8 cyber security predictions for what's to come in Asia-Pacific
|Christian Hargrave in Security Thursday, December 29, 2016|
As evidenced by the above, cyber attacks can impact any industry at any time. In fact, as more industries become increasingly connected to the Internet due to the Internet of Things, it is more essential than ever to consider if your organization is cyber ready for 2017.
Frost & Sullivan's Asia Pacific Cyber Security practice analysts share their key cyber security predictions for 2017.
1.) Business Email Compromise (BEC) attacks will overtake Ransomware and Advanced Persistent Threat (APT) attacks
BEC generally happens when email accounts of key executives are compromised and involves payments made to fraudulent bank accounts. In Singapore alone, about S$19 million has been lost through BECs between January to September 2016. There was an increase of 20% in number of such cases as compared to the same period last year. Police investigations revealed that the scam usually involves businesses with overseas dealings with email as the main form of communication in the dealings.
"As BECs are relatively easier to execute and evades cyber defense tools better than other popular attack vectors such as ransomware and APTs, it can potentially be the main cyber threat in Asia," noted Charles Lim, Industry Principal, Cyber Security practice, Frost & Sullivan, Asia Pacific.
2.) DDoS attacks might cause the Internet to be down for an entire day in a country
Globally, Distributed Denial of Service (DDoS) volumetric attacks hit over 1 Tbps of traffic and shut down several popular online services in 2016. Whilst government authorities grapple with ensuring strict security regulations and manufacturers continue to deliver insecure IoT devices to the market, coupled with the fact that internal volumetric attacks to DNS servers for service providers are not well defended, cyber attackers will most likely attempt to exploit the vulnerability to the next level and bring down the internet in a country for at least a day.
3.) Greater enforcement expected for Internet of Things devices to meet cyber security standards
As authorities become increasingly concerned about the threats unsecured IoT devices will pose to the community, it will be illegal for these manufacturers to sell their products in countries that demand these devices comply with security standards. The recent Mirai botnets exploiting the vulnerabilities of IP cameras are an example of how manufacturers did not include a security process of changing default passwords when connecting the devices to the Internet.
4.) The healthcare sector will have more stringent regulations towards ensuring uptime of computer systems handling critical operations.
Globally, ransomware attacks on computer systems of healthcare providers in 2016 had infected computer systems and disrupted operations hence patients in need of immediate attention had to be diverted to other hospitals. While major healthcare providers in Asia had initiatives to comply with security standards such as HIPAA, their use of legacy security tools to meet minimal compliance standards could not keep up with the new types of cyber attacks.
These days, stolen personal healthcare records are worth more in the dark web than credit card information and medical machines are increasingly connected to the Internet which pose as a possible safety risk to patients. The healthcare industry needs a good 'cyber health check' before it is too late.
5.) New technologies such as Blockchain may be used to enhance trust between stakeholders and facilitate exchange of threat intelligence among industries
The setup of more Information Sharing and Analysis Centers (ISAC) will form platforms for both the private and private sector participants to share threat intelligence. However, participants are wary of exposing their weak security posture when contributing intelligence due to a successful attack, and there are issues of untrusted sources that may contribute the wrong intelligence. Blockchain may emerge as the technology to facilitate the exchange as it authenticates the trusted party to contribute, obfuscates the contributor's detail with anonymity, and offers a tamper proof system that prevents unauthorized alteration of any data shared.
6.) More adoption of technologies that focus on threat actors and "hunting" for their next attack
Traditionally, enterprise security teams have adopted a "wait and see" posture, and try to build up their defenses to mitigate the possible threats they are aware of. However, more enterprises are working towards trying to know what the attackers are innovating in terms of cyber attack techniques, their next moves, and build up their defenses to counter the new attack vectors.
7.) More enterprises will offer bug bounty programs, which are seen as a measure to deter talents from taking up black hat hacking
The idea is simple yet effective: pay the attackers for finding and reporting major vulnerabilities in enterprise and/or developed applications. Enterprises will be able to strengthen their security defenses through the crowdsourcing model and encouraging potential hackers to discover more and do more of the good rather than the bad.
8.) More drones will be used to facilitate cyber attacks
A group of researchers from iTrust, a Center for Research in Cyber Security at the Singapore University of Technology and Design, demonstrated that it is possible to launch a cyber attack using a drone and a smartphone. In the future, it is expected that drones will be an easy way to scan for unsecured wireless traffic as a way of performing war driving attacks.
While more applications are developed for drones in commercial use, inevitably cyber criminals will think of new techniques in launching a cyber attack. Other possible types of attacks include delivering GPS jamming signals to a vessel or dropping USB drives containing malware to air-gapped critical infrastructures.
Love Is Like Pi Never Ending T-Shirt Math Pi day Gift Shirt. Perfect Shirt to celebrate Pi Day 2019. Great gift whether you just love Math or you are a Math Student, Teacher or similar.
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.