Foreseeing the cyber threat landscape in the year 2017 withsome detective and preventive stimulants –
1. Exploitsof the IOTs will reach menacing heights in the year 2017. With a highly vulnerable security featuresand its always connected state, IOTs will be the preferred stepping stone forthe perpetrators.
Detective– IOTs consuming data, power and working sluggish.
Preventive– Upgrade the firmware, use secured internet and firewalls, and change thefactory defaults.
2. Onsetof a newbie called FAKEWARE. #FAKEWARES will percolate as ahospitable platform facilitating the perpetrators to convert devices andcomputers into clandestine hack bots.
Detective– Software installed from ambiguous or pirated sources are not working asexpected.
Preventive– Use genuine apps from authentic sources, scan your system, install softwareand apps after doing some research and only if genuinely required for apurpose.
3. #MIRAIwill wreck havoc due to its capability to effect IOTs operating in unsecuredconditions and with factory defaults. Which in turn will make Terabyte+ DDOS attacks frequent, rampant andincreasing.
Detective– Check for insecurely operating IOTs in your environment. Use scanners like - http://iotscanner.bullguard.com/ Usea Mirai scanner - https://www.incapsula.com/mirai-scanner/
Preventative- Once you discover the IOTs upgrade the firmware and change the factorydefaults.
4. TheResilient Ransomware will always be there by your side to bug you down and makeyou pay the bitcoins at upwardly costs as more and more countries try to curbblack money and demonetise high denomination currencies.
Detective– Spam e-mails, unsolicited pop-ups and browser-jacking.
Preventive– Delete and block unsolicited e-mails. Use separate e-mail ids for public communication and personal financialuses. Use good anti-malware like Cylance- https://www.cylance.com/ as anti-virus are a passé.
5. Exploitof the obsolete vulnerable OS and software of the yesteryears still in use. #OBSOLETEWARES
Detective– Run a vulnerability scan using a vulnerability scanner like Nessus, Qualys,Nexpose and Alien Vault etc. to find outvulnerabilities due to the use of obsolete application, OS etc. - https://www.tenable.com/products/nessus/select-your-operating-system
Preventive– Replace/reject/isolate/containerise obsolete applications and OS or move to adifferent system altogether. Going Cloudcan be a good options from converting capital cost impact to operationalcost. However, do not forget to run asecurity validation on your service provider.
6. Exploitof the weakest link in the security shield – The people and social engineeringattacks.
Detective– All open Internet, heavy use of Social network at work place, BYOD withoutsecurity controls.
Preventive– Not just training but engaging and collaborative training for lastingretention and effective practical utilisation of the imparted knowledge. Application whitelisting. BYOD only with appropriate deploymentplatform like Citrix, VMWare, etc. Strong End Point Protection with controlled browsing, DLP and SIEM inplace.
Looking forward to your comments or queries at [email protected]