2017 was a big year in the world of cybersecurity. News headlines were regularly dominated by examples of major data breaches, large-scale cyber\attacks such as WannaCry and NotPetya; and notable compromises of government and political information.
As we head into 2018, businesses should expect more of the same – but with some technologically-driven twists to look out for, says Peter Bailey, general manager of Aura Information Security,
“Data is so valuable it is routinely called the ‘new oil’. Hackers know this as much as business executives do, and are relentless in their efforts to access and use information for unauthorised purposes. Not only does doing so make them money, in some cases it also achieves political and social goals; and has the added bonus of delivering credibility in their underworld networks,” says Bailey..
Aside from the specific incidents that have occurred throughout the past year – and there are many, for example the 198 million voter records that were made public in the USA, or the attack on successful French presidential candidate Emmanuel Macron’s campaign – Bailey says there are three things that have had a significant impact on the cybersecurity industry over the past 12 months.
The year that was…
The first is the rapid rise of the Internet of Things (IoT), which enables physical objects to connect and exchange data.
“In New Zealand, IoT is maturing, with the networks, devices and platforms required to process sensor data already largely in place. However, while IoT brings exciting opportunities, it also brings added risk.
"As more and more devices are connected digitally, the potential attack surface for hackers also increases in size and becomes a much more exciting target. We’ve already seen examples of Internet-connected devices being used to carry out attacks over the past year, and we should expect to see even more as IoT adoption increases,” says Bailey.
Secondly, he points to the growing trend of the ‘gig economy’ and flexible working.
“With an increasing number of staff now able to access work files and data using personal devices, businesses are being exposed to increased risk,” he says.
And although most businesses will have policies in place relating to personal and work device use, Bailey notes that these are often difficult to police.
The third is the sharp rise in high-profile ransomware attacks, which Bailey says has put businesses’ security defences to the ultimate test over the past few months. “WannaCry and NotPetya are the top examples, but they aren’t the only ones. And, in addition to the mass attacks, there is still targeted ‘spear phishing’ attacks to worry about, where hackers identify a specific person and work to compromise their security for financial gain,” Bailey explains.
Those charged with security will increasingly have a mindset of ‘trust nobody’
Cybersecurity in 2018
The general view for cybersecurity over the coming year to not just expect more of the same, but a whole lot more of it – particularly when it comes to ransomware.
Bailey says organisations should particularly watch out for these three trends:
Hackers will seek to manipulate AI and automation technology
First of the top three security trends to watch starts with the increased adoption of automation and artificial intelligence tools, both of which can be exploited by hackers.
“The very same technology businesses are adopting to help improve and automate processes can be used by hackers, too. This means businesses are going to step-up their defences if they are to protect their data effectively. And, because AI and machine learning is somewhat ‘new’ for most New Zealand businesses, it also means they’re going to need to educate themselves on the potential risk this technology poses – and weigh up the potential impact.”
The search for ‘weak links’ will continue
As PCs are often shut down at the end of the work day, hackers are likely to target ‘always-on’ devices – for example phones or other connected devices (including IoT sensors and networks) – as they are likely to be the easiest point of entry, he says.
People will be a primary target
Finally, Bailey says people will remain one of the major opportunities for hackers to gain access to a business’ data or assets.
“Even those businesses with the best defences have a potential Achilles heel in every employee. Hackers are clever and understand people well. Using social engineering to dupe individuals is a major and growing threat, as it bypasses all the technology and processes a business has in place to protect information.”
For this reason, he says education is a crucial component in every defence strategy.
A related issue, he adds, is the likely re-emergence of ‘zero trust’.
“Those charged with security will increasingly have a mindset of ‘trust nobody’. This implies an increased focus on identity management and authentication, so there is absolute certainty in knowing who is accessing what, when they are accessing it, and how.”
The bottom line, says Bailey, is that cybersecurity is now an indelible part of the landscape. Good defences, where risks are identified, quantified and managed, is an integral part of doing business.
“That’s as true today as it will be in 2018 – so the key is to be prepared, and be prepared to be adaptable,” he advises.
“The digital world is fast-moving and new developments and threats are hard to predict, so it’s important to stay abreast of trends, review policies frequently, and continue to educate employees.”
He concludes: “Businesses who make this a priority and prepare now will be setting themselves up well for the year ahead.”
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.