Ransomware to Emerge as Gravest Security Threat In 2017
Thomas Fischer is the global security advocate at Digital Guardian, a data protection platform designed to stop data theft. Here he shares his insights for 2017, including what he views as the biggest threats and his top three predictions for the coming year.
Top Three Cyber-Security Predictions
1. IoT -- "We will see more attacks on the IoT including ransomware attacks on connected devices," Fischer says. "Hackers will target home automation devices, medical devices and wearables in order to gather personal data and information. They may also hack the devices in order to edit the readings or data they produce."
2. Ransomware -- "The processing of ransoms will become more automated and more “user-friendly” in 2017," according to Fischer. "Hackers will make their payment systems more like those of an e-commerce site to make it easier for companies to pay their ransoms. Most companies will have a ransomware 'budget' in 2017."
3. Hactivism -- "Hactivism will slowly disappear as the 'shock factor' has subsided. Instead, there will be a continued rise in influencing politics through cyber," Fischer says.
"From a business perspective, the threat of ransomware will be the most disruptive cyber threat in the year ahead," Fischer notes. "Ransomware creates a 'Denial of Access' to the corporate assets. We talk a lot about protecting critical assets (i.e. data), but if a company does get hit with ransomware, it loses access to its data and this in itself can have a significant impact on its ability to do business."
As the next step on from bringing down parts of the web, cyber attackers may look to use the mass IoT botnets to target critical infrastructure, with potentially devastating consequences, Fischer cautions.
"We will see a rise in footprint-less attacks, which are very difficult to detect," Fischer says. "More of these will be capable of bypassing security devices and will be used to exfiltrate data. These attacks work by doing everything in memory, so they leave no trace on the network or endpoints. They are also known as Ghostware."
"We will also likely see more state-sponsored hackers attacking specific mobile devices in order to spy on their owners. The question is whether malicious parties will also use this to blackmail individuals in a large-scale campaign," Fischer says.
Other Cyber Security Trends
Machine intelligence will increasingly be applied to cyber security, Fischer believes. "IT security is moving towards big data and analytics, especially in areas such as threat hunting where it is becoming increasingly difficult to interrogate the data by yourself. We’re expecting to see innovations and focus on data analytics, especially around how data can be manipulated and processed to help with cyber security and threat analysis."
"There is also a big move towards enabling digital payments," Fischer says. "This will no doubt pose a significant threat for business if it is not done properly. Malicious parties may take advantage of misconfigured or badly implement solutions to replay payments. There is also a risk factor against end users as their devices used for digital payments will be more of a target.
So, what can the industry learn from 2016? Three things, according to Fischer:
1. "The use of IoT devices in creating mass botnets took the industry completely by surprise. We definitely knew that the IoT was not secure, but we didn’t see this coming."
2. "Attacks and stories over the course of 2016 have made it blindingly obvious that the user really is the weakest link. We’re going to see more attacks that target that user in the year to come."
3. "We’ve seen lots of statistics about the rising investment in technology and in cyber security, but businesses must make sure that they are investing in the right things and in making sure that it the technologies are being used properly."