In 2015, I witnessed numerous, high-profile cyber attacks. It began with the pilfering of tens of millions of social-security records at a major health insurer. Then I noticed infiltrations of major global hospitality firms and hotel chains such as Hyatt Starwood and Hilton following these attacks. I expect the attacks to become more frequent, farther reaching and more sophisticated in 2016, especially as each successive wave proves what’s possible for thieves of both information and money to acquire.
What’s next? I know that of the attacks that have worked, we can expect to see more new variations of those breaches based around five key issues:
The Top 5 Cybersecurity Issues of 2016
Every online communication is potentially vulnerable, even mobile and online payments. With millions of attacks against financial institutions daily, the main defense most banks have is “creating money” out of thin air using credit based on the presumed resolution of the problem in the future. It’s a bubble that security professionals are scrambling to stabilize before it bursts.
Open-source weaknesses like Shellshock, Poodle and Heartbleed challenged the resolve of many institutions last year. Professionals saw certificate problems connected to aging hashing schemes like “SHA-1” and problems related to the outdated versions of the remaining supported ciphers. If some of the major players in the online world are struggling, how can smaller businesses expect to cope? Plus, InfoSecurity shared that, “According to Net Applications, Windows XP is still running on 10.9 percent of all desktops as of March 2016,” which doesn’t receive updates anymore to protect computers from cyber attacks.
Most phishing scams are fairly transparent, and sophisticated users rarely fall for pop-ups asking for a password even though less-sophisticated users are still vulnerable to these. Worse, attacks could soon include a password text box cloned over a legitimate one to trick users into delivering their passwords to an attacker. Google is now developing a special password-alert feature to help protect against future phishing attacks.
It’s well known that in the 2004 presidential election, the republican incumbent received a higher percentage of votes in the category of votes submitted on electronic Diebold voting machines. Plus, elections have faced “hacktivism,” or unauthorized access to networks to push a political agenda, since the 1990s. Unfortunately, the only defense against this broad range of attack type will be CIA and FBI spies on social media trying to ferret them out by joining their groups.
The inevitability of loss due to cyber attack has lead many industries to rely heavily on cyber insurance. The problem has become so prevalent that buying insurance for it has become analogous to buying a disaster-insurance policy for homeowners. The one advantage of buying an insurance policy to back up your IT assets is that after the damage is done, companies are sure to restore lost assets by filing a claim. Short of that, technological defenses are only as good as the hackers who have yet to defeat them.
There’s Still Hope
The task of cybersecurity is always an endless, uphill battle against an ever-increasing threat. The good news is that the people on the defensive side generally have more resources like better machines, better training and more time to build stronger defenses than the enemy. Therefore, I believe the defense has a significant head start.