2017: Cybersecurity At A Turning Point

Uploaded on 2017-01-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cybersecurity threats are becoming more intelligent, autonomous and difficult to detect, creating an urgent need for accountability. 

In today’s society, the digital footprint of both businesses and individuals is increasing dramatically. Although the expansion of this digital landscape has presented exciting opportunities for many, it has also resulted in a growth of the potential attack surface for cyber-criminals.

In this digitally changing climate, everything has become a target and anything can be a weapon. On the front line, we’re seeing cyber-security threats becoming more intelligent, autonomous and difficult to detect, creating an urgent need for accountability, at multiple levels, in order to avoid detrimental effects for the global digital economy. As cyber threats evolve, so must the way that we react to and deal with them.

The following predictions are from the FortiGuard Labs threat research team, made up of over 200 expert researchers and analysts from around the world who discover, study and protect against the latest cyber threats. Using data collected from more than two million sensors around the globe, they protect more than 290,000 organisations a day.

1.    From smart to, Smarter: automated and human-like attacks will demand more intelligent defence

Until now, the majority of malware has only been programmed with a specific objective or set of objectives. Cyber-criminals have counteracted the limits of this by either targeting a specific target or sending vast amounts of malware simultaneously in the hope that it will eventually find itself on a device that it can exploit.

However, in 2017, we predict the development of malware designed to be ‘human-like,’ in the sense that it will be increasingly adaptive, programmed with success-based learning.

This new malware, which utilises a code that is a precursor to artificial intelligence, will be situation-aware and therefore able to identify targets, choose methods of attack and, most importantly, avoid detection. As this malware is designed to proactively spread between multiple platforms, attacks will be more efficient with a larger variety of victims.

2.    Internet of Things (IoT) manufacturers will be accountable for security breaches

With over 20 billion IoT devices predicted to be online by 2020, an increase in the number of attacks targeting them is inevitable. In the past, cyber-criminals have had much success simply exploiting known credentials such as default usernames and passwords. However, our prediction is these attacks will be designed specifically to exploit the weaknesses of the IoT communications and data gathering chain.

If manufacturers do not better protect their devices, then consumers will come to fear cyber-security threats, will be less likely to purchase them as a result, leaving a potentially devastating effect on the digital economy.

FortiGuard Labs predicts that device manufacturers will be held more accountable for their devices by consumers and vendors alike.

3.    20 billion IoT devices are going to be the weakest link in cloud security

Today, the use of cloud-based computing, storage and processing is rapidly increasing. The weaknesses in cloud-based security do not lie in its architecture. They instead lie in the ever-increasing number of endpoint devices accessing cloud resources.

Cloud security relies upon controlling which devices can access a network and how much they can access. Attacks which exploit endpoint devices, and can target and breach cloud providers, will therefore increase dramatically in 2017. Malware could also be injected into the cloud-based offerings by compromised endpoint devices in a process known as cloud poisoning.

This breach of cloud security could radically affect the current mass migration to the cloud and organisations will, instead, adopt increasingly fabric-based security strategies.

4.    Attackers will begin to turn up the heat in smart cities

The essential components of smart cities, such as intelligent traffic control, on-demand streetlights and building automation systems, are all created in an effort to further increase convenience for humans. However, by creating a community that is so interconnected online, you also create a huge surface for potential cyber-attacks.

By increasing the number of integrated systems in a city, you also increase the potential for civil disruption on a massive scale if any of them are compromised. FortiGuard Labs predict that, as these systems are considered a high-value target for hackers, attacks are likely to increase.

5.    Ransomware attacks will bring higher costs

It’s worth noting that many old threats are returning as slightly different variants. While ransomware is not a new occurrence, the market for it is growing and changing.

2017 will bring an increase of ransomware against high profile targets, such as celebrities, political figures and large organisations. These attacks are likely to include a collection of personal and sensitive data that can be used to blackmail the victim. We also expect the ransom costs for these attacks to get much higher as a result.

Automated attacks will also become more common, as they allow hackers to cost-effectively manage their schemes by demanding a small amount of money from large numbers of victims simultaneously.

6.    Technology will have to close the gap on the critical cyber skills shortage

Nowadays, almost any business looking to establish itself needs to be online in some shape or form. However, this growth of online presence is surpassing the number of skilled cyber-security professionals. Therefore, many organisations establishing themselves online for the first time lack the experience and training to develop a suitable security policy and protect critical assets which now move freely between network environments.

Our final prediction is that this lack of in-house skilled cybersecurity professionals will result in organisations turning to consulting services or security service providers in order to establish and protect themselves online.

The expanding attack surface created by cloud technology and IoT devices, combined with the global shortage of cyber-security talent continues to drive cyber threats. The pace of these changes is unprecedented; resulting in a critical tipping point as the impact of cyber-attacks are felt well beyond their intended victims in personal, political, and business consequences.

Going forward, the need for accountability at multiple levels is urgent. Without swift action, there is a real risk of disrupting the progress of the global digital economy.

ITProportal:                    Information Commissioner talks GDPR and accountability:  

What Does Brexit Mean For British Data Privacy?:

 

 

« ‘Magic’ Ransomware Is Based On Open-Source Code
Internet Has Changed The Media Business Model »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

Cryptovision

Cryptovision

cv cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

ITsMine

ITsMine

ITsMine’s Beyond DLP™? solution is a leading Data Loss Prevention (DLP) solution used by organizations to protect against internal and external threats automatically.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

Bulletproof Solutions

Bulletproof Solutions

Bulletproof provides IT expert support, services, and guidance to businesses small and large as they grow and adapt to today’s complex IT, cybersecurity, and compliance needs.