Cybersecurity company, Check Point has predicted that enterprise breaches that originate on mobile devices will become a more significant corporate security concern.
As the end of 2016 draws closer Check Point has come out with five key predictions and cyber-security trends to anticipate in 2017.
Check Point says that it is useful to look forward and try to anticipate the cyber-security trends that lie ahead; and to reflect on what’s happened over the past year, in order for organizations not to get caught up once more in 2017.
According to the security company, after a comprehensive evaluation of what happened in 2016, most of its predictions for the year were ‘unfortunately accurate’.
The company says its 2016 predictions that eventually proved accurate include: the emergence of sophisticated and custom-designed malware designed to get past organisation’s defenses, increase in mobile attacks, attacks on critical infrastructures and Cyber-criminality taking advantage of the growing Internet of Things and targeting smart devices.
“Prediction is very difficult, especially if it’s about the future, as Nils Bohr, the Nobel laureate physicist put it. But as the end of 2016 approaches, it’s useful to look forward and try to anticipate the cyber-security trends that lie ahead; and to reflect on what’s happened over the past year,” Check Point says.
“We would much rather organisations didn’t get infected by malware, hacked, or suffer data breaches. But by predicting the next wave of threats, we hope to help organizations stay one step ahead of cyber criminals’ exploits,” the company further says.
Below are the five key security predictions for 2017 by Check Point:
Mobile: Moving targets
According to the company, as attacks on mobile devices continue to grow, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern.
It says the recent discovery of not one, but three zero-day vulnerabilities in Apple’s iOS following an attempted attack on a human rights activist’s phone highlights how rapidly the mobile surveillance and cyber crime industry is expanding – and the need for organizations to deploy protections on their mobile estates against malware, interception of communications and other vulnerabilities.
IT and OT convergence
In the coming year, Check Point expects to see cyber attacks spreading further into the Industrial IoT as the convergence of informational technology (IT) and operational technology (OT) is making both environments more vulnerable, particularly the operational technology of SCADA environments.
These environments it says often run legacy systems for which patches are either not available, or worse, simply not used. Many critical industrial control systems are open to the Internet – a recent report found over 188,000 systems in 170 countries were accessible this way. 91% were remotely exploitable by hackers, and over 3% had exploitable vulnerabilities.
Manufacturing, as an industry, will need to extend both systems and physical security controls to the logical space and implement threat prevention solutions across both IT and OT environments, according to Check Point.
“As attacks on mobile devices continue to grow, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern.” the company adds.
Check Point also places critical infrastructure in its predictions for the coming year – globally, saying it remains highly vulnerable to cyber attack.
The company says that nearly all critical infrastructure, including nuclear power plants, electricity grids and telecoms networks, was designed and built before the threat of cyber attacks.
“In early 2016, the first blackout caused intentionally by a cyber attack was reported. Security planners in critical infrastructure need to plan for the possibility that their networks and systems will see attack methods consistent with multiple potential threat actors: nation-state, terrorism and organized crime,” says Check Point.
For enterprises, Check Point predict that ransomware will become as prevalent as DDoS attacks, insisting that like DDoS attacks, successful ransomware infections can shut down a business’s day-to-day operations, and mitigating them demands a multi-faceted prevention strategy, including advanced sand-boxing and threat extraction.
The company further says that businesses will also need to consider alternative ways to cope with the people who launch ransomware campaigns. Collaborative strategies like coordinated take-downs with industry peers and law enforcement will be essential.
“While paying a ransom is never recommended because it encourages future attacks, sometimes it is the only option for recovering data and the ability to function. As such, the establishment of financial reserves to speed up payments will become increasingly common.
“We also predict more targeted attacks to influence or silence an organization, with ‘legitimate’ actors launching such attacks. The current US Presidential campaign shows this possibility and will serve as a precedent for future campaigns,” Check Point predicts.
Check Point says as enterprises continue to put more data on the cloud, providing a backdoor for hackers to access other enterprise systems, an attack to disrupt or take down a major cloud provider will affect all of their customers’ businesses – as we saw with the recent DDoS attack against domain directory service DynDNS.
It adds that, while generally disruptive, this would be used to impact a specific competitor or organization, who would be one of many affected, making it difficult to determine motive.
Check Point also expects to see a rise in ransomware attacks impacting cloud-based data centers too.
The security company opined that as more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure, through either encrypted files spreading from cloud to cloud or by hackers using the cloud as a volume multiplier.
Check Point Software Technologies Ltd. is a multinational company headquartered in Israel, which provides software and combined hardware and software products for IT security, including network security, endpoint security, mobile security, data security and security management.