If you thought that 2016 was rough when it came to information security challenges, 2017 could prove to be worse. It’s not all doom and gloom though. Many organizations are proactively defending against security threats. Here are just a few of the things that all businesses and users need to be prepared for in the coming year along with ways to help mitigate the risk of a breach.
The Internet of Things (IoT) Gets Scarier
In 2016, we saw the Mirai botnet take over IoT devices by the thousands and conduct targeted Distributed Denial of Service attacks against websites and even DNS providers. Given that the practice of creating IoT devices with credentials embedded in the firmware of the device hasn’t stopped, we’ll likely see even more of these types of attacks, more than likely on a larger scale than we’ve seen historically.
Additionally, in 2017, we’ll more than likely see deaths or major injuries from IoT devices, especially considering that many of them are being created as medical devices (insulin pumps, etc.) or installed in vehicles as part of a CAN (car area network), or controlling HVAC and other types of industrial systems. While no one has, as far as is known, attempted to do malicious acts that could cause this type of tragedy, in 2017, because of the oncoming ubiquity of these devices, it’s almost a certainty.
If you find that you are using IoT devices in your home or workplace, make sure you understand the security implications of using these devices and put in protection measures (segregating networks, etc.) to ensure that these devices are properly protected and do not present risks to the rest of the systems on your network.
Privacy is Gone…Mobile Devices are Watching Us
While there have always been threats associated with mobile devices (lost or stolen devices with tons of data, malicious data stealing apps, etc.) 2017 is likely the year where we see a mass intrusion upon our personal and professional lives at a scale we have never seen before by the same devices that we can’t seem to live without.
Why 2017? More and more mobile devices are tracking, storing, and transmitting more and more data (location, steps taken, purchases, etc.) than ever before and the trend is likely to grow in proportions unseen in prior years. The problem is that the consumer wants convenience without the problem of extra passwords or other protections that might protect the data in question.
Given this, make sure that you understand the implications of allowing all of this data to be collected. Only allow tracking, transmitting, and storing of data from trusted apps and make sure that you have the ability to turn it off in the event that you want to stop or pause using the application.
Ransomware Goes Mainstream
While 2016 saw the surge in the use of ransomware, 2017 is the year that it will go mainstream as a means of extorting cash or information on scale previously not seen.
As more and more individuals and nation states gain access to ransomware software and the means of weaponizing it becomes easier and more reliable, the growth of ransomware infections is likely to grow steadily, if not rapidly spike. Truly, ransomware is set to be the next “virus” that will become so common that it won’t even be news worthy unless it’s a massive infection impacting an entire corporation or the federal government.
In 2017, we’ll see new deployment models that make it easier for the attacker to infect the victim with ransomware. Drive-by downloads and phishing emails were only the start and will surely be assisted by new deployment models that make it harder for the victim to even know what is happening until it’s too late.
2017 will also be the year that IT teams truly come to understand the value of reliable and tested backups. It’s either that, or, it will be the year that their CFO becomes proficient at purchasing and making payments in Bitcoin.
To protect yourself, always make sure that your systems are fully patched and that you have the latest anti-virus signatures available to your anti-virus software. Additionally, make sure that critical systems are properly segregated via VLANs or other means to ensure that there is less likelihood that they will become infected with ransomware.
Smart Cars Causing Dumb Accidents
The age of the autonomous vehicle is upon us, but with that come the risks associated with letting a several thousand-pound object be put into motion with no one behind the wheel all the while being controlled by a system that likely has only had rudimentary testing. What could go wrong right?
The problem is that many of these autonomous vehicles will not undergo the rigorous security testing that should be required before they are ever let out on the road. Given this, how long will it take before someone figures out how to commandeer one of these vehicles and do God knows what with it (drive it into a wall, run a red light, slam on the brakes in traffic, etc.).
Really the only way to protect yourself from these types of issues is to be aware that these types of vehicles are now on the road so that you can take appropriate measures to protect yourself and your family. Additionally, if you intend to use or ride in one of these vehicles make sure that you understand the risks of doing so in the event that there are attacks launched against the systems of the vehicle.
Put Your Seatbelts On…
All of this to say, put your seatbelts on folks. 2017 is going to be a bumpy ride! However, with proper information security policies and protocols in place, your organization can mitigate risks. We recommend core solutions, such as vulnerability management, security awareness training and regularly scheduled penetration and social engineering assessments to help understand weaknesses to better defend and protect data.
Download DDI’s Free Security Guides for information security tips and best practices.