2016 saw some of the most well-established and public facing companies as the target of cyber criminals attacks, the most notable being the Yahoo hack which saw one billion accounts being compromised and the Tesco bank cyber-heist which was regarded as Britain’s largest attack to-date after losing ?2.5m. These were amongst just a few of a staggering 1.6 billion data breaches that took place in 2016.
Last year also saw some of the largest DDoS attacks on record, with attacks in some instances topping 1 Tbps - and there is no sign of slowing. In 2015, the largest attacks on record were in the 600 Gbps range now only two years later, we can expect to see DDoS attacks grow in size which further fuels the need to tailor solutions to protect against and mitigate against these grand scale attacks which have been apparent throughout the year. We can only expect to see more relentless and hard hitting attacks in 2017, so thorough precautions must be taken. The most notorious DDoS attacks of 2016 was the Dyn attack which made major Internet platforms and services unavailable to large swathes of users in Europe and North America. The reality is that we need to brace ourselves for an even higher magnitude of cyber-attacks in 2017, hence the need for cybersecurity New Year’s resolutions.
Effective cyber defence requires paying attention to the technologies that are available and using them in the way they are supposed to be used. Companies that take this approach will construct effective barriers meaning hackers will go elsewhere and find an easier target to attack. So what are some of the most pertinent threats in 2017 and what can be done to protect organisations and individuals?
Ransomware saw rapid expansion in 2016 and this type of cybercrime will develop in 2017 into more sophisticated types of extortion that add social engineering to the mix and we will see the emergence of the DDoS of Things (DoT) as an attack method which means we need to really tighten up our security protocols.
BYOD and IOT are both emerging trends which pose problems to individuals and organisations. The continued proliferation of devices and the associated attacks will confound CSOs and help threat actors propagate their malicious activity at greater scale. Meanwhile IoT In 2017, we’ll see the emergence of the DDoS of Things (DoT) as the attack method. By abstracting the devices and the malware they create, we dig into the root of the problem: the outcome, which, in this case, is a colossal DDoS attack.
As the DoT continues to reach critical mass, device manufactures must change their behaviour to help curb it. They must scrap default passwords and either assign unique credentials to each device or apply modern password configuration techniques for the end user during setup.
These developments highlight the fact that criminals are becoming more complex and scaling up their attacks. Despite this, two of the fundamental issues that allow these breaches to take place are the fact that businesses are unwilling to spend out on necessary security and prioritize and that there is a lack of education amongst the public when it comes to cybersecurity.
With new European laws coming into force in 2017, companies should feel more inclined to consider security precautions as a priority, but crucially, by giving cybersecurity the attention it deserves and investing in well-managed security controls, damage control won’t be necessary.
Organisations also have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches. Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, but ultimately protection systems need to be put in place to keep hackers out.
As employees are an organisation’s greatest tools, the way they contribute to securing the company should also be well-managed. CIO’s and CISO’s should make it a New Year’s resolution to ensure staff have the knowledge, tools and ability to keep themselves and the organisation safe from the myriad of threats that are looking to jump over low barriers or get through chinks in the security armour.
With organisations and individuals facing so many threats in 2017 including IoT, DDoS, BYOD and ransomware it is clear that we all need to be more aware of the threats we face. In order to protect our individual data and to keep organisation’s safe and secure it should be a New Year’s resolution to become more personally aware and to invest more in all aspects of security. We should all approach 2017 with an enlightened view towards cybersecurity. And hopefully the focus on cybersecurity will last longer than the commitment to the gym or an attempt at a ‘dry January’.