With the New Year upon us, Kroll’s experts reviewed the cyber security landscape to identify key issues we see coming or continuing in 2017. The past year presented numerous challenges in the information security realm. From big name breaches to distributed denial of service (DDoS) attacks, all the way to allegations that the Presidential election was hacked; it seemed like there was a colossal cyber security problem every week. Will 2017 be worse? How will it look? And what can you do?
Here are some predictions of the issues we expect to occur next year and a few resolutions your business or organization should consider to help you defend your systems and data.
IoT (internet of things) far-reaching breach
IoT devices can be found connected to home, public, private, and government networks. With the proliferation of these devices come vulnerabilities; as we have seen, developers don’t always program with security in mind and they can easily become entry points into many environments. The widespread DDoS attack this past October demonstrated the scale and breadth of IoT security issues, and we expect these breaches will continue to evolve and grow in impact.
Cloud “great migration” begins
The ever-increasing move to cloud services is being called the great migration. We’ll see more services and workloads move to cloud-based platforms. This will likely bring about security issues that haven’t been seen before.
The problem of DoS/DDoS attacks is growing rather than lessening, both in frequency and in strength. With the Mirai botnet source code having been freely published this year, it will add more DDoS threats to businesses. And because of the increase in IoT devices, we may see even more disastrous levels of attacks. But there is hope, as we expect to see new anti-DDoS services popping up.
Ramsomeware will continue
Threat actors will be smarter about which people and companies they target in order to extort as much money as possible. We will see even more cunningly crafted malicious emails as cyber criminals perform more research into their targets. As a result, law enforcement and the security industry will likely join forces on a much larger scale to aggressively detect and respond to these incidents, which may lead some malicious groups to move away from this type of attack.
Malicious actors will take control of drones sold with vulnerabilities such as open ports and/or weak authentication mechanisms. Consumers will be forced to rely on manufacturers to release software updates in a timely manner to fix these types of vulnerabilities. Exploited drones could be used to take over package deliveries, for unauthorized aerial photography and illicit surveillance, and for use in attempts to hack into the Wi-Fi networks of buildings on which they land.
The threats above and myriad other ones such as social engineering, malware, and employee mistakes highlight the need to review and strengthen your security efforts if you have not already taken steps to do so. Here are some foundational, and critically important, actions you can resolve to take in 2017.
Plan for the worst by testing your incident response plan
Don’t have a plan? Get one! Now! Otherwise, how will you know where you have gaps or what defenses need improvement? A good incident response plan addresses your entire organization, with the core team typically consisting of your Chief Information Security Officer, Chief Information Officer, general counsel, and technical leaders as well as human relations, public relations, and risk managers. Before a security event hits, test and drill your plan. Some key elements of the plan should be determined in advance: agree on team members’ full responsibilities and roles to minimize confusion; outline how pertinent information will be gathered and how incidents will be escalated; and establish clear internal and external communication protocols. Lastly, understand that your organization continuously evolves just like the threats in the market. Prepare as best you can – even for the unknown – and stand ready to implement your plan.
See more on Incident Response planning here.
Make sure your house is in order
Even the most conscientious IT teams can get behind on critical security steps. Assess your current status and take action on addressing gaps. A few recommended actions:
- Be better at applying computer and application patches in a timely manner.
- Backups! Make and test your backups regularly. This can save you from having to pay money if you get hit with ransomware, not to mention it is part of disaster recovery and business continuity plans.
- Discourage shadow IT. You have to know what applications, hardware, and software are in use across your organization and are in line with your authorized security policies.
- Create a lessons learned library after incidents. There is no need to reinvent the wheel every time. Circle back after an event to assess what went right and what could be changed for a more efficient response to threats and attacks.
Train your employees, build awareness, and implement policies
From basic policies such as keeping employees from reusing passwords to extensive training on threats that often target unsuspecting employees (e.g., social engineering scams, emails with ransomware), prepare your teams to protect your organization’s precious data assets and information through extensive and regular training. Often, we still find simple employee errors or duping at the root of security incidents, and cyber criminals are now aware of who in an organization likely has access to valuable data. We have seen cases where people in certain roles are specifically targeted with scams. You cannot afford to cut corners on committing the resources and time to making sure your employees are aware of how they can accidentally expose information and how they can defend against falling prey to various attack methods.