By Gene Fredriksen
Any company dedicated to the protection of sensitive personal and financial information knows it is becoming more and more challenging to execute each year. What’s driving this increase, and what do we project will happen in 2016 as part of our strategic planning process?
Let’s take a look at the major emerging cyber security trends for 2016:
Hardware Attacks
Attacks on hardware and the Internet of Things (IoT) will continue and grow. Attackers continuously evaluate new attack vectors, and the probability of finding an Internet attached device that is not fully secured is high. To further compound the issue, the reported advances in malware exploiting weaknesses in hardware and firmware continue to surface. The toolsets that enable those attacks are becoming readily available and are dropping in price.
Ransomware
Ransomware used against organizations is a constantly growing threat. The recent issue at the Bank of Dubai illustrates how cyber criminals can hold an organization hostage. It is suspected that many cases go unreported by companies who elect to pay and not suffer adverse publicity or embarrassment. An emerging service-for-hire, this opens up the ransomware exploit and attack to those without technical skills, just financial means. We should expect this threat to increase not only for financial gain, but also for political or revenge motivations.
Botnet
Organization networks will continue to harden and become more resilient. As this trend continues, attackers will look for other avenues of attack, which offer less resistance. Third party service providers, employee support systems (cloud-based), and employee home systems will become an attractive target for hackers looking to establish a foothold in an organization. The estimated number of home systems infected with a Botnet continues to rise every year. A Botnet allows its operator to steal personal and financial information, get into system owners’ bank accounts, steal millions of credit cards, shut down websites, and monitor every keystroke without the knowledge of the computer’s owner. This enables the potential theft of credentials used to access company systems remotely.
Cloud-based Cybercrimes
As organizations continue to migrate to cloud services, cybercriminals will seek to exploit weak or ignored corporate security policies established to protect cloud services. Data that traditionally never left the confines of the corporate data center now reside in the cloud on servers around the world. Cybercriminals accessing this type of sensitive information can adversely leverage or damage business strategies, company portfolio strategies, next-generation innovations, financials, M&A plans and other sensitive data.
In 2015, PSCU continued the expansion of our Security Analytics system, enabling us to correlate disparate log and system feeds, turning them into actionable alerts. From an operational perspective, driving down the false positive rate allows users to have a higher confidence level in the alerts being generated, and it yields better use of critical resources and faster response to true security issues. The system has also simplified compliance reporting, allowing us to quickly produce customized reports as required. This continued investment in resources to combat cyber security threats has improved our people, processes and technology systems targeted at protecting the information entrusted to us by our credit union owners.
The challenge is to keep pace with and preempt adversaries. We must match the assets, motivation, and financial commitment of the cybercriminals if we intend to prevail.
Gene Fredriksen is the Chief Information Security Officer for PSCU. In this role, he is responsible for the development of information protection and technology risk programs for the company. Gene has over 25 years of Information Technology experience, with the last 20 focused specifically in the area of Information Security.
For info: www.pscu.com