Image: iStock / DaLiu
The economic damage caused by cybercrime is massive and quantifiable. In 2016 companies and individuals will be hit by 90 million attacks. That’s 400 raids every minute. Nearly 70% of of these attacks will go unnoticed, yet the fallout is massive. Hacking costs companies $15.4 million per attack, according to Sameer Dixit, Senior Director of Security Consulting at cybersecurity firm Spirent.
READ: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
The incentive to hack is generally financial, Dixit explained. “Cybercriminals buy and sell stolen data at underground black markets. Social Security numbers, bank account info, credit card data, personal identity information, and personal health information are sold,” he said, on the Dark Web.
Coupled with emerging technologies like the Internet of Things (IoT) and self-driving cars, Dixit said, new threats emerge with every new innovation. “Given the increase of internet-enabled devices in the market,” he said, “the security threats associated with those devices will also continue to increase.”
Dixit shared his predictions for emerging cyberthreat vectors in 2017:
Next generation cyberwar is fought on the internet. Every day a new headline, tweet, or alert appears suddenly, and more often than not companies are forced to be reactive to unforeseen threats.
Industrial control systems
Connected systems present a higher degree of risk to critical infrastructure. Bolted-on, legacy supervisory control and data acquisition (SCADA) networks can pose significant risks. [Old systems] are prime targets, not just because they control our electricity, natural gas, water, waste treatment, and transportation networks, but also because they were not designed with cybersecurity in mind.
With the expansion of IoT, from home appliance to security monitoring systems, new security challenges are becoming pervasive. Devices that were not meant to be internet-enabled are now online and potentially open to attack. Without proactive testing, networks are more vulnerable than ever before. Hackers have new entry points via which they can not only gain unauthorized access into our home or business networks, but can also intrude into our privacy.
Enterprise-targeted ransomware attacks have become mainstream and will continue to be a major threat next year. New methods of ransomware include exploiting vulnerable web servers as an entry point to gain access into an organization’s network.
Attacks on connected automobile systems will continue to increase and become more sophisticated. Specifically, attacks on vehicle access systems, engine control units (ECUs), remote key systems, V2X receivers, USBs, and OBD IIs will be prime targets.
Dixit shared several best practices for corporate cybersecurity:
Patch and update everything, including operating systems, antivirus software, browsers, Adobe Flash Player, QuickTime, Java, and other software.
Conduct frequent vulnerability scanning of your organization’s’ external and internal network, networked devices, and web applications to identify security holes or any known security vulnerabilities.
Conduct penetration testing to identify potential points of exploit on your organization’s network, networked devices, and web applications.
Raise employee and user awareness and require users to use strong passwords and to avoid opening email or email attachments from unknown sources.
Maintain up-to-date antivirus software and scan all software downloaded from the internet prior to executing.
Restrict user permissions to prevent installation and execution of unauthorized software applications.
Apply the principle of least privilege to all systems and services. Restricting user privileges may prevent malware from running or spreading quickly through the network.