Cyber attacks dominated the headlines in 2016. The tentacles of cyber threats span the globe and every industry; cyberwarfare involving critical infrastructure services, massive data breaches where troves of emails and data were stolen, and blackmarket ransomware attacks that have taken over control of critical IT systems - only to be released after the ransom sums were paid.
Over two billion records were stolen in 2016. The hacking of records and emails from the Hillary Clinton campaign and the US Democratic National Committee were just a handful of high-profile hacks that roiled businesses and individuals in 2016. Data breaches to businesses such as Yahoo, LinkedIn, and numerous others comprised millions upon millions of Personally Identifiable Information (PII). PPIs consist of personal data used to distinguish or trace a person’s identity. It includes not only things such as their name, social security number, biometric records, etc., but it also other data like an individual’s photographic image, fingerprints, handwriting, facial geometry, passport information and credit card numbers.
The cyber-threat landscape is much larger than hacking and data breaches. Concerns of cyber espionage between nations were ratcheted up even further with attacks across borders and involving myriad governmental agencies. It’s not simply data and hacking. It also involves critical infrastructure services such as the attack on the Ukrainian power grid by Russian hacker with attacks extending beyond data centers and traditional endpoints to Internet of Things (IoT) devices and SCADA networks.
Cybercriminals also ramped up their use of ransomware and DDoS (Distributed Denial of Service) attacks in 2016 to threaten and extort money from victims in exchange for stopping the attacks or allowing them to rescue locked files. These attacks became huge issues for infrastructures like utilities and hospitals.
The Threat Landscape in 2017
So, with all of this in the background, there should be much trepidation across industry segments and for organizations of all sizes as we move into 2017. Much of what we saw in 2016 will evolve in complexity and scope in 2017. Cybercriminals continue following the money trail, with ransomware and DDoS attacks becoming more widespread and increasing in scope and severity. The following are areas where organizations should pay special heed in 2017:
1. Advanced Threats Targeting the Cloud
There has been a significant shift in advanced threats bypassing perimeter defenses and extracting or holding sensitive data hostage using malware and ransomware. These attacks became highly personalized this past year, improving their ability to evade detection by corporate networks and the basic security controls included in cloud applications. As the adoption of cloud apps and services accelerate in 2017 and push vital services and data outside organizational control, so will the risk of information-borne leaks and malicious attacks entering.
2. Evolution of Ransomware: Changing Data and Destroying Backups
Ransomware has evolved from simple malware to more persistent attacks. One way organizations thwart ransomware attacks are to have a solid backup plan in place. Specifically, the ability to replace encrypted data negates the extortion attempt. However, cybercriminals are getting smarter and going after backups prior to encryption. Most attempts focus their efforts on local backups, but there is evidence these will spread to cloud backups and even include the manipulation or deletion of data. The threat is agnostic; the same techniques that work on-premise also work in the cloud. We will also see continued growth in cyber criminals not compling with the release or re-encrypting the critical data at some point later in time - even after they were paid. You can’t trust a cyber-criminal!
3. GDPR Compliance Impact on Business
Though the EU’s General Data Protection Regulation (GDPR) will not take effect until May 2018, it will most certainly impact cybersecurity in 2017. Those affected by GDPR: any organization anywhere in the world which handles PII for EU citizens. To prepare for GDPR, organizations must conduct a thorough audit of their current and future processing of personal data and begin implementing solutions, to protect it, today. With Data Protection Impact Assessments (DPIA) mandated by GDPR for high-risk processing, organizations that qualify must begin those processes in 2017 to meet the deadline in 2018.
4. Increased Demand for Data Privacy and Data Breach Accountability (Cyber Insurance)
Interest in data privacy is not relegated to just the EU. Government entities are paying increased attention to data privacy, with organizations such as the Federal Trade Commission in the U.S. becoming increasingly active in pursuing companies for violation of security failures and failing to adhere to privacy laws – existing and new. Recognizing they are accountable for data breaches, businesses are turning to cyber insurance in large numbers. The cyber insurance market doubled in size from 2012 to 2015, topping $2 billion. Industry analysts believe that number could hit $6 billion by 2020; recognizing the risk of data breaches and their financial implications, executives are seeking insurance policies to ensure their businesses are protected in the event one occurs.
5. Shadow IT: No Longer Laissez-faire
Organizations have taken a fairly laissez-faire approach to shadow IT, unofficially (or unknowingly) permitting employees to leverage cloud apps and services such as Dropbox, Box, Microsoft OneDrive, Slack, JIRA and Google Drive. But if you cannot see cloud services being consumed or confidential data leaving through them, then you cannot see the risk. How big of a problem are we talking about? On average, organizations have up to 20 times more cloud apps and services running within their environment than what has been authorized by the IT department. Seventy percent of executives and IT managers say they don’t know how many cloud apps and services are running in their environments. Cloud storage and file sharing applications are highly problematic, with nearly one-quarter being shared and 12 percent of those containing compliance-related data or confidential data.
6. Cyber Espionage and Warfare
The U.S. Defense Department participated in a Cyber Guard drill in 2016 that was intended to prepare troops and cybersecurity officials throughout the government for the possibility of infrastructure attacks by an enemy or non-state actor. One of the outcomes included pinpointing areas where remediation was needed, and it plans to continue the program in 2017. Cyber espionage and warfare are global issues. Attacks are increasingly being reported from North Korea, China and Russia not only involve the stealing of intellectual capital but infiltrate and manipulate critical infrastructure services such as the case with the Ukrainian power grid.
7. Hacktivism and Content Censoring.
2016 was the year when hacktivism came to the forefront. The U.S. presidential election was one instance of many. Fake news such as “Pizzagate” – spread virally on social media – in the political and social arenas rose to new heights in 2016, and signals point that it will continue to grow in 2017. This is also giving rise to content censoring by social networks and foreign governments along with a vigorous debate on whether they should do so.
8. Proliferating Web & Mobile App Leaks.
Mobile security remains a serious problem. A new report shows that more than 200 mobile apps and websites leaked PII in 2016. Consumers and business professionals are putting more and more of their PII into their mobile apps, including financial information, and cybercriminals are paying heed.
9. Email Security Threats.
Ninety-one percent of cybersecurity attacks begin with a single email. Traditional antivirus solutions cannot detect or prevent phishing attacks. Cybercriminals employ phishing attacks such as the one that targeted the U.S. Democratic National Party and Podesta to gain access to other users or systems. At the same time, they can deliver malware via email and gain a foothold and operate without any knowledge for weeks, months or even years. This is not just corporate email, but also personal (web-based) email which is opened on the corporate networks.
Getting Ready for 2017
Organizations wishing to get ahead of the cyber security challenges in 2017 must ratchet up their cyber defense with an unprecedented level of inspection. A level that not only adapts to new threats, but also is trusted by leading government agencies and defense departments around world to detect, dissemble and thoroughly sanitize digital activity in real-time flowing in and outside the organization.