Despite all of the headlines during the year, the data breach crisis is not over-hyped, and much of the danger is not well understood.
At the same time, it’s clear that things are not getting any better. Businesses are losing the cybercriminal war.
Traditional security approaches are simply not effective. Attackers can break into any network – including the top security agency in the US – and accomplish their goals without been detected.
Given this state, it’s no wonder that cybercrime is bad – and it’s going to get worse.
During 2016 there were several indications of what might be more prevalent in 2017.
1. Internet of Things devices will become a point of entry for a network attacker
Much has been said about the vulnerability of Internet of Things (IoT) devices. We have witnessed demonstrations of car braking systems, thermostats, video cameras and even solar panels penetrated by hackers, and led to imagine the horror of what could have been done. IoT devices were also used to launch a massive DDoS attack on US internet infrastructure this autumn.
>See also: The evolving face of cybercrime
In 2017, we will see a new danger emerge, with IoT devices serving as a growing entry point for external attackers wanting to gain access to private networks. Potential targets include hospitals, manufacturing companies and any facilities security cameras or climate control systems.
2. New evidence shows that many breaches are never reported
Network attacks and resulting data breaches in the headlines generally involve the loss of personally identifiable information (PII), healthcare and credit card details.
Most of these sorts of breaches make the news because of regulatory obligations to disclose breaches that involve customer or employee data.
Besides the loss of user data, organisations continually face dangerous network attacks where the primary objective is theft of intellectual property, business secrets, financial information useful in trading stock, and other important assets.
These types of breaches are rarely reported or acknowledged unless, perhaps, it is a clear material event for a public company. In 2017, more of these breaches will come to light, indicating that they are far more common than the public realises.
3. The healthcare industry starts reversing its trend by having a declining number of breaches
In the second half of 2016, healthcare data breaches soared, showing that the industry was clearly sick with little hope of recovery.
At the same time, several UK healthcare IT conferences have pointed to new strategies, technologies and procedures based on behavioural profiling across the internal network to find active attackers by their operational activities. It’s likely that this awareness and openness to new thinking will start to occur in the UK as well.
The NHS hasn’t addressed this issue in a substantial way, but some of the more forward-looking NHS regional groups and practices will start to add attack detection to their preventative security to address the data breach problem.
With the motivation being so high, expect to see fast adoption of new approaches that can stem the tide of healthcare IT breaches.
4. Legitimate and semi-legitimate entities will borrow even more evasion techniques from cybercriminals
For years, cybercriminals have incorporated strategies from the best-run companies into their business models. They have developed criminal supply chains, automated attack processes, and even offered commercial-graded customer service to clients.
In 2017, some employees and even some companies will copy the practices of cybercriminals to get around access controls.
Users have leveraged proxies and VPNs to get around web proxies for years to view unauthorised content. Some will try their hand at even more advanced techniques like DNS tunnelling in 2017.
Some advertising companies have used techniques that look strikingly like advanced malware techniques to thwart ad-blockers. These trends will grow next year.
5. Most UK companies will not start planning how to meet the data breach aspects of GDPR until late 2017
The General Data Protection Regulation (GDPR) sets substantial penalties for failure to report a breach in a timely manner and for not using best efforts to protect consumer details and privacy. The law applies to any business – whether or not it is based in the EU – that has identity and other information from its business or interaction with EU citizens.
6. Hosted email becomes a popular target for attack, since there is a substantial amount of confidential information kept inside email
Today most organisations run on email. Business processes, company secrets and confidential data are all things that flow through email in a typical organisation. Rather than penetrating an organisation’s network to gain access to information that can be monetised, some attackers will find that hacking an individual’s email account will provide a wealth of assets.
7. The first known data breach results from one company connecting to the network of another through a merger or acquisition
Despite a great deal of IT due diligence performed in M&A, a glaring omission is a reliable check to determine that there are no active attackers on the networks. Most companies don’t have the means to know if there is an attacker lurking on their own network, let alone one that they will connect to after an acquisition.
While attacks have occur from being connected to a vendor network, there are no reported attacks occurring from M&A, although it is very likely. In 2017, it is likely that at least one such attack will become publically known.
Sourced from Alex Moyes, UK country manager, LightCyber