As IT and finance businesses and professionals enter 2017, they will have to face the reality that cyber attacks are increasingly becoming more nuanced and severe. These attacks are powerful enough to cripple entire networks and surpass current outdated defenses upon which government agencies and companies still continue to rely on.
The world is seeing increasingly sophisticated offensive technologies which allow hackers to breach tough defenses and walk away with sensitive information undetected. As cyber attacks become more severe for their targets and more profitable for instigators, more and more trained hackers are getting into the game.
With state-sanctioned cyber attacks and widescale data breaches as the new norm, how can IT and finance companies and professionals bolster their cyber attack defense? Read on for thorough analyses of future trends, pertinent comments from industry insiders, and cyber security best practices in the face of these challenges.
The Coming Storm
There are several converging developments that are creating the conditions for 2017’s coming cybercrime wave. Its very definition is “crime that involves a computer and a network,” so where you have computers and networks, you have the potential for cybercrime.
Just like a hurricane feeds off of atmospheric heat, cybercrime will spread far and wide thanks to the presence and deep integration of our information technologies in day to day activities.
Consider the emergence of modern Internet of Things (IoT) technologies and cloud computing systems. Virtually any kind of object you can think of can now be fitted with a tiny computer and connected to the Internet, making it yet another node in the web of hacking resources. Further, many software packages and data stores are now in the cloud, so businesses, organizations, and individuals are connected to the Internet all of the time.
This increases the amount of targets of opportunity for hackers, and there are many more targets of value. Since there are so many targets of attack and so much sensitive and valuable data to go after, cybercrime has become a profitable and substantial full-time job for many hackers. Now, everyone from teenagers to seasoned pros are trying their hand at compromising various targets.
What many hackers are finding is that many government organizations and businesses have embarrassingly weak cyber attack defense protocols. The bar of entry has lowered, and potential rewards are constantly going up. It also doesn’t help that global tensions and inequities are at an all-time high, adding to the pool of vulnerable and angry individuals worldwide with the skills and motivation to go on the offensive.
If all of this sounds like a recipe for disaster, it’s because it is one. Tech and IT professionals around the globe are sounding the alarm, and urging businesses of all sizes to invest in better cyber security measures and develop more robust lists of cyber security best practices.
Who is Vulnerable?
Previously, we’ve seen larger and more politically or economically exposed entities that were at risk. In the public realm, state actors targeted other state actors for espionage, propaganda, disinformation, or cyber warfare purposes. Private actors also targeted state organizations in order to send a political message or retaliate for perceived grievances.
In the private sector, large businesses were targeted, whether for political purposes or for their vast amounts of resources such as sensitive and valuable data. Technology and eCommerce organizations were especially vulnerable, as hackers were after vast stores of data and other virtual resources that could easily be made off with.
Today, however, attacks have become much more subtle, sophisticated, powerful, and low risk. There are many different types of attacks, and they have become very creative and cunning. As more hackers and hackers’ organizations enter the fold, digital crime activities are spreading out further to all sorts of targets. Now even medium-size businesses are under threat of attack.
The costs to businesses worldwide are staggering. Cybercrime costs the global economy hundreds of billions of dollars a year. Recently, industry insider John McAfee offered his predictions for 2017. One of his observations concerned Ashley Madison, a controversial dating website, which was hacked close to a year ago. Many of its users’ data was breached, resulting in the site’s bankruptcy. In this case, we’re not only talking about substantial financial loss, but the destruction of entire companies. McAfee predicts more of these cases to come in 2017 and beyond if security measures aren’t upgraded.
Needless to say, just about anyone who does business online is vulnerable, and the stakes are very high. Even brick and mortar stores conduct transactions online, and they undoubtedly store sensitive information on networked computer systems as well, making small businesses fair game as well.
The Great White Shark of Cyber Attacks
If we want to start talking about cyber attack defense, it helps to have a good idea of what kind of attacks are out there. The first type of attack we need to talk about is the denial of service (DoS) attack, one of the most powerful, destructive, and bewildering forms of attack in a hacker’s arsenal. A DoS attack refers to a coordinated strike in which the perpetrator seeks to make a given resource unavailable to its users by disrupting the services of an Internet host provider. This is usually done by overwhelming the host with false requests in order to overload the system, and prevent its usage by legitimate users.
These attacks are often used on institutions like banks and credit card payment gateways, and on many different types of government sites and business sites for political purposes. Besides explicitly political reasons, DoS attacks may be used for blackmail purposes, or for revenge from an aggrieved party.
DoS attacks have many forms, but the DDoS (distributed denial of service) may be one of the most feared by IT departments. This type of attack uses more than one IP address, which can grow to the thousands depending on the scale and power of the attack.
With an attack such as this, cyber criminals can deliberately target structural weaknesses within the Internet to cause more destruction. In a particularly devastating attack, hackers targeted the servers of Dyn, a company that controls a majority of the Internet’s domain name infrastructure (DNS). Because of this strategic move, many major sites were brought down which use DNS, such as CNN, Reddit, Netflix, the Guardian, Twitter, and many others around the world.
We mentioned previously that the proliferation of connected devices is raising the stakes for cybercrime. The DDoS attack that brought down Dyn made use of a large network of Internet of Things (IoT) devices to amplify the power of the attack, with spectacular results. IoT devices aren’t particularly well-secured, making them yet another risk for future attacks.
One of John McAfee’s major predictions for 2017 is that DDoS attacks like these are going to become commonplace, and the severity will be far greater than what we have seen so far unless as cyber attack defense mechanisms are put into place soon.
Other Future Attack Trends
There are plenty of other modes of cyber attack that have experts just as worried. Ransomware is on the rise around the world, and it poses unique threats to businesses, governments, and individuals. Ransomware operates through computer malware that installs on a victim’s computer, usually through a Trojan that disguises the malware as a normal file. Once the malware is installed, it affects the computer in adverse ways such as locking the user out or encrypting crucial documents. After this is accomplished, the attacker then demands a fee to undo the damage.
Ransomware attacks are also growing more sophisticated and powerful, with cyber criminals attacking larger organizations and demanding larger payment. It hasn’t helped that there is a market for ransomware programs on the dark web, which helps to spread these programs further, and make them more powerful due to competing programs.
Another common attack is the cleverly named “phishing” method, in which a hacker tries to obtain sensitive information from a victim over email. The attackers “fish” for a victim by using “lures” such as too-good-to-be-true offers and spirited requests from fictional characters. This is a decidedly low-tech form of cybercrime, which makes them easy to carry out and numerous. However this doesn’t make them any less dangerous; users get scammed out of substantial sums all of the time. You’ve probably gotten your share of phishing emails in your junk mail bin, and hopefully you didn’t bite.
There are many types of fraud that are characterized as cyber attacks as well. One form of fraud that cyber criminals are getting better at is social media fraud. Fraudsters take advantage of the amplification characteristics of social media outlets to spread their message far and wide. For example, fake investment advice can spread and then investors put their money in a bogus vehicle.
Identity theft has many eCommerce sites and financial services businesses especially worried. This form of attack has been around for quite some time, but its cyber form is especially pernicious, due to the vast availability of personal information. The financial losses and social chaos associated with identity theft cases can be substantial.
Cyber Security Trends
In the face of these growing threats, what are experts saying about the future of cyber security technologies? How are IT, finance, and tech companies going to handle cyber attack defense in 2017? Even the most seasoned professionals are scratching their heads when it comes to the larger DDoS attacks, but for most of the anticipated threats, there are a host of promising avenues for innovation.
Experts believe the arrival of the new administration will spell changes for cyber security across the board. President Trump has expressed concern about cybercrime, but usually only in the form of threats against state actors. We can expect the U.S. government to ramp up spending for security issues, but the coming wave of deregulation may relax cyber security standards for many businesses as well. Reuven Harrison, CTO and co-founder of Tufin, a provider of network security policy solutions, pointed out that with relaxed regulation, vulnerable security teams may have to turn to outsourced security measures to supplement their cyber attack defense capabilities.
Privacy problems are another concern. The NSA was famous for compromising data systems with surveillance backdoors, and as Carson Sweet, co-founder and CTO at CloudPassage pointed out, Trump backed the FBI over Apple in the iPhone privacy case. We can expect more of the same in 2017, so the private sector will need to strengthen their approach to privacy issues and commit to protecting customers’ sensitive information.
Regardless of public policy, privacy should be paramount to every business on the Internet. As agencies and businesses harness the power of their cloud networks and email distribution to improve services, cyber security measures will need to address customer privacy so that brand trust is not destroyed.
John McAfee, one of the leading innovators behind anti-virus protection has predicted that this paradigm is going to go away in 2017. As McAfee and other cyber attack defense experts have observed, every major attack on American governments and enterprises were already protected by antivirus software products. McAfee has urged the cyber security community to invest in proactive systems that can detect the presence of a hacker within milliseconds of entry, long before malware can be planted. Further, many cyber security firms will increasingly offer services, as opposed to products, such as data backup and disaster recovery services.
Best Practices For Cyber Security
Now that we see where cyber security is going, how can businesses best protect themselves from threats? Though countless U.S. security agencies such as Homeland Security, the FBI, and the Department of Justice are devoting resources to cybercrime, businesses shouldn’t wait around to protect themselves. As McAfee observed, cyber criminals are very difficult to weed out, and businesses should be focusing their resources on cyber attack defense, not offensive measures.
To begin with, everyone in your organization or company should be aware of cyber security best practices and actively adopt them. This awareness should go all the way up to company executives, who can choose what cyber security upgrades and services to invest in, and how company resources should be organized around these best practices. All employees should be involved in a cyber security training program, so they can look out for email phishing attempts, stay away from problem Internet sites, and identify and block attempts from malicious actors to gain sensitive information. Many cyber attacks are executed through unaware employees, and sensitive information from phishing attempts can lead to serious breaches very quickly as accidentally downloaded malware or ransomware is another common way for companies to be attacked.
Acquiring or guessing passwords is a cheap and easy way for a hacker to get into a system and do serious damage, so make sure your employees are changing their default passwords and adopting strong passwords. All of your systems should be password protected.
Various extra devices like laptops, phones, and tablets can make your IT systems even more vulnerable, so it is a good idea to adopt a sound policy on work-only devices that are well secured.
Your IT staff should maintain awareness of any system vulnerabilities, and should stay up to date on the latest patches and system updates to ensure that vulnerabilities are being addressed.
If possible segment your networks by department type and allow limited access to only those who work in the department. If you have a breach, your company will take far less damage this way.
Finally, consider outsourcing some or all of your security functions. Cyber security firms are the best professionals to meet the unique challenges of modern cyber attacks, as their businesses are agile enough to adapt to specific challenges. Cyber security measures, advanced detection tools, disaster recovery services, and cyber security response plans are all things that outsourcing firms do very well.
Take a Deep Breath
Many of these larger-scale attacks seem pretty terrifying, but unless you operate a large and exposed business, there isn’t a huge possibility that your organization will suffer a serious attack. However, it is important to take the increasing sophistication and occurrences of cyber security seriously, and you should consider getting cyber attack defense experts on board to help you stay secure.
The best practices for cyber security will help you protect yourself from a vast majority of attacks. For more information on how you can stay fully protected, reach out to our team of experts today. Remember that the best cyber security plans start with vigilance and awareness of threats. Once you know how to spot malicious attacks, you’ll be able to strategize on the best defense for you and your team.