Security and privacy experts – not to mention federal government agencies - are still reeling from the disclosure by WikiLeaks of the CIA’s cachet of hacking and surveillance technologies that was released a few weeks ago. Among those disclosures, however, was a particularly interesting finding: the existence of “HammerDrill 2.0,” a cross-platform security toolkit that can breach the air gap.
The past week has provided some interesting revelations around the Internet of Things (IoT). As we all know, the IoT is that collection of generally unmanaged devices with embedded connectivity to the Internet. From cars, to refrigerators, thermostats, televisions and more, the IoT seeks to connect everything it can to the world’s largest global network. Conceptually, the IoT is a great thing: it can lead to more efficient use of energy, customized manufacturing, faster transportation and much more. However, as we’ve seen in the past ten days, there’s a dark side to the IoT.
Late last year, Symantec Corporation released a survey on ransomware: malicious software that attempts to encrypt everything it can access, and demands money (usually in difficult-to-trace remuneration such as Bitcoin). One of the most disturbing trends of this report was that ransomware has grown from less than 20% of all new malware types in 2014, to over 90% of all newly discovered malware types today. Why is this? Well, put simply, because it works. When an organization’s critical business data is directly compromised – with the promise of possibly regaining access and restoring business as usual – the temptation to simply pay $500-$1,000 in Bitcoin or gift cards is strong. However, there’s always one nagging question in the background: what if the attacker doesn’t actually give us the key to decrypt the files?
Over the past two weeks, the security industry has seen some disclosures (or in one case, a half-disclosure) of vulnerabilities within their products. In at least two of these cases, we know that these vulnerabilities could have led to a significant compromise of data and systems. But what’s really interesting about these two vendors is how they responded to the discovery.
In the story of David and Goliath, an underdog managed to win a contest against a much larger, stronger foe. Looking at the state of information security today, a David-and-Goliath scenario is very much present; except David is the small and midsize business (SMB) market, and Goliath is the marauding horde of attackers, malware and other bad actors trying to break their systems and steal their data. And just like in the biblical tale, SMB organizations are dealing with an opponent who seems impossible to defeat.
It’s been a busy week for information security in the retail and hospitality sector. Earlier last week, InterContinental Hotels Group (IHG) acknowledged a credit card data breach that impacted more than a dozen properties across their hotel brands spanning the United States and the Caribbean. Similarly, fast food chain Arby’s disclosed on Friday that it had recently remediated a breach of data on up to 1,000 of their corporate-owned locations.
Cybersecurity is an ever-changing field. A threat that was huge ten years ago might not even be on the radar today. While it's impossible to predict the future, there are certain trends that will most likely continue into 2017. Let's take a look at some predictions for the new year.
1. IoT-based DDoS attacks
One major threat that is looming on the horizon for 2017 is the use of distributed denial-of-service attacks. While these kinds of hacks have been around for quite some time now, the reason there will likely be a surge in 2017 has to do with the introduction of the Internet of Things.
When planning out a budget for the new year, finding a place for cybersecurity can be difficult. You want to put that money toward new ventures, but you also know that a major breach can forever damage your reputation.
To help those waffling between how much to put into digital defenses, let's review some of the biggest reasons having a plan is worth the time and money.
Retailers are some of the most vulnerable organizations when it comes to data breaches. Due to the fact that these companies have to process enormous amounts of customer financial information, it simply makes sense that hackers would do everything they can to get past cybersecurity defenses.
Outside of the fact that a significant cyberattack will forever change how customers view your company, these incidents generally have significant financial fallout. To that end, what can a retailer expect to deal with when they're the victim of a data breach?
While credit and debit cards are extremely convenient, they've also opened up a whole new world of fraud. This makes the systems that retailers use to process these payments seem like great targets for hackers, and organizations from every corner of the globe are scrambling to secure themselves against these threats.
One big solution to this has been the Payment Card Industry Data Security Standard. The PCI DSS is a regulatory code that tells companies how they can better defend themselves against attacks levied to steal card data. It's an important tool in the fight against fraud and should be strictly followed.