2017 is the year you take con­trol of your se­cu­rity in­tel­li­gence, aware­ness

Kuwait Times - - TECHNOLOGY -


As we ap­proach the year-end at­ten­tion of course turns to what we can ex­pect to see in 2017 and what we are se­cu­rity pro­fes­sion­als need to be pre­pared for.

In many ways, 2016 was very much the ‘Year of the Ran­somware Threat’, and it is very hard to see that chang­ing much next year. Af­ter all most cy­ber­crime is driven by hard cash and the fact re­mains that most ran­somware and ex­tor­tion at­tacks are suc­cess­ful.

Es­ti­mates from the FBI sug­gest ran­somware could be worth $1 bil­lion this year but the agency pointed to a jump in cases where vic­tims re­ported big­ger losses, and also hinted that the ac­tual ran­som pay­ment to­tals may be even larger since many choose not to re­port the crime.

So ran­somware and ex­tor­tion is not go­ing away in 2017, but what else can we ex­pect next year?

First, in 2016 there were some very high pro­file Dis­trib­uted De­nial of Ser­vice (DDoS) and we can ex­pect to see even more in 2017 with crim­i­nals mak­ing more use of tech­niques like Mi­rai to lever­age IoT and net­worked de­vices to am­plify their at­tacks. These sorts of DDoS at­tacks pow­ered by cheap, in­se­cure IoT de­vices could be­come more com­mon, but they are also likely to be­come less lethal sup­pli­ers har­den their de­fenses and de­vice man­u­fac­tur­ers adopt iden­tity-based se­cu­rity to close vul­ner­a­bil­i­ties.

Sec­ond, I ex­pect there will be a change in ap­proach by the crim­i­nals us­ing DDoS ex­tor­tion at­tacks. Not only will they con­tinue to go af­ter larger de­mands for pay­ment, but also they will uti­lize mal­ware like Mi­rai to tar­get net­work en­abled de­vices like routers and re­mote cam­eras to am­plify the at­tacks and make them more pro­longed and adap­tive. We are be­com­ing more used to the In­ter­net of Things, but what if crim­i­nals turn this against us to de­mand money via ex­tor­tion at­tempts? We have al­ready seen IoT linked at­tacks in 2016 and this can only in­crease in 2017.

Third, in all the ‘ex­cite­ment’ of IoT and DDoS at­tacks we can­not af­ford to lose sight of the con­tin­u­ing threat caused by data breaches. Whether de­lib­er­ate or ac­ci­den­tal, data breaches cost busi­nesses mil­lions of dol­lars each year in loss of busi­ness; brand dam­age and rep­u­ta­tion. A re­cent IBM study found that the av­er­age cost of a data breach has hit $4 mil­lion-up from $3.8 mil­lion in 2015.

But while these three are likely to be the most com­mon threats faced in 2017, it is im­por­tant to men­tion how some threats are more rel­e­vant to some or­gan­i­sa­tions than oth­ers. The most tar­geted sec­tors in­clude health­care, fi­nan­cial ser­vices, re­tail, and com­mu­ni­ca­tions and me­dia.

But in no way can any busi­ness or in­di­vid­ual af­ford to be com­pla­cent. It is crit­i­cal that you un­der­stand your in­di­vid­ual threat model and plan in case the worst does hap­pen. You also need to mon­i­tor in­side and out­side of your net­work and look at the threats re­vealed through the eyes of an at­tacker. Only then can you be­ginto en­sure you have enough in­tel­li­gence and aware­ness to man­age the risks ef­fec­tively for when the in­evitable at­tack hap­pens.

All in all it’s crit­i­cal that you make sure 2017 is the year you take con­trol of your se­cu­rity in­tel­li­gence and aware­ness.

Alas­tair Pater­son, CEO and Co-founder of Dig­i­tal Shad­ows

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.