The top 10 biggest cyber security threats for 2017
As the internet continues to evolve, so too does cyber-crime. It’s an unfortunate reality that we’re all forced to live with. We exist in an era when the Internet has given us access to vast amount of information. Online tasks like shopping, banking and paying bills conveniently are at our fingertips.
But for as much as the internet has made our lives easier, it has also given Cyber criminals scope for new & Versatile attacks . In 2017, it is no longer even needed to leave your house to rob someone—or commit an act of war.
As more and more systems become automated, as more networks are online – as we depend on technology to a greater extent every single day – we become more and more vulnerable to cyber-attacks.
With the above scenario in mind, below are our predictions for the top 10 cyber security threats we may face in 2017:
1) Cloud-Based Attacks Will Continue to Grow
As part of a continuing trend, we expect to notice a greater number of attacks on cloud-based management platforms, workloads and enterprise SaaS applications. This, in turn, will cause the majority of companies and organizations to have to review their security budgets and reallocate a greater portion of it to cloud-based security.
2) Password Hygiene Will Continue to be a Problem
Already in 2016, major breaches at Yahoo and Twitter have forced a significant number of people to have greater awareness about their password hygiene. These breaches will continue in 2017. At the core of the issue is people’s tendency to re-use the same password across multiple accounts. This needs to be addressed, as one compromise – if it contains a password – could potentially endanger multiple other accounts as well. Always use different passwords, and when possible make use of two-factor authentication or other recommended technologies.
3) Ransomware Will Continue to Evolve as a Threat
Ransomware is just one part of a larger threat: digital extortion. But as on date, it is the most effective weapon in the digital extortion tool box. The ability to take over a system and effectively hold it hostage until a set of financial demands have been met , is highly alluring to cyber-criminals and its use will likely to grow substantially in 2017.
4) Automobiles Are Going to Need Better Digital Security
Every year more and more automobile manufactures advertise innovative digital systems that have been added to their cars and trucks. From drive computers to advanced features like console-based entertainment centers, more and more systems are being brought online in automobiles every year. And while this is exciting, it also creates a brand new avenue for Cyber attack. Consider just for a second how terrifying it would be if any of your car’s online systems to come under attack while you’re in transit on a highway—or anywhere really. This is something the automobile manufacturers will need to address quickly.
5) IoT Device Manufacturers Will Need to Address Major Threats
This point piggy-backs on our previous one, the IOT or Internet of Things refers to the plethora of devices that have come online in recent years. Everything from your dishwasher to your coffeemaker are online now—your refrigerator probably has a Twitter account at this point. Again, with all of these devices coming online – and perhaps more importantly, networking with other devices online – it creates a new attack surface that is extremely vulnerable. Until IOT manufacturers identify authentication risks and establish identity assurance requirements, the threat will continue.
6) Mobile Payments Will Continue to be target for attackers
You know how many people are paying for things on their phones these days. It seems like everyone – from coffee shops to technology titans like Apple and Google to financial institutions – are designing NFC (Near Field Communication) and RFID (Radio Frequency Identification) mobile payment platforms these days. As you can imagine, this is an exciting new target for cybercriminals, who are already actively looking for a way to breach these systems and gain access to money and valuable financial details.
7) Social Engineering Attacks on Employees Will Grow
With companies and organizations across the world spending more and more time on their digital security strategies, cyber criminals have been forced to become increasingly creative in their attacks. We are now entering an era where Social Engineering Attacks are reaching the level of an art form. Social Engineering is a technique where cyber criminals attempt to create a believable cover from which to breach a network or to take advantage of a known vulnerability. In this context, it’s usually an email-based phishing attack which impersonates an employee’s coworker or superior in a convincing way to get them to click a link or open an attachment—though it can take other forms as well. It’s absolutely crucial that all companies and organizations spend time and resources to train all their employees on threat detection and how to handle anything suspicious.
8) SMBs Will Continue to Be Targeted
One of the biggest misnomers when it comes to cybercrime is that the biggest companies are the most likely targets. It is not true. According to Symantec, 74% of small and medium-sized businesses have been targeted in the last 12 months. In 2017, that number is going to sky-rocket? Why? It has to do with the fact that the browser community is going to start mandating encryption. This means every website will need to have at least a Domain Validated SSL Certificate. The problem lies in the fact that many small and medium-sized businesses currently encrypt their websites using DV SSL, which before SSL was required was sufficient, but won’t be afterwards. Why won’t it be sufficient? DV SSL offers no authentication beyond who owns the domain. This means that the legitimate website of an SMB (with a DV SSL Certificate installed) and a spoofed version of that same website made by a cyber criminal will be identical to the average internet user. They will both have a DV SSL Certificate on them. They will both have identical security indicators. They both look exactly the same. Phishing attacks are about to sky-rocket. The only solution is Business Authentication.
9) Commercialized Anti-DDoS Will Emerge
The last two threats are larger-scale threats, with the potential to affect entire countries—not just companies and industries. Recently, we’ve begun noticing DDoS (Distributed Denial of Service) attacks in excess of 500 GB. Without getting into details , this is a staggering level of power on the part of the attacker. These attacks can take entire servers down at will, for as long as they continue to be executed, and put companies and organizations at the mercy of their attackers. It’s only a matter of time before a startup that can directly attack or patch botnet systems is formed in a largely unregulated country (like Middle East, Asia or Eastern Europe). This will mark a new chapter in the history of cyber warfare as it will give lesser developed countries access to a powerful weapon while forcing entire nations to reckon with the threat.
10) A Country Will Conduct a Cyber-Attack that will Be Acknowledged as an Act of War
International incidents involving acts of cyber warfare have already been started —and increasing regularity. China, which has a highly-regulated internet, once essentially weaponized its entire internet user-base in order to launch a massive DDoS attack at GitHub. Russia hacked the US Democratic National Committee’s servers and leaked thousands of stolen emails to WikiLeaks during the US elections. The US is rumored to have once partnered with Israel to create a computer virus that was then used to attack the Iranian nuclear program. These things are happening on a daily basis. The only thing that’s prevented escalation so far has been secrecy and level of deniability – no matter how strained – on the part of the attackers. But it’s only a matter of time before some nation catches another one red-handed and acknowledges the cyber-attack as an act of war.
