As we approach the end of 2016, Check Point has listed the five trends in security that will characterize in 2017. Last year in November, Check Point had done the same view of 2016, listing emergence of sophisticated malware, mobile attacks, attacks on critical infrastructure and the Internet of Things as the top priority.
Here are the top lists for 2017:
Since the attacks on mobile devices continue to grow, we can expect that cyber-attacks on companies originating from mobile devices will become a major concern of security for companies.
The recent discovery of three zero-day vulnerabilities in iOS, following the attempted attack on the phone of an activist for human rights, highlights how quickly the industry surveillance and mobile cybercrime is expanding. The need of the hour for companies are to protect your mobile device against malware, interception of communications and other vulnerabilities.
Convergence between IT and OT
During the next year, we expect to see further spread of cyber-attacks on industrial IoT. The convergence of information technology (IT) and operational technology (OT) is making it both the most vulnerable areas, in particular, that of the operating technology of SCADA environments.
These environments often run older systems, for which patches are not available or are not supported by the vendors. Many critical industrial control systems are open to the Internet, and a recent report found that more than 188,000 systems in 170 countries were accessible in this way.
More than 91% is remotely exploitable by hackers, and more than 3% has exploitable vulnerabilities. Manufacturing, as an industry, will have to extend the systems controls and physical security in the logical space and implement prevention solutions threats in the IT and OT environments.
Almost the entire infrastructure, including nuclear power plants, electrical grids and those for telecommunications, have been designed and built before the advent of the threat of cyber-attacks. In early 2016, it was reported the first blackout caused intentionally by a cyber-attack.
Those responsible for critical infrastructure security must, therefore, prepare for the possibility that their networks and systems can be attacked in a systematic way by different actors such as other states, terrorists, and organized crime.
Speaking of businesses, we expect that the ransomware will become as popular as DDoS attacks. Like the DDoS attacks, infections ransomware can lock the daily operations of a company and their mitigation requires a multi-layer prevention strategy, including sandboxing and extraction techniques of advanced threats.
Companies will need to consider various alternatives to address the people throwing the ransomware campaigns. Collaborative strategies such as stops coordinated with industry colleagues and law enforcement will be crucial. While paying a ransom is never recommended because it encourages future attacks, it is sometimes the only option for recovery of data and the ability to work.
Therefore, the availability of financial reserves to speed up payments will become increasingly common. We also expect more attacks aimed at influencing or silencing an organization with legitimate actors who are launching these attacks.
Since companies always continue to keep more data in the cloud, providing a backdoor for hackers who want to access other business systems, an attack aimed to disrupt or shut down a major cloud service providers will have an impact on the business of all its clients.
Finally, we expect to see an increase in ransomware from direct attacks on the cloud-based data centers. As more and more companies are turning to the cloud, whether public or private, such attacks will begin to find ways to infiltrate this new infrastructure. Attackers can use the spread of encrypted files from the cloud to cloud or use the cloud as a multiplier volume.