| Predictions for 2017 | |
| “I would love to think that 2017 will be the year when mistakes like this stop being made and we do not have to write one of these reports for a new client. I also hope to get invited to play golf with Rory McIlroy, preferably at Augusta. I predict severe disappointment in 2017 for both wishes” | 
Threatscape Dermot Williams, managing director |
| 2016 was a hectic year in information security and the frenetic pace of vulnerabilities, threats, and breaches has not abated. As we move into 2017, some predictions can be made without needing to reach for a crystal ball Money will make the cybercrime world go around: Ransomware, CEO email fraud, attacks on central banks — 2016 was a year when crime seemed to pay for digital bad guys. And every time we thought we had seen the most cunning, most audacious means of turning the dark arts of cyberattack into cold hard cash, something even more sinister came along.Have we seen the worst of it? We can hope for the best but must plan for the worst. And we must assume that the rich pickings of 2016 will only embolden the bad guys to try their very, very worst. No, I do not know what they will dream up next, but I know I’m concerned. But the wider world will barely notice: It does not help keep cyberspace safe from crime when some incidents get little media coverage outside the IT industry. Who does not know the that Kim Kardashian was attacked and robbed of her jewels in Paris? Or speaking of jewels, who does not know the details of the Hatton Garden vault raid, right down to the shape of the hole drilled into the vault? Taylor Swift has her Twitter hacked. Hold the presses! But a cybercrime incident nets tens of millions of dollars from a central bank? Few people I talk to have even heard about it. Mistakes will be made: It has been said a thousand times, but the bad guys only have to get lucky once. Yet because many organisations remain unaware of the many ways cyberattacks operate, mistakes continue to be made which greatly increase their exposure. Invariably our incident response reports to ransomware attacks in 2016 pointed to one of two related root causes: arbitrary executable code entered an organisation’s IT infrastructure by means of unfiltered inbound email, or executable code entered because perimeter firewalls were not capable of providing or had not been configured to provide SSL decryption to prevent executable files entering through HTTPS: connections. I would love to think that 2017 will be the year when mistakes like this stop being made and we do not have to write one of these reports for a new client. I also hope to get invited to play golf with Rory McIlroy, preferably at Augusta. I predict severe disappointment in 2017 for both wishes. Trust and truth will be rare commodities: With computing elements from hardware to software to operating systems and everything in between being probed constantly for security flaws, it is hard to find anything we can fully trust any more. Digital certificates? Don’t think so. The phone in your pocket? Who knows who is listening? Any operating system older than yesterday? Where are the patches? Donald Trump may sound archaic when he says he does not trust electronic communication, and jokers have suggested a pigeon coop may be added to his White House to satisfy his preference for older methods, but anyone who blindly trusts digital systems without doing their best to both verify and secure them in 2017 is the real fool. And speaking of US presidents, how interesting Hillary and the Democrats have stirred up a frenzy about how “Russian hacking” lost her the election (neatly diverting attention from the fact she has not denied the authenticity of the very damning emails the revelation of which doubtless did harm her campaign). Was it the Russians? Maybe. And maybe not. But the reality is that I don’t know, neither do you – and neither of us possibly could (assuming your name isn’t Vladimir). Accurate attribution is a major factor in cyber-incidents, and with all the political craziness we are facing into for 2017, we have not seen the last of it by far.
|
|
Subscribers 0
Fans 0
Followers 0
Followers