Cloud devices.
- With growth of attacks on IoT devices, take these steps to make them more secure:
- Change default credentials on devices.
- Be smart about what devices are allowed to connect directly to the Internet.
- Update IoT software/firmware to prevent known vulnerabilities.
- Go green and stop Internet pollution by disabling or limiting access to commonly exploited services such as Chargen, NTP, or DNS.
- Cloud computing is vulnerable and requires a separate skill set to secure. The biggest issue with Cloud computing is that traditional security controls generally do not apply in the Cloud.
- Some of the largest areas for improvement in the cloud:
- Authentication (use two-factor authentication).
- Authorization (Don’t use global admin accounts).
- Auditing (Make sure logs are being collected before you need them).
Take these steps to secure personal and business data:
- Encryption: Information on smart phones can be protected through encryption (if you lose your phone) and safe browsing habits (e.g. not clicking on suspicious links or texts). Attacks against smartphones will likely rise as attackers focus more effort on this. The issue with personally identifiable information (PII) on websites is that you rely on the company to protect that information, something many companies struggle with. This will continue to be an issue well into the future.
- Secure payments: Mobile credit card readers like Square provide an added level of security and force attacks to either cover physical skimming devices or an attack against the company (Square or equivalent). This is due to a direct connection from the swipe device to the processor (in the case of Square).
- Alternate payment methods allow for better security in online shopping from the consumer level (a credit card may not be directly affected - think ApplePay). There are more security products and techniques available to merchants to better protect their e-commerce solution. With the rollout of various brick and mortar protections such as end to end encryption and tokenization, e-commerce will become a greater target and potentially be caught off guard by the sudden influx of attacks.
- Safe business travel: When traveling for business, ensure that your devices are encrypted and that you are communicating over a VPN when connected to the Internet.
- If traveling to a high risk area, such as Russia or China, consider using a burner laptop that can be re-imaged or discarded afterwards.
Targeted threat actors routinely harvest credentials for privileged accounts. The primary goal of this is to leverage the privileged accounts to further their mission of moving through the environment and harvesting card holder data. Organizations should consider the following to manage privileged accounts:
- Remove administrative privileges from normal user accounts – this can help mitigate attacks early on as threat actors attempt to elevate privileges.
- Implement a password vault – credentials for privileged accounts should be stored in a password vault and “checked out” as needed. This allows passwords to be routinely changed and provides an audit trail for access to privileged accounts. To take it further, organizations should require multi-factor authentication to access the password vault.