Top 5 Cyber Security Threats for 2016
August 27, 2015
Everyone is a potential target of cyber crime and you don’t always know when it will hit. What we do know is that there are five prevalent cyber issues we continue to face in 2015, 2016 and possibly even further.
Internet of Things
We talked about the security issues the IoT is causing and there is no indication that will stop. In fact, all signs point to the vulnerabilities associated with this movement to be on the rise. The Internet of Things is this intriguing monster of fascinating capabilities mixed with massive doses of creepy data collection. These connected devices are quickly gathering mounds of personal information about our day to days lives and it’s a gold mine of data for any hacker.
Manufacturers produce thousands of these smart devices without thinking of the security implications they could pose. The risk possibilities are truly endless. This will be an emerging threat for the next several years and we predict it will start to be a more stringent requirement of manufacturers that security be built into their devices from the get go.
We wrote about mobile malware predictions for the last three years and nothing too catastrophic has really come from it, but here we are again. Mobile malware becomes an increasing threat to day to day life. More people are shying away from their laptops in place of tablets and other mobile devices to handle their daily banking needs and store other PII.
While we continue to hold our breathe in anticipation of a total mobile meltdown as a result of a cyber attack, we warn, yet again, that the vulnerabilities inside mobile devices and the apps they utilize are significant security risks.
Additionally, as retailers are forced to replace outdated POS systems with the latest pin and chip devices, we will see a shift from in-store attacks to online/mobile attacks. As a rule of thumb, hackers looking to steal PII for resale will look to do so in the easiest way possible to reach the largest number of targets. With more people shopping on unsecured mobile devices, especially Android devices, it is the next logical next step for a hackers.
We have already seen this happen with Target, Home Depot and many others. The prediction, however, is that the instances continue to increase. Third-party attacks are the result of hackers concentrating on breaching one company to gain the necessary credentials to easily infiltrate a much bigger target.
Smaller and less secured HVAC, electric, construction and other similar companies that are regularly called to maintain the buildings of these larger powerhouse retailers are the opening that hackers look to exploit. It is no longer sufficient that your organization has the right security teams in place or that your employees are up to date on security awareness exercises.
You know need to include a separate security screening of any contractors used. This makes the process of selecting contractors more expensive, but now there is clearly more risk at stake. Just ask Target.
No matter what method an attacker uses to infiltrate your networks, a new trend you need to worry about is what they will do with the data once it’s stolen.
Long gone are the times when hackers just got copies of the information they wanted. Now they destroy your link to this information. South Korea and areas of the Middle East witnessed first hand this type of devastation and after the Sony breach it has finally made it to US shores.
The good news with this type of cyber threat is that if you have good data backup practices in place and your business continuity plans are solid you shouldn’t have much problem recovering the lost info. On the other hand, this little glimmer of hope doesn’t remedy the fact that you spend significant amounts of time and money trying to rebuild these inoperable systems.
A priority for organizations in 2016 will be to beef up their security systems to detect attacks as they happen in real-time, defend their systems and ultimately prevent such massive damage from occurring.
Vulnerabilities of Critical Infrastructure
This really hasn’t been an issue yet, but it is a looming concern for critical infrastructure industries. There are 16 major critical infrastructures and they all fall victim to a disconnect between the technologies they use. You can read about the security plans in place for each of these industries below:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Service
- Food and Agriculture
- Financial Services
- Government Facilities
- Healthcare and Public Heath
- Information Technology
- Nuclear Reactors, Materials and Waste
- Water and Wastewater Systems
Throughout the world of critical infrastructures there are some ICSs and SCADA systems that span from 1-10+ years old. These industries are littered with contradicting devices and a world of opportunity for exploitation. The US government already mandated them to report security plans every 4 years, but like most things government, actually carrying out the steps relies heavily on time and funding constraints which can prevent a lot of follow through and progress.