It’s not pleasant to consistently face up to the reality that cyberattacks can occur at any time, affect any industry or business, and basically happen almost anywhere around the globe. But it’s a hard reality that will continue to demand attention in 2017 as more companies further integrate the Internet of Things (IoT) into their operations. IoT muscled its way to the top of several analysts’ lists of technologies they expect to dominate next year, even as these daunting security concerns continue to expand.
On Thursday, Frost & Sullivan put out a 2017 forecast particularly spotlighting cybersecurity concerns in the Asia-Pacific (APAC) region. The company notes the wave of cyberattacks that occurred this year in that area including ones sustained by the database of 55 million voters at the Philippines Commission on Elections, the National Payment Corporation of India, an $81 million cyber heist at the Bangladesh Central Bank, and the massive data leaks as shown by the Yahoo data incidents.
In a statement released Thursday, the research firm’s Asia Pacific Cyber Security practice analysts predicted that in 2017, business email compromise (BEC) attacks will overtake ransomware and advanced persistent threat (APT) attacks in APAC. It also suggests distributed denial of service (DDoS) attacks could cause the internet to be down for an entire day in a country in that region.
Frost & Sullivan does foresee greater enforcement for IoT devices pushed by authorities, and suggests the healthcare sector will have more stringent regulations toward ensuring uptime of computer systems handling critical operations. It also says new technologies like Blockchain may be used to enhance trust between stakeholders and facilitate exchange of threat intelligence among industries.
“The setup of more Information Sharing and Analysis Centers (ISAC) will form platforms for both the private and private sector participants to share threat intelligence,” the Frost & Sullivan analysts say. “However, participants are wary of exposing their weak security posture when contributing intelligence due to a successful attack, and there are issues of untrusted sources that may contribute the wrong intelligence. Blockchain may emerge as the technology to facilitate the exchange as it authenticates the trusted party to contribute, obfuscates the contributor’s detail with anonymity, and offers a tamper-proof system that prevents unauthorized alteration of any data shared.”
Additionally, it looks like there’ll be less focus on a “wait-and-see” approach by security teams as they try to predetermine attackers’ next moves and build up defenses to counter new attack vectors. With that said, Frost & Sullivan also predicts more APAC enterprises will offer bug bounty programs, which are seen as a measure to deter talents from taking up black hat hacking. In other words, they’ll pay the attackers for finding and reporting major vulnerabilities in enterprise and/or developed applications. “Enterprises will be able to strengthen their security defenses through the crowdsourcing model and encouraging potential hackers to discover more and do more of the good rather than the bad,” the analysts say.
On the drone front, the report also points out that researchers from iTrust, a Center for Research in Cyber Security at the Singapore University of Technology and Design, have demonstrated that it’s possible to launch a cyberattack using a drone and a smartphone. Frost & Sullivan notes that drone attacks might include delivering GPS jamming signals to a vessel or dropping USB drives containing malware to air-gapped critical infrastructures.
