2016 is about to end, and the ever emerging cyber threats are not going away anywhere anytime soon. 2017 will see a number of emerging threats as technology continues to rapidly develop and increase dependency of people upon itself, eventually opening further doors for cyber criminals who are becoming smarter than ever before. We have prepared a list of four most predictable cyber threats that individuals and companies will face in 2017.
1. Incidents Related to Ransomware will Increase
Ransomware has been making headlines in the news recently this past year. According to an estimate by the FBI, in the first five months of 2016 alone, ransomware caused companies to suffer a loss of $209 million altogether. When in the past hackers were only focused on infecting malware into your computers from the comfort of their homes, they are now forming organized groups to encrypt your data, lock it, and demand payment for handing you over the key – turning ransomware into the most profitable type of malware ever in the history. The threat of ransomware is one of the most anticipated emerging cyber threats of 2017.
Cybercriminals are using ransomware to infect users in a variety of ways. Their focus may initially be on drive-by downloads and phishing attacks, but later these can turn potentially dangerous by targeting victims that considerably pay better – for example – hospitals, where confiscated data can mean the loss of a life. Unless the victim has not made several backups in between, the only choice they are left with is to pay the ransom or give up the data. What is more threatening is that ransomware is no longer associated with extracting money, as it can be used to completely destroy entire networks and server machines as well. Wiper malware, for example, has been utilized in numerous attacks for its destructive capabilities, including high-profile victims such as Sony Pictures and Saudi Aramco.
And this is not going to end here. Ransomware is now self-propagating and one of the most talked about emerging cyber threats. Businesses need to identify what is considered valuable to cyber criminals, and protect it. It is time to harden security by enabling visible networks, and essentially being able to see all threats that come in the way, to be able to mitigate them.
2. Third Parties shall ( Contractors, Vendors, Partners) Continue to Expose Corporations to Security Risks
Corporations are always at risk at the hands of third party contractors and vendors. Most enterprises do not have a standard system or a dedicated team in place for managing employees of third parties, and hence, no accountability to assess and monitor third party risk management. Cyber criminals are aware of this, and in the past there have been data breach incidents such as those on Target and Wendy’s, that occurred by exploiting vulnerabilities detected with their third parties.
Third-party attacks in 2017 will continue as one of the emerging cyber threats, if not increase. However, as much as corporations are becoming increasingly reliant on third parties with advancement in technology, they will also begin to realize the need for third-party management system to be safer. This untapped area of information security will require serious attention from corporations and large enterprises.
3. Electronic Medical Records and Healthcare Data will be Major Targets for Cyber Criminals
With the healthcare industry going through a major shift of changes as it transfers medical records online, it faces threats to the security of patient data and other medical records that can be useful for attackers in many ways.
According to a 2016 Survey of Emerging Technology Domains Risk by Carnegie Mellon University, with more devices being connected to healthcare networks, hospital data and patient information will become more vulnerable. Especially in cases where a device is connected directly to a patient, a remote compromise can prove to be extremely dangerous, with the attacker gaining control of increasing or decreasing medicine dose or disabling vital sign monitoring machine.
Electronic medical records also hold particular significance for hackers because of the vast variety of sensitive information they have. Keeping in view the number of cyber-attacks in healthcare this year, it is likely that their frequency will increase in 2017, and will continue until the industry holds full grasp over how it can safeguard Protected Health Information (PHI) and Personally Identifiable Information (PII) of patients.
4. The Internet of Things (IoT) will Raise Further Security Concerns as one of the Emerging Cyber Threats
The growth of products and services connected to the internet has been unprecedentedly increasing, and not only does it bring a vast array of opportunities but also draws attention towards major privacy and security concerns. More connected devices means more opportunities for hackers to target and infiltrate into a system. 2017 will be a challenging year for corporations to ensure security of IoT devices so as to avoid major setbacks. Consider using, for example, an IoT thermostat device to manipulate readings at a nuclear plant. Just last year, in a reported incident, a two year old baby was spied upon by an unknown hacker who accessed the web-connected baby monitor.
IoT devices may have hardware and software that might not have been used before, and the vulnerabilities they bring along would be hard for organizations to deal with. Real challenge for enterprises lies in finding out where and how security controls are needed to be implemented to this new generation of devices connected to the internet.
Information security companies need to prepare transitioning from securing servers, mobile devices and PCs, to securing a wide network of integrated internet connected devices. In this progressively interconnected digital era, enterprises need to ensure their confidentiality, integrity and reliability with necessary threat modelling for the Internet of Things.