From Sean Duca, VP, Regional CSO, Asia Pacific, Palo Alto Networks
2016 was a challenging year for organisations particularly as cyber adversaries achieved high-profile success, mainly with ransomware.
Being aware of security concerns doesn’t mean avoiding new technology altogether. It’s about being sensible and trying to stay ahead of cybercriminals by understanding current and potential threats and what can be done to mitigate the risk.
What are my predictions for Asia-Pacific in 2017?
- Industrial control systems may turn against you
Industrial control systems (ICS) are an integral part of any business, especially in Asia-Pacific.
Most businesses outsource their building management requirements so they don’t necessarily know whether the third-party provider has adequate security in place. It’s not impossible for a malicious actor to execute an attack that could cause significant damage.
For example, an attacker could turn the heating up in a company’s server room or data centre to 50°C and then disable all the building access points so no one can get in to physically remove hardware to a safer location. The hardware would eventually overheat, causing significant disruption to a business, its customers and its partners.
What you need to consider:- Organisations need to gain an overarching view of their potential weak spots through third parties as well as their own network. Additionally, they need to put a plan in place that would help counter any potential attacks.
- Have you checked what non-IT equipment your business depends on and what security they have enabled? Are they connected to the internet, managed by a third party?
- When outsourcing to a third party, what level of security assurance do they have in place? Are they able to provide information to you on how they secure themselves and, ultimately, how they secure and manage your network and systems?
- The Internet of Things (IoT) devices will be a target for cybercrime
Market research firm Gartner predicts that the number of connected ‘things’ will rise from 6.5 billion in 2015 to almost 21 billion by 2020.
Connected devices will also be a target for cybercrime, even more so because people place enormous trust in third-party vendors being safe. These endpoint devices provide thousands of potential entry points to an organisation’s network. They need to be secured. In 2016, we saw the first real challenges appear where compromised devices were connected together in a botnet to launch attacks against banks and key parts of the internet infrastructure.
What you need to consider:- It is important to understand that the IoT is not a possibility or a project of the future – it is a current reality. Make a point to ask suppliers involved in security assurance how they can assure the security of the devices they provide.
- Any devices using factory settings for security are simply asking to be compromised. IT managers must change those standard administrator passwords to avoid being targeted.
- These devices should also be regularly checked to see if they adhere to the company’s security policy.
- We may see a ransomware vortex with a nasty surprise
Ransomware involves attackers locking up a business’s data and demanding a ransom for its release. If you thought 2016 was bad for ransomware – where attackers access data and ransom it back to the victim – then 2017 will be worse. We can expect to see a higher attack volume, using more sophisticated technologies. If the discovery of Locky ransomware was anything to go by, financial malware will continue on an upward trajectory in 2017.
What you need to consider:- If you have fewer than 72 hours to respond, do you have a comprehensive backup strategy and response ready to counter these attacks?
- When was the last time you tested and verified the backup?
- Have you applied basic file blocking to prevent threats from entering your organisation?
- We will have serious data trust issues
People will continue to be too trusting or fooled into thinking something is safe when it really isn’t. For example, confidential data can be exposed, or made available, that looks like it comes from an organisation, when it was actually planted by a malicious party. Either way, there’s a business reputational risk and a monetary price to pay.
So What Can Be Done?- Businesses need to look at two key things: where their sensitive data resides and what data is critical to the business to operate
- Who amongst our employees has access to our sensitive data? Simply knowing who has access to documents or big data stores stops short of understanding to what they have access.
- A key way to reduce risk to sensitive information is to also understand how the data is protected. Is there protection in place, and does it meet the right level to mitigate risk for something that could be mission-critical to a business?
Click here to view an infographic.