Page 76 - Cyber Defense eMagazine - November 2017
P. 76
CYBER RESILIENCE IN 2018: WHAT TO WATCH
by Anthony J. Ferrante, Senior Managing Director & Head of Cybersecurity, FTI Consulting
A report from Lloyd’s of London recently claimed that a global cyber attack could result in up to
$53 billion in losses, putting the potential financial impact of a cyber incident on par with that of
a major natural disaster. The cybersecurity events that took place around the world this year
demonstrate how very real those predictions may become. Some companies are still reeling
from the NotPetya attack in June, with several claiming they may never completely recover from
the damage to their systems. The three largest cyber attacks this year – WannaCry, NotPetya,
and Bad Rabbit – all involved the use of ransomware, which will continue to hit private and
government networks around the globe.
These and other incidents indicate that malicious actors are gaining rapid momentum and
becoming increasingly sophisticated. In 2018, cybersecurity professionals can surely expect to
see more of the same from this past year, along with a handful of new challenges. In order to
prepare for the next wave of emerging threats, organizations should look closely at the top
trends expected to hit the global cybersecurity landscape. These include:
1. Increasing IoT issues: The threat landscape is increasing at an incredible rate, with
connected devices in the workplace and in our homes playing a big role in that evolution.
Security isn’t typically built into Internet of Things (IoT) devices, autonomous vehicles,
and other ‘smart’ technology, making them uniquely vulnerable to malicious threat
actors, as we’ve seen with several high-profile distributed denial-of-service (DDoS)
attacks. In October of last year, hackers launched the Mirai botnet to execute a massive
DDoS attack on Internet domain provider Dyn, using infiltrated connected household
devices such as DVRs and cameras. Many mainstream websites, including Twitter and
Spotify, were impacted. Attacks are already wide-reaching across the globe, with no
specific region as a primary target. The new year will likely bring further attacks involving
hijacking of connected technology, and organizations will need to work diligently to
ensure they are resilient against this breed of threat.
2. Mounting cyberwarfare and malware activity: Cyberspace has become the new
battlefield for modern warfare, providing state-sponsored malicious actors with an
inexpensive, highly-effective, and globally-accessible platform to steal money and wreak
havoc. Cybersecurity researchers are increasingly reporting on malicious activity that
they suspect is state-sponsored, including the use of ransomware. Infrastructure is also
being targeted. Dragonfly, a group that is believed to be nation-state-run, has
successfully intruded networks that control elements of U.S. power infrastructure and is
conducting increasingly sophisticated multi-stage attacks. The CrashOverride malware
used to cause the 2015 and 2016 power outages in Ukraine is another red flag that
demonstrates the types of targets politically-motivated malicious actors are pursuing.
Cyberwarfare is starting to spill over into private industry and businesses must be
prepared for critical areas such as healthcare and other public safety systems to become
targets.
76 Cyber Defense eMagazine – November 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.