Cybersecurity concerns are keeping enterprises on the edge. Security threats are always looming large, with a wide range of end user-centric technologies gaining momentum within the enterprise space. In the past year, the threat landscape has undergone a dramatic shift, changing the very complexion of security attacks.
Nitin Mishra, Senior Vice-President – Products and Services, Netmagic looks at the security threats that will haunt the Enterprise in 2017.
Data Sabotage: The Next Frontier to Inflict Damage
The concept of data manipulation or data sabotage began to surface in 2016. In 2017, data sabotage shall gain a significant foothold. It’s fast emerging as the key security threat where attackers will use different approaches to penetrate a system or environment over time, and continuously sabotage data integrity.
A CNBC article on the subject suggests that such attacks are usually on less sensational, though highly influential opportunities, such as manipulation of personal financial information, stock tickers or even a company’s earning report. In fact, the same article cited examples of data integrity attacks over the years. It mentioned that in 2010, the Stuxnet worm forced minor changes in targeted devices to destroy Iran’s nuclear program. In 2013, Syrian hackers breached the Associated Press’s Twitter account to broadcast fake reports of President Obama being injured in explosions at White House. The fake news had caused a 150-point drop in the Dow.
To demonstrate dangerous vulnerabilities in an in-flight entertainment (IFE) system, Ruben Santamarta, a security researcher at IOActive, managed to hack into Panasonic Avionics IFE systems that are used by 13 major airlines. Santamarta could spoof flight information such as map routes, speed statistics, and altitude values. Participating in the recently held Panasonic Avionics’ private bug bounty program, he could not only hack into the announcement systems, and control the cabin lighting, but also steal credit card information stored in the automatic payment system and use their frequent flyer membership details to capture their personal data. The US intelligence agencies and most of the security firms are touting such attacks as the next big thing in hacking and a threat to watch out for.
At the Enterprise level, CIOs need to be on the lookout for under-the-radar activities that can translate into business challenges. For instance, a competitor manipulating your sales data can lead the business to take wrong decisions and invest money that will lead to negative returns. Hence, organizations will need to tune their security scanners and tools to be more sensitive to detect such stealth attacks. One such technology that will see a significant uptick in 2017 is the use of decoys or deception to track suspicious activity.
Ransomware Attacks to Grow Stronger and Frequent
While under-the-radar, data-stealing malware is still common. A bold new crop of ransomware actors encrypts enterprises’ key data or sensitive information with cryptovirology attacks, and demand a ransom to decrypt it. Ransomware’s extortion attacks are currently the latest major trend in the cybercrime industry. This is not a new type of attack, but it is clearly the most widespread security threat.
Ransomware is evolving, getting stealthier, and using automation increasingly to strengthen such attacks. However, it’s alarming to note that generally, the enterprise preparedness to battle ransomware attacks is abysmally low. Ponemon Institute’s 2016 State of Endpoint Report reveals that 56 % of companies surveyed said that they are not ready to fend off ransomware attacks, and just 38 percent said they have a strategy to deal with destructive software.
Ransomware attacks will increase in both strength and frequency. According to Trend Micro’s projections, there will be a 25% growth in the number of new ransomware families in 2017, translating to an average of 15 new families discovered each month. Machine-learning technology is likewise a strong complement to multi-layered security that can detect even unique and newly created ransomware, states the Trend Micro’s report.
Enterprises need to focus on end user awareness, training and ultimately the change in behavior. To successfully thwart the threat of Ransomware, enterprises need to be unflinching in giving into the ransom demands. This will also require the enterprise to focus more on aequate data-backup, which can be restored in the event of a ransomware attack.
Internet of Insecure Things
IoT is revolutionizing, indeed. So is the threat landscape it brings with itself. Gartner predicts that by 2020, over a quarter of identified attacks on enterprises will involve IoT. Considering the scope, complexity, and diversity of IoT platforms, the impact of such breaches will have a profound effect on enterprises.
In an IoT environment, perpetrators can do much more damage than just steal information or usurp controls. Hackers can use vulnerabilities of IoT platforms to not only conduct corporate espionage, but can also sabotage the entire business operations, and harm people and the environment physically. Here we see a paradigm shift in the impact of threats – till date it was about the security of inanimate assets. From here on, it is going to be about the security of life.
Gartner predicts that through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices. Hence, in response to IoT security threats, the spending on IoT security is expected to reach $547 million in 2018. Connected consumer devices are riddled with security vulnerabilities as well. Soon we may begin to witness attacks on connected consumer devices.
Enterprise will be riddled with the task of keeping corporate and personal IoT devices separate. On similar lines to BYOD, this will lead to an exponential jump in the attack surface within the Enterprise.
DDoS Attacks’ Scale and Frequency on The Rise
DDoS attack firepower in 2016 spiked at an alarming rate. Industry reports suggest that since a large number of IoT devices are still lacking even the basic security features, the DDoS attacks have risen from 400Gbps bandwidth to more than 1Tbps, resulting in a massive business impact and reputational risks. Undoubtedly, the scale and frequency of DDoS are on the rise. According to Arbor Networks’ annual Worldwide Infrastructure Security Report, the largest attack reported in the past year was 500 Gbps, representing a 60 times increase in 11 years.
Unfortunately, very few organizations today have the specialized protection against such firepower that can increasingly take down critical infrastructure in the near future, putting not only businesses but nations at considerable risk.
According to Trend Micro’s projections, in 2017 cyber criminals may use Mirai-like malware in DDoS attacks. The report suggests that from 2017 onward, service-oriented, news, company, and political sites will get systematically pummelled by massive HTTP traffic either for money, as a form of indignation, or as leverage for specific demands.
Enterprises can leverage the services of mature datacenter players to help them protect from DDoS attacks. Datacenter providers with well-defined managed security practice are best placed to deliver a layered DDoS protection solution that would take care of low and slow attacks as well as the voluminous attacks that make headlines.
Perils of Insider Threats & Shadow IT
It is long established fact that employees are the weakest security link in an enterprise environment. Most enterprise hacks begin with internal resources falling prey to simplest of phishing attacks. Now with rise in popularity of free SSL certificates and Google’s new initiative to label HTTP-only sites as unsafe, the environment may become more conducive to more advanced spear-phishing and malware attacks.
Enterprises are also facing a growing threat from within, with the prevalence of shadow IT. Employees’ independent decisions to use cloud apps for better personal productivity and convenience, without involving CIOs and CISOs, are exposing businesses to considerable risks. Gartner predicts that by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
Enterprise Risk Exposure monitoring is a service that will gain significant traction in 2017. This is a service that will enable scanning of the entire Internet landscape to identify the enterprise’s footprint and enable CIOs and CISOs to get a bird’s eye view of the exposed parts of the organization’s IT landscape. This is different from traditional VA and PT services and takes a non-intrusive approach to identify open risk areas. An example is identifying board-room level VC and collaboration solutions that are openly accessible on the Internet with weak authentication for privileged access. At Netmagic, we are seeing a major interest from our customers in this type of service.
BEC Attacks Will Grow
According to the FBI statistics quoted in the Trend Micro threat report, in last two years, Business Email Compromise (BEC) attacks have caused about 22,000 enterprises around the world to have lost at least US$ 3.1 billion.
Earlier termed as the Man-in-the-Email scam, BEC generally began with business executive’s email accounts being compromised and spoofed and being used to mail to an unsuspecting employee with specific instructions to wire transfer large sums of money to international accounts. Trend Micro threat projection report warned of more of BEC attack instances similar to the US$ 81-million Bangladesh Bank heist. Such attacks, obviously, will increase as these are easier to execute without needing larger infrastructure, and are difficult to detect as such emails do not contain malicious payloads or binaries.
Obviously, many of such security threats aren’t new attack approaches. However, such threats are undoubtedly gaining a stronger foothold and becoming more advanced and far more damaging in nature. CIOs and CISOs shouldn’t confine their conversation on security and threats internally, and should actively look at expert support externally, who can offer knowledge and intelligence sharing along with best practice implementations. CIOs and CISOs need to pay rapt attention to how the landscape continues to changes, track closely as the threats evolve, and come up with newer strategies while collaborating with security experts to not only bolster the protection of their organizations but also anticipate where the next risk may come from.