2017 will likely be remembered as the ‘year of ransomware’, with an estimated 4,000 ransomware attacks occurring each day. But how will the cyber security landscape change in the year ahead?
A lack of social media security policies will create serious risks for enterprises
As observed during 2017, social media platforms are regularly being used for the spread of fake news or the manipulation of public opinion. But social media can also be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise. Criminals and hackers are known to use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.
Social media platforms provide the medium for connecting people globally, in the rapid exchange of ideas, discussions and debates in our digital world. However, from an attacker’s perspective, these platforms have become an easy target because of the number of non-cyber security savvy users, and the fact that they are easy and cost effective to use.
For less sophisticated attacks, an attacker can simply create an account using a false identity to allow them to spread malicious content. But more sophisticated attackers are also using employees’ individual social media accounts as an access point to the corporate network.
For example, if an employee uses the same password to access both the corporate network and a social media account, it could give hackers a route to access the corporate network and put an organisation’s data at risk.
The important thing for enterprise IT teams to recognise is that social media is now an integral part of the workplace, and not something that can be restricted to personal devices, or kept outside of working hours.
As a result, it must be considered as part of the potential attack surface that attackers may use to target the corporate network. To protect themselves against social media attacks, organisations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.
Attacks on wireless networks will escalate
The discovery of the Key Reinstallation Attack (KRACK) vulnerability, first made public in October 2017, sent shockwaves throughout the security industry. Until that point, most security practitioners had assumed that WPA2 safely encrypted wireless communication. But the vulnerability allows an attacker to intercept and read Wi-Fi traffic between devices and a Wi-Fi router, and in some cases even modify the traffic to inject malicious data into websites. In addition, it could even allow attackers to obtain sensitive information from those devices, such as credit card details, passwords, chat messages and emails.
The discovery has prompted the Wi-Fi Alliance to announce the release of a new Wi-Fi security protocol, WPA3, later this year. The protocol includes individualised encryption, to provide better privacy for Wi-Fi from public hotspots and other open environments, and a 192-bit security suite to outline best practice for users worldwide.
But until this is formally released, we can expect to see an escalation of attacks over public or open Wi-Fi connections, and in turn, an increased security provision by organisations that offer such services to their customers. Such attacks may be particularly damaging for people using old devices that are no longer supported by vendors, making them an attractive target for cyber criminals.
These threats may also trigger an increased use of Virtual Private Networks (VPN) by the most security conscious users.
Encryption will continue to present challenges for law enforcement
In the coming year, concerns about data privacy, the increasing use of cloud computing, an increase in data breaches and the introduction of the General Data Protection Regulation (GDPR) in May will all contribute to the increasing use of End to End Encryption (E2EE) by enterprises wishing to secure their data.
By using E2EE, organisations can encrypt data when it is initially created and only decrypt it at the point of use. Intermediary devices or systems do not have access to the data, meaning that only the communicating parties can access the data. The ability to encrypt data at rest, data in motion, and data in use, will likely appeal to enterprises wishing to secure their data on premises and in the cloud, as the threat of GDPR looms on the horizon.
However, the increasing use of E2EE will also present challenges to law enforcement organisations as criminals seek to use this method for espionage and subversion. This will pose a challenge for police forces worldwide, as they will have to find new ways to access sensitive data pertinent to their investigations.
2018 will no doubt be another transformative year for cyber security, as companies worldwide adjust to new European regulations such as GDPR. Hackers will no doubt seek to challenge us with new threats and techniques, but to stay a step ahead, IT teams should focus on protecting their organisation’s sensitive information, as well as encouraging a greater awareness of cyber threats among the wider workforce.
Sourced by Ian Goslin, managing director, Airbus CyberSecurity UK