Cyber Security Trends in 2017
Big Data is the New Black as businesses increasingly look at ways to derive value from data. Industrial companies that make, move, sell and support physical things are plugging sensors attached to their ‘things’ into the Internet. And the Internet is crammed with a gazillion social media sites of your choice. This presents countless new challenges and opportunities in the areas of Cyber Security, like data governance, standards, safety, and security, to name a few.
But you don’t add strangers to your friend list and do not respond to pokes so you must be safe right? Wrong!
Ok well, I don’t post my pics on these websites. But group pics do get posted by that one selfie-obsessed friend. But that can’t be that dangerous right? Wrong again!
But what can they do with just a pic of mine?
Dear reader, once crossed the threshold of the INTERNET, your picture ceases to become a picture. It is then called as DATA. And Yegor Tsvetkov has just proven what the ‘harmless’ picture is capable of doing.
For six weeks Yegor Tsvetkov, a young St. Petersburg photographer, has been snapping random people and then identifying them on Russia’s biggest social network, Vkontakte with the help of the FindFace app (based on algorithms of self-learning neural networks).
Yegor Tsvetkov’s project titled “Your Face is Big Data,” is an impressive and slightly disturbing project that demonstrates how far off the face recognition software has come. The young gentleman took photos of around 100 complete strangers among the subway commuters in St Petersburg during the six weeks’ period and then put their portraits on the facial recognition app, FindFace to track down their Internet profiles.
Tsvetkov aimed to show how technology can affect privacy, particularly if you don’t activate the relevant settings on your social media profiles. He mentions that nobody seemed to notice that he was photographing them. Although he used a simple camera and didn’t even try to hide it, people did not raise objections or confront him.
Despite the fact that some of his photographs had little resemblance to their online pictures, Yegor was able to find around 70% of the people he snapped. “Your Face is Big Data” is a clear illustration of the future that awaits us if we continue to disclose as much about ourselves on the Internet as we do now. The Cyber World is like the forbidden fruit. It can give you all the knowledge that you could possibly want. But if you are irresponsible, the repercussions are huge and disastrous. Especially in the new year, where experts believe that 2017 is the year hackers begin innovating with their techniques. Here are a few trends that they predict will rule the cyber Security domain in 2017.
DDoS Attacks on IoT Devices.
In the race to get the lead in IoT, security has taken a back seat and cyber-criminals are having a field day. They will increasingly target all manner of Internet-connected endpoints such as surveillance cameras and employ them in DDoS attacks. According to Gartner, worldwide spending on IoT security has reached $348 million this year, and it will climb to $434 million in 2017. Gartner analysts continue to state that by 2020, more than 25% of all identified attacks in the enterprise will involve IoT.
Hackers do not require experience anymore.
This is going to be one heck of a headache as the tools that hackers and cyber-criminals use are readily available and easily within reach of anyone who wants them and has the money to pay. This will result in a mass break out of amateur cyber-criminals. A disgruntled ex-employee, a politically motivated individual, an individual nurturing a personal vendetta; all these are potential threats. As a result, 2017 will cost companies millions where security is concerned.
Third-party vendors can be a gateway to their connected customers
This particular trend continues to be a threat in 2017. Although a business can build and install top of the chart security systems in their environment, until and unless they subject all of their third-parties to the same level of scrutiny, they cannot totally rule out risk. For instance, Wendy’s had over 1000 franchised locations that were compromised by a simple PoS (Point of Sale) malware attack. Therefore, policies need to be tightened up with proper oversight to ensure that substandard security measures and systems don’t lead to major exposures.
This too was a trend that appeared in the last year’s list and it will continue to wreak havoc in 2017. This will particularly be dangerous next year owing to the fact that Trend Micro has predicted Ransomware to grow 25% in 2017. What does this mean? It simply means that ransomware will likely be spread into IoT devices, PoS systems, and ATMs. For the uninitiated, ransomware means that you will have to pay the hackers the stated amount of ransom if you want your files back.
Shortage of skilled IT workers.
Because let’s face it, there is only so much a machine can do. With more than a million vacant positions worldwide, there have never been more jobs available in cyber security. We must work out why college graduates are shunning these openings and find a way to tempt them in. After all, they pay is pretty cool too!
Increase in Internal Threats.
This is a genius. So when business tightens their fort against obvious outside threats, hackers use legitimate credentials and software to infiltrate your business. What are these legitimate credentials and software? physical insiders, credential theft, man-in-the-app. The most dangerous aspect is how attackers manipulate victims with offers or threats that they would not want to present to an employer. Think employment offers or illicit content. Defenders will begin to appreciate those inconsistent user behaviors are the most effective way to differentiate malware and insider threats from safe and acceptable content.
Attackers are aware of how to directly target users and endpoints using social engineering. The industry needs to be more proactive in thinking about how to reduce the attack surface, as opposed to chasing known threats and detecting millions of unknown threats. With an increasingly mobile workforce and threats coming through both personal and business devices and services, the impact of perimeter defenses has decreased. To battle effectively, security needs to be built from the endpoint outwards.
Behavioral Technology will be in vogue.
With IoT spreading its roots to every inch of our life, ensuring ample security is paramount. And although we did mention that it is going to be a bleak year as far as security is concerned, companies like Apple and Lenovo are doing their bit. These giants have begun releasing products that have biometric sensors built into the touchpad. This will enable the integration of tools and technologies that advance the concept of biometric/facial recognition into areas like typing speed, pressure, and other behavioral-type detection systems. Thank heavens Mystique is just a fictional character!
Compliance concerns drive growth in the endpoint and device market.
More companies are aggressive with outdated software and will do direct checks to make sure the software is in compliance. A hard stance on outdated software accessing banking systems knocks user acceptance down 40 percent. However, this increases the purchase of new computers, Chrome books, mobile devices, and tablets.
Increasing number of Cloud-based attacks cause vendors to double-down on security.
We will see attacks targeting cloud management platforms, workloads, and enterprise SaaS applications. This will cause organizations to expand their PAM budget allocation beyond traditional desktops and servers. PAM stands for Privileged access management.
Tor v2 comes online.
Since the government has infiltrated the Tor network, a few large companies will start to setup cross-country file transfer networks that have terabytes of bandwidth and the equivalent of exit nodes everywhere. This “Tor v2”-type experience will start to be included in most releases of Google software. Also, we will witness Tor v2 moving toward a network that is fully encrypted and clear text at all times.
Cyber Risk Insurance will increasingly be used in common parlance.
We insure our cars, home, life and even gold. So why not our cyber properties? This type of insurance will increasingly become part of operational risk strategy. However, the insurance industry needs to tailor products specific to client needs. A blanket cover as extensions to existing risks won’t do. As the industry evolves we might see cyber insurance covering for:
a. Loss of reputation and trust with their customers
b. Loss of future revenue from negative media or other exposure,
c. Improvement costs for security infrastructure or system upgrades.
This one is an addition to the existing C-Level Executives. The CCO (chief Cybercrime officer) would be responsible for:
a. Ensuring that an organization is cyber-ready.
b. Bear the responsibility for preventing breaches.
c. Take the lead if a breach did occur and provide a robust connection between the board and the rest of the company.
All in all, it is better to be safe than sorry when it comes to cyber security in 2017. Stay tuned to AcadGild as we dish out some pretty exciting courses on Cyber Security early next year. Meanwhile, enroll yourself in the Ethical Hacking course from AcadGild to give yourself a boost in the Cyber Security domain.
Keep visiting www.acadgild.com for more updates on the courses.