Page 76 - Cyber Defense eMagazine - November 2017
P. 76

CYBER RESILIENCE IN 2018: WHAT TO WATCH



               by Anthony J. Ferrante, Senior Managing Director & Head of Cybersecurity, FTI Consulting

               A report from Lloyd’s of London recently claimed that a global cyber attack could result in up to
               $53 billion in losses, putting the potential financial impact of a cyber incident on par with that of
               a major natural disaster. The cybersecurity events that took place around the world this year
               demonstrate  how  very  real  those  predictions  may  become.  Some  companies  are  still  reeling
               from the NotPetya attack in June, with several claiming they may never completely recover from
               the damage to their systems. The three largest cyber attacks this year – WannaCry, NotPetya,
               and  Bad  Rabbit  –  all  involved  the  use  of  ransomware,  which  will  continue  to  hit  private  and
               government networks around the globe.

               These  and  other  incidents  indicate  that  malicious  actors  are  gaining  rapid  momentum  and
               becoming increasingly sophisticated. In 2018, cybersecurity professionals can surely expect to
               see more of the same from this past year, along with a handful of new challenges. In order to
               prepare  for  the  next  wave  of  emerging  threats,  organizations  should  look  closely  at  the  top
               trends expected to hit the global cybersecurity landscape. These include:


                   1.  Increasing  IoT  issues:  The  threat  landscape  is  increasing  at  an  incredible  rate,  with
                       connected devices in the workplace and in our homes playing a big role in that evolution.
                       Security isn’t typically built into Internet of Things (IoT) devices, autonomous vehicles,
                       and  other  ‘smart’  technology,  making  them  uniquely  vulnerable  to  malicious  threat
                       actors,  as  we’ve  seen  with  several  high-profile  distributed  denial-of-service  (DDoS)
                       attacks. In October of last year, hackers launched the Mirai botnet to execute a massive
                       DDoS  attack  on  Internet  domain  provider  Dyn,  using  infiltrated  connected  household
                       devices such as DVRs and cameras. Many mainstream websites, including Twitter and
                       Spotify,  were  impacted.  Attacks  are  already  wide-reaching  across  the  globe,  with  no
                       specific region as a primary target. The new year will likely bring further attacks involving
                       hijacking  of  connected  technology,  and  organizations  will  need  to  work  diligently  to
                       ensure they are resilient against this breed of threat.

                   2.  Mounting  cyberwarfare  and  malware  activity:  Cyberspace  has  become  the  new
                       battlefield  for  modern  warfare,  providing  state-sponsored  malicious  actors  with  an
                       inexpensive, highly-effective, and globally-accessible platform to steal money and wreak
                       havoc.  Cybersecurity  researchers  are  increasingly  reporting  on  malicious  activity  that
                       they suspect is state-sponsored, including the use of ransomware. Infrastructure is also
                       being  targeted.  Dragonfly,  a  group  that  is  believed  to  be  nation-state-run,  has
                       successfully intruded networks that control elements of U.S. power infrastructure and is
                       conducting  increasingly sophisticated multi-stage  attacks. The  CrashOverride  malware
                       used  to  cause  the  2015  and  2016  power  outages  in  Ukraine  is  another  red  flag  that
                       demonstrates  the  types  of  targets  politically-motivated  malicious  actors  are  pursuing.
                       Cyberwarfare  is  starting  to  spill  over  into  private  industry  and  businesses  must  be
                       prepared for critical areas such as healthcare and other public safety systems to become
                       targets.




                   76    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   71   72   73   74   75   76   77   78   79   80   81