Chief information security officers face new and stronger threats to systems in 2019. Not only are hackers deploying more sophisticated attacks, but attackers have new targets in their sights. Also, geopolitics and consumers will continue to play an outsized role in discussions of cybersecurity issues.
Knowing what horizon issues will help CISOs to plan accordingly and deploy solutions that are ahead of the looming problems.
What New Technologies Are Hackers Using?
One growing threat is botnets, in which hackers compromise hundreds, thousands or millions of infected computers. Hackers run command-and-control networks to manage these zombie computers.
One widespread use of botnets is distributed denial of service (DDoS) attacks, which flood domains with so many requests that they can’t handle real inquiries. Often websites crash and are not recoverable unless a ransom is paid.
Botnets are delivered via worms, which attack spreadsheets and documents, and viruses that target systems, destroy data or make networks inoperable. Once implanted in a system, viruses and worms spread, infecting more computers and doing more damage to files.
The challenge for CISOs is to remain ever-vigilant in this front line of attack. Anti-malware software that is continuously running in the background and automatically updated is one key solution. However, companies large and small also need to stay on top of the software, hardware and operating system upgrades, making sure that all devices and programs are updated. These protections need to be in place both for core system servers and end-user devices.
Finally, an in-depth defense should involve regular, meaningful and compelling personnel training that makes employees aware of how to avoid phishing traps and remain suspicious of unknown or unfamiliar emails and attachments.
Are There Other Risks from Hackers?
Hackers frequently use the Dark Web to trade, share and buy information. As defenses get more complicated, hackers become more determined to find new ways to thwart preventative measures.
Take, for example, exploit kits, which are traded regularly on the Dark Web. Hackers do not issue attacks in one fell swoop. Instead, they sniff and explore different aspects of a target. While malware and phishing schemes target end users, other tools are deployed to explore the system’s website and perimeter.
Exploit kits are self-contained, all-in-one tools that are developed with discretion in mind. If a hacker finds a vulnerability on a website, it can attack the server that hosts said site. When a victim visits the website, they are redirected to a rogue server instead, which gathers information about the victim. The exploit kit identifies and delivers an exploit that is attached to the victim and downloaded onto the victim’s computer, often via a software security hole.
Another example is an APT (advanced persistent threat). Another stealthy hacker tool, the APT can enter a system network and lie dormant until activated. APTs don’t do file damage but steal financial and other critical information. When login credentials are taken, the APT can dive deeper into a system to compromise even more data.
Then there’s the drive-by download attack. Such attacks don’t require any action on the part of a user. Malicious code is downloaded automatically upon visiting a URL via a browser, operating system or app. Often these attacks contain multiple pieces of code that infiltrate the system in the hopes that a few get past your defenses.
Stopping these attacks means updating browsers, using anti-malware tools and deploying sophisticated firewalls that monitor and protect the network’s perimeter. Intrusion detection systems and alerts can identify, contain and neutralize many of these threats before they cause significant damage.
What About Blockchain and Cryptocurrency Defense?
The growing application of blockchain technology in many areas has led to new opportunities for theft of these assets. While blockchain can be difficult to hack, mining for cryptocurrency is a lucrative endeavor.
The challenge with mining for crypto is it takes a tremendous amount of computing power. Hackers are hijacking (cryptojacking) corporate and personal computers to take advantage of their processors to mine. It’s a passive way for hackers to make money, but can dramatically slow down computer performance and add to utility costs. As long as cryptojacking remains profitable, it will be a headache for CISOs.
Do I Need to Worry about Cloud Data?
More companies have shifted data and applications to the cloud, breathing a collective sigh of relief that the protection and monitoring of that information are in the capable hands of a trusted third party. However, companies often deploy cloud data solutions without investing in the underlying security, particularly encryption. That means many companies have unsecured information stored in the cloud that is easily accessible to anyone who might want to use, steal, manipulate or alter it.
Hackers are shifting their tactics about how to disrupt data. Instead of stealing it, they are manipulating data. Data manipulation attacks can do serious harm to company reputations as data users question the reliability and accuracy of data sources. The impact on information providers, financial institutions and medical practices and hospitals could be devastating if data are altered such that an organization’s integrity is questioned.
What About Data Regulations?
In 2018, two significant regulations came into being. The General Data Protection Regulation (GDPR) governs data protection and privacy for citizens of the European Union and affects any organization that does business with said residents. California passed a sweeping online privacy law that affects consumers and requires companies to disclose on demand specific uses and sales of consumer information.
More regulation is likely. With more regulatory complexity will come additional challenges for CISOs.
Consider that Europe, China and the U.S. have very different approaches to data and its regulation. China takes a very nationalistic view of data, seeing it as something to be protected and contained within the country’s borders. Europe considers data as something that needs to be highly protected and kept secure.
The U.S. has seen data as a commodity to be commercialized, sold and leveraged for financial gain. There is very little unifying federal guidance on data security like Europe’s GDPR.
In the U.S., companies could face different data privacy requirements from each state if others take California’s lead.
What does this mean for companies? A complicated regulatory landscape. There will be difficulty in gathering, storing and using data from multiple jurisdictions. It could also lead to greater compliance issues as companies need to grapple with similar but distinct reporting standards for different states, countries or regions.
What Political Concerns Affect Cybersecurity?
The U.S. is embroiled in several controversies with other nation-states related to cybersecurity. Ongoing investigations about Russian intervention in elections, trade wars with China, and concerns about trade agreements in North America and Europe add to a climate of political uncertainty. Cybersecurity will likely continue to be a political issue both domestically and internationally throughout 2019, especially in the lead up to the 2020 presidential elections.
How Are Consumers Affected?
As consumers and companies become more interconnected, hackers are shifting their targets away from corporations to consumer devices. This concern becomes more significant with the vast proliferation of the internet of things. With smarter, connected devices in use comes added vulnerability. Hackers could, for example, attack a smart television and hold it for ransom. Connected toys could become a target for child predators. Already there is an increase in sextortion attacks designed to shame victims into believing their visits to porn sites were recorded and will be released if a ransom isn’t paid.
While these consumer-based issues may not directly affect CISOs, they will if the attacks come from your devices or services or a result of data stolen from your company.
What Issues Arise from Passwords?
In recent years, multi-factor authentication has grown. Simple passwords continue to be a prime target of hackers. Password theft and password-related breaches become less prevalent and relevant for companies that deploy low-cost multi-factor solutions.
How Can We Combat Shadow Systems?
Ego, internal politics and budget often make it challenging to address rogue and shadow IT systems. The reality is that shadow IT systems not governed, maintained or monitored by central IT staff are a significant liability. With increased awareness and understanding of cyber threats, CISOs should use 2019 as a time to finally pull the plug on rogue systems.
Each year brings new complexities and challenges to IT security officers. Getting ahead of these issues and making sure your organization is ready to address them is a valuable new year’s resolution.