The Five Biggest Security Concerns After Petya And WannaCry
With many organisations still reeling in the aftermath of the Petya and WannaCry ransomware attacks, it’s not only sensible, but crucial, that they analyse what other dangers they face in the digital age. When TalkTalk was hacked in 2015, the company lost up to £60m and approximately 101,000 customers, and the damage to the organisation’s reputation was huge. CIOs must avoid this fate, by proactively looking at today’s big security concerns in order to protect their company tomorrow.
Security vectors evolve rapidly because the malicious parties responsible are constantly innovating. Many cybercrime operations have organisational charts similar to legitimate businesses and use best practices for management, marketing, pricing and operations etc. To combat this cybercrime wave, companies are ploughing money into efforts to protect themselves. So much so that IDC expects spending on security technology to reach $81.7bn in 2017. In light of this, what are the biggest security concerns organisations face today?
1. Data Obfuscation and Ransomware
Firstly, ransomware, as illustrated by the Petya, WannaCry and CryptoLocker attacks, are set to continue. These attacks affect the real-time information that underpins business transactions creating chaos in the process. Unfortunately, intelligence agencies believe that this is not only a real and present danger, but also an inevitability. As such, it’s crucial that companies not only encrypt their sensitive information, but also regularly back up this data to hard drives that aren’t connected to the wider network.
- Leaking Intellectual Property
As we have already witnessed, with the threat of release of the latest Disney movie or the theft of the NetFlix series, ‘Orange is the New Black’, one new form of cyberattack concerns the unauthorised release of Intellectual Property (IP). Many companies across the globe still do not have systems secured adequately and regularly fail to patch against known vulnerabilities. This is the equivalent of leaving the keys in front door and all your valuables stacked neatly in the hallway. It is vital that companies have full visibility across their technology portfolio and regularly update their security software and patches.
- The Internet of Things (IoT)
Intel estimates that by 2020, the number of devices connected to the Internet of Things (IoT) will increase from 15 billion to 200 billion. This includes everything from pacemakers to refrigerators to connected cars to our clothing. The platforms these devices are built on often have little or no security. Most operate a self-regulation model; and as a result they are very vulnerable to hacking. This was evidenced during the 2016 Dyn attack, which consisted of multiple distributed denial-of-service (DDoS) attacks using a network of hacked internet connected devices. Companies must carefully review the security of devices before connecting them to the network, as they often serve as vulnerable gateways for hackers to exploit.
- Artificial Intelligence and Machine Learning
Artificial Intelligence (AI) and machine learning are increasingly being used to combat cyber threats. However, access to such tools and platforms is still expensive and beyond the reach of many organisations. This is both a blessing and a curse as when the cost of these technologies falls, hackers will invest in these solutions to further their own criminal exploits. As a result, attacks will be automated and have the ability to morph and change on their own, to continue to spread and create widespread destruction in short periods of time. In comparison, the spread of WannaCry will look like the work of children. These exploits will be more lethal, faster and much more dangerous. This means that not only will companies need to invest in new security technologies as soon as they become available and affordable, but must ensure they follow all best practices religiously – such as encrypting and backing up sensitive data.
- Quantum Computing
This may be the single biggest threat to cybersecurity that no one is paying attention to. Using quantum computers, which can compute vast quantities of information and massively accelerate computing processes, criminals could crack virtually any encryption mechanism currently used for our most sensitive online tasks – such as online banking and sharing electronic health records. While this threat might yet seem unrealistic, technology is advancing at a rapid rate and this may well become a future factor.
While ransomware attacks have grabbed the headlines due to the widespread ramifications of Petya and WannaCry, there are other cyber-threats that organisations need to be concerned about. However, they needn’t lose too much sleep as long as they are following security best practices – such as encrypting data, backing up all sensitive information, and automating the renewal of security patches and licenses – which can mitigate vulnerability to an attack.