Last updated: 19 December 2016
Cyber security is one of the hottest topics in business right now. There are high profile hacks occurring weekly, and attacks are growing in sophistication. We recently convened a panel of experts and leading commentators to discuss the most pressing issues in infosec.
Collectively they painted a bleak picture of what we can expect in the months and years to come. But equally, they were optimistic about the steps companies and employees can take to mitigate the threats.
Education is needed at the highest level
While the C-suite is certainly advancing its understanding of the cyber security threat, management still do not know what to do about it. This is partly due to lack of knowledge but also because they do not know how much resource to allocate to protection. It’s only when breached do companies radically ramp up their investment in security.
Political actors cannot be discounted
While for the time being state sponsored attacks appear to target specific interests, it’s not outside the realm of possibility that more enterprises fall victim to attacks from other nations. Disrupting services, IP theft and eroding trust are major motivations for this type of attack.
Attacks are getting bigger and more sophisticated
Our contributors expressed concern that 2017 could see even more large-scale data breaches. Jason warned that we could see even more advanced hacking techniques, while Peter predicted that we’ll see more “manipulation of the data that is accessed”. Data tampering doesn’t just have the potential to cause serious disruption to an organization, but it can also threaten the stability of entire financial markets. To protect data integrity, it’s so important that companies secure their data with effective encryption, tokenization and authentication.
Ransomware could rise in prominence
Over the last few years, we’ve seen ransomware attacks become more common. This type of attack involves hackers shutting down a network, encrypting the data and demanding funds to restore access. Sadly, the targets are increasingly public services like hospitals, and vital patient data has been cut off. According to our cyber security experts, these attacks aren’t going to go away in 2017.
The vulnerabilities of the IoT
We’ve discussed the importance of IoT security on the blog before. The increasing number of connected devices means there is more data in the cyberspace, bringing more opportunities for hackers. As Jason points out, “the proliferation of the IoT means hackers have a seemingly infinite number of different attack surfaces”. Peter agreed that IoT security is difficult to control, and effective solutions must consider both the software and hardware aspects. That’s why it’s crucial that all stakeholders in the IoT ecosystem, manufacturers, MNOs, authorities, are fully aware of the security risks.
If we can’t find a solution for IoT security, and attacks become more common, as our contributors predict, then what are the implications for the connected car? With tech giants and car manufacturers developing driverless vehicles, linked up to the Internet, it’s possible cyber-attackers could seize control of automotive systems. Neira wondered if 2017 would be the first time a physical injury or worse would be caused by a malicious attack on an IoT device.
For those of us who work every day with technology, these trends may seem familiar. What’s interesting is that despite many knowing the types of threats that exist, the attacks just keep coming. According to our data, 3.7 million records are compromised each day. While many of these attacks could have been avoided through secure authentication and encryption, responsibility also lies with the individual that often inadvertently opens the door to hackers.
Peter Singer is hoping to combat this by bringing together cybersecurity experts to meet with Hollywood writers and producers. The idea is to find ways to credibly inform the public about cyber security threats through the stories films and TV shows tell. This previously worked with health initiatives like cancer screening, and it’s hoped that by educating the public through fiction real life attacks can be avoided.
Our Cyber Investigator Chronicles comic takes this approach. Here we see a fictional CEO duped into entering his username and password on a fake site. Once the hackers have this information they can get onto the corporate network, escalate their privileges and begin syphoning away data.
What do you think are the main threats coming up in the next year? Let us know in the comments below or @Gemalto.