As 2015 is left behind, it’s clear it was not the best year for cyber security. Thomas Fischer, principal threat researcher for Digital Guardian, looks at the highest profile hacks of 2015 and how cyber security will evolve in 2016.
Many attacks have been blamed on a rise in ‘hacktivism’ and self-proclaimed ‘hacktivists’ will attack companies for a variety of reasons
An increase in wiper attacks
Wiper attacks, which erase files from victim’s computer drives in order to cripple essential apps, have been growing steadily for years. A wiper attack will not only damage your IT systems, but can leave sensitive data exposed. Sony has been the most prolific organisation to suffer this kind of attack to date, however, as these kinds of hacks become easier, businesses of all sizes must be prepared to protect against them.
Investing in security is essential for any modern business,but it will only be effective if they invest in the right areas. Focussing on end point protection, disaster recovery and backup applications that can be easily scaled can significantly reduce the chances of wiper attacks causing lasting harm.
Hacktivism will be the motive behind many more incidents
High-profile data breaches from TalkTalk, Ashley Madison and Experian have been extremely damaging for the companies involved, and brought cyber security to the forefront of every business owner’s mind.
Many of these attacks have been blamed on a rise in ‘hacktivism’. Self-proclaimed ‘hacktivists’ will attack companies for a variety of reasons, the most common of these being:
Ethics: To place the spotlight on a company engaging in morally questionable practices and expose them.
Opposing values: As a result of fundamental differences in the values held by the attacking group and the organisation being hacked.
Monetary gain: To extort victims for monetary gain in an effort to cripple the target organisation and fund their cause.
In part, these attacks are becoming more widespread because they are far easier to carry out than they were just a couple of years ago. With hacking tools readily available to those who know where to look, the resources required to stage a high-profile attack are dangerously easy to find and implement.
Social engineering attacks will rise in the wake of 2015 breaches
Hundreds of thousands of customer details were leaked as a result of the 2015 data breaches. This data is most valuable to hackers before the leak is discovered and made public, when it becomes much harder to sell off or act without attracting attention.
However, even after the breach is discovered this information is still out there, still accessible, and is often used in a second wave of attacks to target the victims themselves many months later.
Hackers will often bombard breached email addresses with phishing attacks in an attempt to gain access to more of their personal details. By impersonating banks, retail companies and government agencies, the attacker will try to trick users into sending them money or personal information.
These imitations are becoming more convincing, with hackers explaining to users that they are vulnerable to an attack and must change their details immediately by handing them over in some way.
Read more on cyber security:
- 8 ways British SMEs can fight hackers and prevent cyber crime
- As cyber crime soars, one SME is offering companies a new way to keep safe
- Email security – the biggest threat to your business in 2016?
Additional cyber threats will continue to be discovered in the Internet of Things
The Internet of Things is developing at an unprecedented pace. With an incredibly broad spectrum of uses across a plethora of sectors, a ‘smart world’ is not simply the stuff of science fiction. These IoT devices are populating every aspect our lives and it’s important to understand that leaves people vulnerable.
Smart homes, for example, offer convenient solutions for busy residents looking to save time and money, but smart tech companies must ensure it is not to the detriment of the user’s security.
Devices such as smart electricity meters or thermostats could moderate power consumption and room temperature based on when the residents are out. However, if criminals were to access the network these devices communicate through, this data could be used to plan a break-in.
There are three main entry points when it comes to IoT devices:
Firstly, attackers can hack the service provider, gaining database information that gives access to data such as smart meter readings.
Secondly, it is possible to break in through the wireless protocols between the devices, which are inherently insecure due to the low quality routers often supplied with home Wi-Fi packages. The vulnerable ISP boxes are reverse engineered for security, and give easy access to the consumer’s network.
Finally, hackers could directly infiltrate the infrastructure, however this is much more difficult that the other two methods, as it so is unlikely to occur as frequently.
What can business do to combat these incoming threats?
CIOs must take more responsibility when it comes to data theft. Leaving security vulnerabilities solely to the IT team is no longer excusable as data theft continues to be a prominent issue.
Threat intelligent services are likely to be commissioned to provide reports and validation on malicious threats. The increase in the power and safety of the cloud will also give SMEs a chance to move from relatively weak IT infrastructures to a platform where security is evolving constantly.
Ultimately, the focus on data protection is going to be paramount for businesses heading into 2016, and it’s up to them to ensure they are prepared.
Thomas Fischer is principal threat researcher for Digital Guardian