Latest in cybersecurity – what new threats can we expect?
The scope and volume of cyber threats is undoubtedly on the increase as we hear of new attacks emerging on an almost daily basis – and it is only going to become a bigger problem the more connected we get.
This year’s Infosec, a major industry event dedicated to IT security held in London in June, took a long hard look at security around the Internet of Things (IoT). The rapid rise of IoT means devices are being connected up in their billions. From cars to the smart home, more ‘things’ than ever are being brought online to give users increased convenience and flexibility in their lives - but, being data-carrying units, bring the risk of security threats with them.
Infosec highlighted the fact that with so many different connected devices coming online, industry needs to be mindful that one security approach does not necessarily fit all. One soundbite outlined how the mentality around IoT security at present is not unlike that of PC security 8 or 9 years ago – people are simply not taking it seriously enough.
The sheer variety of devices that will be connected to the internet require a new way of thinking about security, potential hacks, data, risk and so on. Security software manufacturer Sophos talked about the need to plan for the future – devices are already carrying extraordinary amounts of data, levels that are only going to increase. Roadmaps need to be put in place that can help secure this data in motion and at rest.
“The market is ultimately shaped by consumer decisions, and right now, most of these devices are bought for their functionality, but people don’t give a lot of thought to the fact that it’s a computer, as well as the type of data being held there, and the level of security – I don’t think it’s a criteria yet, but it needs to be”, said James Lyne, global head of security research at Sophos.
Ransomware on the rise
Ransomware is one of the hot security topics currently causing concern for CIOs. Ransomware is malware that encrypts files on a device and forces the user to literally pay a ransom to attackers before they can access their files again. Q1 2016 saw a 3,500 per cent increase in the creation of ransomware domains, so it is little wonder that that IT departments are worried.
While ransomware is not an entirely new threat, the number of attacks and profiles of its victims is a new trend. This year has already seen torrents website Pirate Bay hit by a ransomware incident, and Los Angeles hospital, the Hollywood Presbyterian Medical Center, forced to pay $17,000 in bitcoin to hackers after they locked down its systems with ransomware.
According to Keith Jarvis, senior security researcher at SecureWorks, "generally, 0.25 per cent to 3.0 per cent of victims elect to pay a ransom”, with the largest ransomware operations making themselves several million dollars per year. Up to 93 per cent of phishing emails delivered in Q1 2016 contained ransomware – singling it out as an area that enterprise IT now needs to factor into its security strategy.
Pokemon Go – the very latest in tech threats
If you haven’t heard of Pokemon Go in the news lately, it’s possible that you have been away on holiday with all your mobile devices switched off. The free-to-play, location-based, augmented reality mobile game has quickly become a phenomenon that has racked up millions of players and has added around $7 billion to Nintendo’s market value, but it has not been without controversy. At the beginning of July Pokemon Go launched in the U.S. and the app was downloaded in huge numbers – but security experts quickly began to warn about authentication aspects of the application.
To play the game users must have an account with either a Pokemon.com or Google, to authenticate their profile. The majority of players, following a pause in signups offered by Pokemon.com, used their Google account. However, giving the Pokemon Go iOS app access to your Google account meant giving it full access to Gmail-based email, Google Drive files, photos and videos stored in Google Photos, plus other content stored in users’ Google accounts – a pretty significant breach of privacy and security.
The app has subsequently been updated and its scope of access to personal data reduced – but it is another illustration of how potentially dangerous third-party apps can be to security.
In a twist to the story, the success of Pokemon Go has sent hackers hunting its scalp. Only this weekend hackers managed to take the game off line via a DDOS attack.
Enterprises beware. The frequency and sophistication of cyber threats are only going to keep on growing.
Read more about our range of security solutions tailored to helping individuals and organizations protect against all the very latest cybersecurity threats.