Digital revolution is a familiar concept for individuals, enterprises as well as the nation, owing to the opportunities that it provides. Modern technologies such as Internet of Things (IoT), cloud, and mobile applications have traversed boundaries and are a part of business as usual. In India, while the government’s agenda of digital transformation drove modernization of infrastructure; enterprises continued their quest of reaping greater operational benefits and collaboration with reduced costs by the adoption of cloud. Amidst these technological advancements, there has been a huge tactical shift among cyber attackers. Today, it is no longer a question of if, but when you will be attacked.
The Changing Face of Cybercrime
As cybercriminals become more advanced and increase their horizons, what’s worrying is a situation where nation-states join hands with them. This could lead to increased targeting of the financial, political or military systems of large corporations and targeted nations which could then lead to global turmoil in 2017. If you look at critical sectors, the threat landscape is evolving and in light of increased adoption of technology. For example, for banks, the advisory by RBI states that the cyber security policy should be separate from the broader IT policy so that it can highlight the risks from cyber threats and the measures to address them. This would entail building a security conducive IT architecture to ensuring cyber security awareness among stakeholders, top management, board etc. Such changes also encourage authorities to invest in business-enabling technologies.
Globally and in India, changing and advanced attack methodologies such as PowerShell attacks and file-less infections – written directly onto computer RAM without using any files – will also come to the fore soon. Such attacks are increasingly difficult to detect and could also bypass antivirus solutions and detection systems easily. It is widely believed that SSL abuse will also be on the rise due to the easy availability of free SSL certifications, and Google’s recent initiatives to label HTTP-only sites as unsafe. Malicious SEO practices could hence be used to drive spear-phishing campaigns and more.
As the latest episode of the recently released British anthology show ‘Black Mirror’ highlighted, hijacked drones can be a truly scary prospect not just for Governments, but for the general populace as well. While spying or espionage are the easiest ways to misuse their creation, they can also be used for something far more sinister. ‘Dronejacking’ looks likely to become a common theme in 2017, so companies need to start devising anti-drone hacking technologies in order to prevent and combat such threats.
The Internet of Unsecured Things
Cloud services form the lifeblood of the IoT generation. As modern workplaces try to keep up with their employees’ internet habits and needs, it would be critical for them to ensure the security and integrity of these devices, in addition to endpoints, as they contain and exchange confidential data and connect to the enterprise network. Just how connected printers opened a route into secured networks many years back, the next vulnerability could arise from an unsecured thermostat or any wearable. Advanced security mechanisms and protocols are thus more crucial than ever before now.
The recent Dyn DDoS attacks in October last year also showed the world how unsecured IoT can be manipulated and breached. The automobile industry also promises to become a security battleground between manufacturers, users and developers heading into 2017. As a greater number of smart parts become affiliated within vehicles, they can easily be manipulated and hacked. Moreover, with driverless cars also poised to hit the roads soon, security breaches in this case could eventually end up causing physical damage.
The need of the hour are security solutions that go far and wide beyond the traditional. By pooling in global threat intelligence tools, making efficient use of data analytics and machine-learning technologies, and by recognizing the evolution of cybercrime in today’s hyperconnected age, individuals and corporations can avoid vulnerable situations and data breaches. With greater regulatory controls around individual privacy rights and corporate integrity, we can thus choose to be more secure than ever, in times when there are more security threats than ever before.
The author is Managing Director, Symantec, India region
Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).