We hope you had a fantastic Christmas everyone! While you’re recovering from the Turkey overload, why not read our second 2016 tech predictions blog!
Twelve months is a long time in tech. It’s the industry driving evolution and change on a global socio-economic scale. Harking back to December 2015, we spoke to a series of experts from around the business and beyond on what we should expect to happen in the year that followed. In today’s blog Dani looks at just how close we came to getting our second prediction right; did the threat landscape change in 2016?
- Threats to next generation technology
The continuing growth of smart-connected home devices will drive cyber attackers to use unpatched vulnerabilities as a way to stage full-blown attacks.
On 21st October 2016, the Dyn network fell victim to the largest Distributed Denial of Service (DDoS) attack in history, bringing down sites including Twitter, Netflix, Reddit, CNN and The Guardian.
The network was attacked by the Mirai botnet which, unlike typical botnets that comprise a network of computers, was largely made up of Internet of Things devices. It is estimated to have involved 100,000 malicious endpoints and impacted countless sites throughout Europe and the US.
- Contain and control
Organisations will create false environments to lure in potential threats and trap attackers in a fake network.
In December 2016, Attivo Networks released a report detailing the vulnerabilities that currently lie in the US’ point of sales terminals. According to a statement from The Point of Sale News, this was the first time deception technology had been used to provide visibility into a Point of Sale attack, and defeat it.
- Expanding the role of chief information security officer (CISO)
The CISO of the future will have a new and expanding role that will start to become apparent in 2016. In the next 12 months, CISOs will begin proactively and strategically planning to achieve business goals, rather than reporting on and analysing threats, resulting in increased board-level representation for security personnel.
According to Gartner, the average breach is detected by a third party (such as a credit card processor) around 200 days prior to the attack.
To place the control back in the CISO’s hands, it has become vital to begin using detection and deception (see number 2) technology in order to ensure preparedness for an attack while creating the ideal scenario to the attack in real-time, before any damage is done.
- Ransomware as a Service
The phenomenon of Ransomware as a Service has made sophisticated ransomware accessible to people without the technical ability to build it themselves – all they need to do is purchase someone else’s code online. The stats suggest that this has led to huge increases in Ransomware activity towards the end of 2015; a trend that UKFast predicts will continue through 2016.
The frequency and scale of ransomware attacks rocketed in 2016, with CryptoLocker becoming a real and costly threat to businesses. In August 2016, The Guardian reported that 54% of surveyed British businesses had been targeted by ransomware.