Cyber security is a concern that will continue to plague governments, businesses, and individuals in the years ahead. As our world becomes more connected (and as we rely more heavily on those connections), implementing good cyber security countermeasures could be the difference for businesses between thriving in the connected world or being left in the dustbin of history. The Economist reports, “The number of reported data breaches at organisations in America hit a record high of 783 in 2014. Since 2005 there have been more than 5,000 known incidents of this type, involving an estimated 675m individual records. Hacking into computers via the internet is the most common cause of personal-information theft.”[1] There is no quicker way to lose a customer’s trust than to compromise his or her personal information. Most analysts agree that one of the best tools in the cyber security kit in the years ahead will be machine learning.
Machine Learning
Symantec analysts observe, “A new generation of business platforms is emerging from the convergence of machine learning and big data and it will be a game changer in cybersecurity. … The ability for machine learning to predict cyberattacks will improve detection rates and may just be the key that reverses the trend on cybercrime.”[2] Haiyan Song, Senior Vice President for security markets at Splunk, agrees with that assessment. “Automation and incident response will grow within security solutions,” Song says. “Specifically, security analytics and anomaly detection will be about automating and making it less dependent on humans, letting companies detect threats and respond without having to hire skilled analysts. Also, incident response will become a larger part of organizations’ security solutions, including automating the remediation.”[3]
Internet of Things (IoT)
The nervous system that enables the connected world is the Internet of Things. Cisco analysts believe the line between the IoT and World Wide Web will blur so completely that we will simply talk about an Internet of Everything in the decades ahead. That being said, there are growing concerns about security for things connected to the IoT. The IoT will become a “significant threat surface for the enterprise,” Song says, “leading to more physical disruption and new solutions. Internet-connected systems will create opportunities for hacktivists and terrorist organizations to access and productize information, and businesses will have to adapt to manage this new threat surface.” Not just enterprises need to be concerned. Analysts from Trend Micro note that consumers are also at risk. “Next generation technologies will also be seen as viable targets,” they write. “The continuing growth of smart-connected home devices will drive cyber attackers to use unpatched vulnerabilities as a way to stage a full-blown attack. While there are no signs of a wide scale attack coming, the likelihood of a failure in consumer-grade smart devices resulting to physical harm is highly probable.”[4] Margee Abrams (@margeeabrams) adds, “As more and more devices become tied into the Internet, security threats will continue to expand to new industries and markets. Since attack surfaces are growing, now is the appropriate time to safeguard future growth by investing in security.”[5]
Mobile Devices
When it comes to connectivity, mobile devices (especially smartphones) are playing a larger role around the world. That makes them a tempting target for hackers. Abrams writes, “Apps are now collecting a considerable amount of data, which means that the security of those applications must take a leading role in securing the devices they run on. The vulnerability of a simple mobile application is increasingly more likely to lead to the compromise of an entire company network.” With more companies adopting Bring Your Own Device (BYOD) policies, mobile device cyber security issues will remain on the corporate agenda. Analysts from a cybersecurity awareness training company called KnowBe4, observe, “Businesses that use mobile only devices have left gaping holes for social engineers and cyber criminals to slither through. More than 80 percent of smartphones aren’t protected from malware. … The tides are beginning to turn the online crime ring into a mobile battlefield. More and more criminals have already started to hack into mobile devices.”[6]
Ransomware
Joseph Bonavolonta, Assistant Special Agent in Charge of the Cyber and Counterintelligence Program in the FBI’s Boston office, recently told a conference audience, “The ransomware is that good. To be honest, we often advise people just to pay the ransom.”[7] John Zorabedian (@JohnZorabedian), writes, “The FBI website has some pretty good advice about preventing ransomware.”[8] Those recommendations are:
- Keep your anti-virus active and up to date. That means you’re more likely to block malware attacks proactively.
- Patch your operating system and applications promptly. Many attacks rely on exploiting security bugs that are already have available fixes, so don’t make yourself low-hanging fruit.
- Be suspicious of unsolicited emails, no matter how relevant they may seem. Avoid opening attachments and clicking on links in emails too, especially if you’re not expecting them.
- Make regular backups, and keep at least one offline. That protects you from data loss of any kind, whether caused by ransomware, flood, fire, loss, theft and so on.
Those are common sense recommendations. The Trend Micro analysts note, “The past decade saw cyber extortionists banking the use of fear on its victims. This is evident from the first cases of ransomware to its fully-evolved and sophisticated form today. Fear will still be part of any successful extortion scheme, and the more personal they can get, the easier the victims will cave in on their demands.” In the case of ransomware, prevention is certainly better than the cure.
Cyber Authentication
Song notes, “The explosion of personally identifiable information (PII) in the public sphere will lead to new means to improve identity authentication. Identity and compromised credentials as a new attack surface will attract a lot of development and innovation in terms of strengthening authentication.” Symantec analysts agree. They write:
“With the password system constantly under attack by cybercriminals, security vendors and providers are facing increasing challenges on ways to balance the need for convenience against complexity while providing users with the seamless experience that they demand. Adopting multi-factor authentication techniques such as one-time passwords or iris and fingerprint scanning may provide alternate safeguard methods, but at times they may not be the safest options. The true solution to protecting valuable information lies in users’ behaviour, which is ultimately how we can prevent our personal online assets and identities from being compromised.”
KnowBe4 analysts also agree that multi-factor identification is likely to be the next step in improving cyber authentication. They explain:
“This is the process of requiring two or more steps to identify a person trying to access a network, secure area or files. Experts believe this will reduce the incidents of identity theft, online fraud and so forth. Some institutions have been implementing three-step authentication in which a password, a physical item, such as a special token and biometric logins, which can range from fingerprint to eye scans are put in place to thwart hackers and social engineers.”
Conclusions
KnowBe4 analysts conclude, “Being knowledgeable about threats and trends within the cyber security sector will not only save you money, but will give you an added peace of mind as you, your business and loved ones venture into the upcoming year.” Abrams adds, “As 2015 draws to a close, companies and industries alike would be wise to pay attention to cyber security trends and proactively bolster their defenses. As Benjamin Franklin famously noted — and many attacked companies have learned — an ounce of prevention is worth a pound of cure.”
Footnotes
[1] Data Team, “Data breaches,” The Economist, 12 November 2015.
[2] CXOtoday News Desk, “Top 10 IT Security Predictions For 2015,” CXO Today, 28 November 2014.
[3] David Weldon, “Security Trends That Will Impact Your Data In 2016,” Information Management, 18 November 2015.
[4] “2016 Trend Micro Security Predictions: The Fine Line,” Trend Micro, 27 October 2015.
[5] Margee Abrams, “Four Cybersecurity Trends to Look Out For In 2016,” Cybersecurity & Performance Blog, 16 November 2015.
[6] KnowBe4, “Seven Cyber Security Trends in 2016,” Network Access, 27 October 2015.
[7] Paul F. Roberts, “FBI’s Advice on Ransomware? Just Pay The Ransom.” The Security Ledger, 22 October 2015.
[8] John Zorabedian, “Did the FBI really say ‘pay up’ for ransomware? Here’s what to do…” Naked Security, 28 October 2015.