Tuesday, two separate reports showed how the cyber security landscape will evolve in 2017.
The Information Security Forum (ISF), a global, independent information security body, has shared top four global security threats that businesses will face in 2017.
According to the body, which is considered the world’s leading authority on cyber security and information risk management, businesses would face following risks:
The Internet of Things (IoT) adds unmanaged risks
Connectivity is now so affordable and prevalent that sensors are being embedded everywhere, increasing the flood of data and creating an ecosystem of embedded devices that are nearly impossible to secure.
ISF said this will raise issues not just over privacy and data access, but also will expand the threat landscape exponentially, increasing the security burden for many organizations that are unaware of the scale and penetration of internet enabled devices that are deploying IoT solutions without due regard to risk management and security.
Crime syndicates take a quantum leap
The forum warns that criminal organizations will continue their ongoing development and become increasingly more sophisticated.
The complex hierarchies, partnerships and collaborations that mimic large private sector organizations will facilitate their diversification into new markets and the commoditization of their activities at a global level.
ISF notes that organizations will struggle to keep pace with this increased sophistication and the impact will extend worldwide.
Rogue governments will continue to exploit this situation and the resulting cyber incidents in the coming year will be more persistent and damaging than organizations have experienced previously, leading to business disruption and loss of trust in existing security controls, it warned.
Government and regulators won’t do it for you
In 2017, the number of data breaches will grow along with the volume of compromised records, becoming far more expensive for organizations of all sizes.
Costs will come from traditional areas such as network clean-up and customer notification as well as newer areas such as litigation involving a growing number of parties.
Public opinion will pressure governments around the world to introduce tighter data protection legislation, bringing new and unforeseen costs.
International regulations will create new compliance headaches for organizations while doing little to deter attackers.
The role of the end user – the weakest or strongest link in the security chain
In the coming year, organizations need to place a focus on shifting from promoting awareness of the security “problem” to creating solutions and embedding information security behaviours that aﬀect risk positively.
The risks are real because people remain a ‘wild card’. Many organizations recognize people as their biggest asset, yet many still fail to recognize the need to secure ‘the human element’ of information security. In essence, people should be an organization’s strongest control.
“The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations. In 2017, we will see increased sophistication in the threat landscape with threats being tailored to their target’s weak spots or threats mutating to take account of defenses that have been put in place,” said Steve Durbin, Managing Director of the ISF.
Cyberspace is the land of opportunity for hacktivists, terrorists, and criminals motivated to wreak havoc, commit fraud, steal information, or take down corporations and governments.
“The solution is to prepare for the unknown with an informed threat outlook. Better preparation will provide organizations of all sizes with the flexibility to withstand unexpected, high impact security events,” Durbin added.
Also on Tuesday, a report from Trend Micro showed that evolving technologies will introduce new threats in 2017.
“Next year will take the cybersecurity industry into new territory after 2016’s threat landscape opened doors for cybercriminals to explore a wider range of attacks and attack surfaces,” said Raimund Genes, chief technology officer for Trend Micro.
“We foresee the General Data Protection Regulation (GDPR) causing extensive data management changes for companies around the world, new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.”
In 2016, there was a large increase in Apple vulnerabilities, with 50 disclosed, along with 135 Adobe bugs and 76 affecting Microsoft.
This apparent shift in exploits against vulnerable software will continue in 2017 as Microsoft’s mitigations continue to improve and Apple is seen as a more prominent operating system.
The IoT and Industrial Internet of Things (IIoT) will play a larger role in targeted attacks in 2017. These attacks will capitalize upon the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as we saw with Mirai.
The increasing use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organizations.
Trend Micro further said Business Email Compromise (BEC) and Business Process Compromise (BPC) will continue to grow as a cost-effective and relatively simple form of corporate extortion.
A BEC attack might yield $140,000 by luring an innocent employee to transfer money to a criminal’s account. Alternatively, hacking directly into a financial transaction system, while requiring more work, will result in far greater financial windfalls for criminals – as much as $81 million.
“We continue to see cybercriminals evolving to the changing technology landscape,” said Ed Cabrera, chief cybersecurity officer for Trend Micro.
“While new ransomware saw an exponential increase in 2016, that growth is no longer sustainable, so attackers will find new ways to use existing malware families. Similarly, changes in IoT open new doors to go after additional attack surfaces, and software changes push criminals toward finding different types of flaws.”