By Patrick Gray, Keynote Speaker, SHARE in San Antonio
Every year, we see triumphs and tragedies reflected in cybersecurity tales that teach us and give us valuable insight but also give us a glimpse into the future of what might be. Looking closely, we get to pick pieces of the puzzle that we can use to build a brilliant picture of what’s to come. With 2015 at a close, it's time to look back at the year's events and use the information to gain perspective on the future.
We learned that the cybercriminals are certainly not myopic and don't just go after the same type of targets day in and day out. Rather, they have turned their focus on myriad targets spanning all sorts of businesses, government entities and our valuable resources. And, they don't even need to waste their time creating the most sophisticated type of attacks. They choose their targets through reconnaissance, social media and getting, well, personal.
Over the course of the past several years, we saw these criminals utilizing fear and in this day and age of the world climate on fear, their use of ransomware became an everyday occurrence and the ransomware itself proved to be incredibly sophisticated and personal. The personalization of these attacks reaped great rewards for these criminals. Simply because the more personal you get, the higher the fear resonates upon the victim causing them to cave in to the demands.
They also don't mind damaging your reputation. They are driven by financial gain most of the time but won't hesitate to plot more destructive attacks targeting the company's reputation and standing in the community. These are flat out not nice people. If they can reveal sometimes questionable business practices aiming to send the business into an internal frenzy taking their eyes off of what is really transpiring within their network.
As we move into IoT, M2M and other next generation technologies, they will also be seen as viable targets. The continuing growth of smart-connected home devices will drive cyberattackers to use unpatched vulnerabilities as a way to stage a full-blown attack. While there are no signs of a wide scale attack coming, the likelihood of a failure in consumer-grade smart devices resulting to physical harm is highly probable. In the mobile arena, next generation payment methods will pique the interest of online criminals from EMV credit cards to mobile wallets, challenging supposed “safer” payment platforms. Mobile malware is expected to grow exponentially, and next generation technologies will also be seen as viable targets.
Nation State espionage will go full throttle in 2016. Government espionage activities that were formerly mostly covert are now out in the open, encouraging all nation on states to join in the game. The result will be an even more unruly cyberspace trading environment.
Service providers will become a key vulnerability in organizations supply chains as cybercriminals target them rather than organizations directly. Organizations that put blind faith in big data will base strategic decisions on faulty or incomplete datasets.
The evolution of mobile computing, its fast-paced development cycle and lack of security considerations, will make mobile apps a prime route for cybercriminals and hackers.
So, where do we go from here? I would be glad to share my thoughts at SHARE in San Antonio!
Don’t Miss Patrick Gray’s Keynote Session at SHARE in San Antonio!
“The Confluence of Data Security Challenges”
Date: Tuesday, March 1
Time: 8:30-9:30 a.m.
Patrick Gray is an IT security consultant and the former principal security strategist at Cisco Systems in San Jose, California, as well as director of XForce Operations, office of the chief technology officer, Internet Security Systems, Inc. (ISS). Gray served in the United States Marine Corps and spent 20 years as a special agent within the Federal Bureau of Investigation (FBI). Upon his retirement from the FBI, he joined Internet Security Systems and was one of the creators of the X-Force Internet Threat Intelligence Center.