After reading these predictions, as yourself, "How safe is my business?
We as individuals and organizations should be aware of the increased risk they face from cyber-attacks as the Internet of Things (IoT) endures to grow in importance. In the coming year, cyber security will continue in its transition from being perceived as an information technology problem to an imperative focus for the entire organization, including distributors, contractors and other third parties which may signify feeble links or contact elements for cyber-attacks. POWERNET America predicts in 2016-2017, the following will bring focus on:
- Digital and touchless mobile payments - As digital and touchless mobile payments take off, cybercrime will shift to the smartphone. With the popularity of near field communication (NFC) and radio frequency identification (RFID) payment systems, such as Apple Pay and Android Pay, many other groups have attempted to roll out their own systems. Banks, credit card groups, specialty vendors, mobile device manufacturers, retail conglomerates, and others have announced their own digital payment system hoping to catch some of the tidal wave of potential future profits. So the next target is mobile payment systems. It is likely that hackers will uncover a serious flaw that will be exploited to the detriment of the payment system and the corresponding banks and merchants, as well as the consumers themselves. A mobile payment system breach would cause significant loss of revenue, loss of privacy, unauthorized charges or money extractions, identity theft, and other related casualties.
- Attacks on wearables – You see them everywhere! These devices often perform a wide range of data metric–gathering functions, including GPS location, activity level, intensity level, heart rate, stress level, shock, movement, altitude, speed, and more. Wearables are usually configured to link up to an online account in order to provide analysis of the recorded metrics and track events across time. This data is at risk! A hack could do everything from taking the data, to manipulating the data, and giving false information. In some cases, this could affect the person’s health.
- Companies will keep their head in the sand - we will continue to see organizations experience compromises that could have been prevented with common sense security solutions or by stress-testing their own implementations. This is due to the lack of attention, or not wanting to invest what they perceive as an added expense. But these are also the loudest to cry after being hacked!
- Attacks through employee systems - Organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies, and remain vigilant. Thus, attackers are likely to shift their focus and increasingly attack enterprises through their employees, by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.
- Social Engineering Attacks on Employees will grow. As cyber security comes to the forefront and social engineering continues to evolve, organizations will invest more in protecting themselves from such cyber-attacks. Hopefully the organization will focus on investing in staff training, and ensuring there are strict consequences for repeat offenders. Employees need to be trained on how to be security savvy when on the company network.
- Cloud Services - Cloud computing is a hot trending technology and with an increasing amount of business confidential information, such services, if exploited, could compromise organizational business strategy, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data, and other data.
- Automobiles - Security scholars will continue to focus on probable exploit scenarios for connected automobile systems deficient foundational security competencies or failing to meet best practice security policies. Cyber security vendors and automakers need to preemptively work together to mature guidance, standards, and technical solutions to shield attack facades such as vehicle access systems, engine control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps, and smartphone access.
- Healthcare – Unless they bolster their HIPAA regulations with something like NIST standards, so that it identifies “mappings” between the NIST Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) and the HIPAA Security Rule. If not, their cyber security will be challenged.
- Small and Medium Businesses – Internet of Things platform vulnerabilities and small and medium-size businesses (SMBs) seeing more attacks. A recent PriceWaterhouseCoopers report revealed that 74% of Small and Medium Businesses (SMBs) experienced a security issue in the last 12 months, and this number will only increase due to SMBs being perceived as ‘easy targets’.
Ransomware is one area where criminals have been monetizing small businesses in a more visible way this year. Previously, payloads – such as sending spam, stealing data, infecting websites to host malware – were far less visible, so small businesses often didn’t even realize they had been infected.
Ransomware is highly visible and has the potential to make or break an SMB if they do not pay the ransom. This is why, of course, criminals are targeting SMBs. Lacking the security budgets of large enterprises, SMBs often apply a best-effort approach to security investments, including equipment, services, and staffing. This makes them vulnerable as hackers can easily find security gaps and infiltrate the network.
On average, a security breach can cost a small business anywhere from $10,000 to $25,000 – a significant loss for any business. It’s important therefore that SMBs take a consolidated preemptive approach to security. This requires a thoughtfully planned out IT strategy to prevent attacks before they happen. Installing software that connects the endpoint and the network will mean a comprehensive security system is in place where all components communicate, and ensure there are no gaps for hackers.
- Smart Home Devices – These devices monitor, record manage, trigger and automate. They control everything from lights, electrical, refrigerator, stove water heater and even your HVAC controls. However, it is likely that a fairly well-implemented smart device ecosystem will be compromised by hackers. A smart device compromise could allow an attacker to gain access to the home, network and remotely control and monitor devices. This could result in data breaches but could also include wasting of utilities or even gain access to your home through the locks. In some circumstances, these compromises could cause physical damage to property or people, especially if they control the water heater, refrigerator or oven.
- Ghostware – This is malware that enters into a system, completes its mission (i.e., stealing data), then disappears without leaving a trace.
- Digital Extortion will become automated - Ransomware is just one example of a “modern” malicious code. Other forms include fake or rogue anti-virus programs, law enforcement Trojans, and elaborate phishing scams aimed at taking over an account or stealing an identity. When combined with doxing, which is another growing trend in malicious activity. Doxing is when someone is researching someone to learn embarrassing secrets, discover illegal activities, or simply reveal private or sensitive information about that person to the public. When you combine these two, you get a new form of digital attack that is automated.
- Drone Security Breaches, UAVs are useful in survey work, videography, sensor readings, journalism, law enforcement, search-and-rescue, research, military, delivery, and farm management. However, hackers only see opportunity to breach a secure business or military location without impunity. In fact a drone could be used to gain access to your wireless network, or possibly to plant monitoring devices, whereby result in granting the hacker/attacker physical or logical access into any target.
- Infrastructure – Cyber war will take out water, electrical and foundational infrastructure. As we seek to reduce our level of exposure to vulnerabilities embedded within outdated infrastructure, you expect an impact on our readiness to protect our infrastructure from the latest and most complex attacks.
- Legislation changes will make businesses responsible - In future, business will face severe penalties if data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security, including the high risk area of employee personal devices.
POWERNET America provides Cyber Security, Concierge CIO Management and Managed IT Solutions that can be incorporated within your management team to assist in the growth your organization, provide Managed IT solutions to modernize your processes and provide a strategy for whatever’s in the future. If you see the importance in growing your organizations productivity and want to look at an efficient model that decreases overhead? To learn more about POWERNET America’s Services today, contact POWERNET today!