Now is the time for businesses to prepare, to ensure they don’t fall foul of cyber threats in the New Year, writes Lavi Lazarovitz, Head of Security Research at security software company CyberArk Labs.
This has been the year of the high-profile hack. Never-before-seen attacks on newly engineered biometric markers, blockchain entering the mainstream, and even more risks posed to “new” critical infrastructure – there has never been a more pervasive threat landscape out there for IT teams and business leaders to tackle. The new year will be a test for organisations to show they are taking the steps needed to get ahead of the biggest cybersecurity threats which we expect to see in the year ahead. Before we get there, businesses need to take the time now to start planning their security strategy accordingly. Our research has highlighted five security predictions for businesses to get ready for:
1. Increasing attacks on emerging ‘unique human identities’
Emerging ‘unique human identities’ – also known as newly engineered biometric markers for digital and physical authentication – will fall victim to a new wave of threats and attacks. As more and more organisations turn to innovations such as biometric fingerprints or the likes of voice and facial ID authentication controls as effective methods of authentication for consumer devices, it is likely they will start looking at even more innovative authentication methods – such as embedded human microchips.
As a result, the attack surface will significantly expand in the next few years. Attackers will continue to target these identities to get their hands on huge amounts of biometric data for future modelling purposes and other nefarious uses. Privacy concerns will also grow as more personal data gathered from genetic consumer services and biometric stores becomes a key target.
2. Government social media is the new critical infrastructure
Government-sanctioned social media accounts – both for elected officials and agencies – will become part of critical infrastructure for governments around the world. This means securing it will become as much a priority as it is for ‘regular’ critical infrastructure. In the same way that government text messages are now heavily regulated, social media will potentially need to adhere to similar regulations to ensure maximum security, as a hack into official government accounts could have dramatic consequences for citizens.
Social media is now a crucial way for governments to communicate directly with their citizens. From individual politicians and elected officials, to the official accounts of government agencies and organisations, social media is quickly becoming one of the top pathways for a government to communicate and engage.
But although social media plays an indisputable role in effectively disseminating critical information, it can also be used for darker purposes, as false missile alerts in Hawaii and Japan have shown. This provides a glimpse into the chaos attackers could create by hacking into official social accounts; sharing false information and potentially endangering infrastructure and citizens’ lives.
3. As trade wars grow, so will commercial espionage
The past year has witnessed various governments implementing policies designed to create ‘trade wars. This is expected to be the starting gun for nation-state attacks that aim to steal trade secrets such as intellectual property to increase their competitive market advantages. Nation-state attackers will combine existing and unsophisticated, yet proven, tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data. These attacks will predominantly be carried out by malicious external attackers, but it’s likely insider attacks will also be on the rise, as CyberArk’s recent Global Advanced Threat Landscape report shows that 51 per cent of security professionals from organisations around the world ranked insider threats as one of the biggest they faced in their work. This is especially true in cutting-edge industries like autonomous cars (much like the one that occurred at Apple in June 2018).
Longer reconnaissance work will also extend attacker dwell times as nation-states carry out these trade-driven attacks. We will also see the emergence of nation-state weapons commercialised on the black market. This phenomenon happened after Stuxnet, Petya and NotPetya – where cyber criminals took pieces of code from massive nation-state attacks and incorporated them into their own attacks.
4. Supply chain will embrace blockchain
Blockchain is set to radically change the supply chain in 2019. Following allegations of nation-states targeting the supply chain at the chip level to embed backdoors into both B2B and consumer technologies, blockchain will be technology organisations will look to embrace if they want to adequately secure their supply chains. Because blockchain is a distributed ledger, it makes it well suited to validate every step in the supply chain – including the authenticity of hardware and software. The supply chain will continue to fall victim to attacks early on in the chain as 2019 unfolds, and there will be greater need for this level of validation. Blockchain is set to be the next investment necessity for organisations who want to equip their supply chains with the greatest possible level of security.
5. Enterprises transfer trust and risk … to Google and Facebook?
The embrace of Google’s BeyondCorp strategy – with removes the need for a traditional VPN when shifting access controls from the network perimeter to individual users and devices – will expand the attack surface in 2019 unless the necessary controls are put in place. This ‘zero trust’ approach risks opening up several attack vectors. First, it quickly transfers risk and trust to third parties, like Google or Facebook. Identity providers are exposed to an expanding attack surface through the use of authentication protocols and short-lived tokens or temporary API keys that can be compromised. This transfer of trust also opens up the very real possibility of attackers weaponising identity provider assets or services to expose credentials or allow privileged access.
On the other hand, the BeyondCorp approach requires an organisation to expose some of its infrastructure in order to allow employees to use applications or access the network. The issue is that when organisations expose assets to the outside world, they also risk exposing the mistakes they have made. Whether it is ports that are open that should not be or misconfigured security settings, for example, attackers will look to exploit any visible weakness they can find.
Headlines have not been short of cyber security concerns in 2018, and as a result threats are expected to grow in number and sophistication in 2019. It’s clear that cybersecurity threats are taking an increasingly political turn, propelling us into a potential cybersecurity cold war that governments and businesses alike need to get ready for.
