Matthew Gardiner, Mimecast
by Stuart Wilson, Wednesday 4 January 2017
Cybersecurity needs to be on every organisation’s agenda for 2017, according to Matthew Gardiner, senior product marketing manager at Mimecast.
Cybersecurity in 2017
“There’s no reason to believe that 2017 will be any better for cybersecurity than it was in 2016. If anything 2017 will be even worse as cybercriminals continue to leverage social engineering and phishing techniques to find new vulnerabilities to exploit, develop new ways to monetise their activities and get through corporate defences and target individuals. In 2017, cybersecurity battles favour criminals even more as vulnerable Internet of Things (IoT) devices will continue to expand the possible platforms of attack. Gartner estimates that by 2020 more than 25% of attacks in enterprises will involve IoT devices.
This past year, we saw cybercriminals becoming more sophisticated, threats becoming more advanced and cyberattacks causing more damage to organisations.
So as we approach 2017, let me share a few cybersecurity predictions which we, at Mimecast, see becoming even larger issues as we enter the New Year:
Ransomware becomes more regular and sophisticated
Ransomware will become one of the biggest threats that organisations will need to address, fuelled by an increasing multitude of attackers using off-the-shelf kits and leveraging a vast network of cybercrime service providers to run their ransomware campaigns. Ransomware represents an easy, cheap, and low risk attack method that produces significant profits for the attackers. In addition few organisations have effective defences against ransomware and now with Bitcoins and other anonymous payment systems enabling the perpetrators to get paid more easily, without being traced, it has never been so easy to make a good living off of ransomware.
Impersonation attacks in the spotlight
The media in 2016 have been very focused on ransomware attacks. However, one of the lesser publicised problems (but by some measures is larger in terms of its negative impact to organisations) are e-mail impersonation attacks. Sometimes called whaling or CEO fraud attacks, these attacks can cost organisations hundreds of thousands in financial losses. In fact, according to the FBI, impersonation attacks led to more than $3 billion in losses over the last three years. We expect to see these attacks, because of the associated fraud and loss that they cause, as the next “it” attack flooding the media. There is nothing cheaper, easier, and less risky for attackers to do than just send well-crafted and timely e-mails which creatively requests for money to be sent to them. The attackers don’t even need to use malware for this, they just need to be clever with their social engineering
Macro malware still in the game
Once thought of as a thing of the past, macro malware which often hides in Word or Excel files, has reentered into the ring of popular attack methods. While most organisations choose to block executable e-mail attachments at their security gateways by default, they generally still allow potential work-related files, such Microsoft Office documents, to pass freely. Attackers exploit this by weaponising files in these common Office formats. According to Mimecast research, 50% of firms have seen e-mail attacks that use attached macros increase over the last year. Why? It works well and can get through traditional AV-based defenses. And that’s why we’ll continue to see waves of macro malware into next year and beyond.
Reigning-in data residency and governance
Increased state-sponsored attacks will lead to more stringent requirements around data residency and governance, as well as increased focus on national-level firewalls to mitigate threats but allow regional business activity to continue uninterrupted. Advancements in managing internet traffic from different geographies may also become a focus as the global trade landscape changes. Unfortunately, this comes with the risk of ‘balkanizing’ the Internet and restraining the free exchange of information.
Focus on data mining
One theme that is still overlooked, but should come into greater focus in 2017, is that cybercrime is not just about wire transfers and immediate and direct monetisation of stolen information. Attackers are increasingly focused on data mining and will use the data they gather in more advanced future attacks, or sell it on the Dark Web for others to do the same. While more direct attacks such as e-mail impersonation and wire transfer fraud is, and will continue be an issue in the future, organisations need to also think about where else they’re susceptible and ensure they have the appropriate protective measures in place against these longer tail attacks. Organisations need to determine which data of theirs could possibly be used to attack them or other organisations at a later time, and then take increased measures to secure it.
Cyber espionage to cause more political disruption
Nation states and their sponsored operatives will increasingly use cyber espionage to cause political shifts, disruption of adversaries, and to gain economic advantage in particular strategic areas. This will involve, but will not be limited to, e-mail-based hacking and the disclosure of other forms of private communications, and the disruption of and interference with critical national infrastructures.
Employee education and taking adequate measures to protect organisations from cyberattacks will continue to be of high importance during the course of 2017 as cybercriminal continue to target the weakest link in an organisation’s security: its employees.
New SMB Channels event
SMB Channels Middle East, organised by DISTREE Events, will launch in Dubai in 2017. The new two-day event will bring together 300 executives from the region’s leading resellers of IT solutions focused on serving small and medium businesses (SMBs). More than 60 vendors and value-added distributors (VADs) are set to showcase their solutions and services in the main exhibition area at SMB Channels Middle East.