- More attacks aimed at exploiting unpatched year-old vulnerabilities
- An increase in stealth/covert execution tactics
- APT-hackers-for-hire becoming the new norm
Could critical infrastructure attacks be making a comeback? Or did these invisible threats never leave in the first place? Extensive research reveals that as many as four threat actors many have been involved in creating Stuxnet, the sophisticated computer worm that demolished Iran’s nuclear infrastructure in 2007. In light of recent discoveries about similarities in malware samples, cyberespionage appears to be a growing threat that can hide for years before its discovered.
Private users are not the only ones excited about IoT technology and gadgets in everyday activity the countless growth opportunities in the area. A number of companies, organizations and even public institutions have turned to connected devices to build more sustainable, automated infrastructures, but device reliability, data security delivery and privacy still must still be addressed.
Only three months short of its first year anniversary on May 28, it’s time to take a look at EU’s GDPR by numbers. Enforced to protect European users from unethical and illegal commercial practices, the internet privacy law has so far led to three major fines for privacy infringement.
After 40 percent of UK businesses reported data breaches or security incidents in the past year, the government wants to completely “design out” complex cyber risks and attacks. To achieve this and strengthen national infrastructure and consumer security, officials plan to issue an impressive challenge to enterprises across the UK.
Businesses are struggling to develop cyber resilience to fend off attacks as they seek to create flawless operations and to scale systems. Efficient cybersecurity in an advancing digital economy is no easy goal, as many factors are at play, including third-party risks and increased attack surface, as a result of extensive interest in IoT deployments. This is why corporates and governments need to work together to set up priorities to help enable digital transformation and build trust through proper safeguards on consumer data privacy.
Bandwidth security against rogue IoT botnets could be the next critical investment priority for the telecommunications sector after a report from NOKIA found that 78 percent of network-based malware detection in CSP networks in 2018 is attributed to IoT botnet activity used in DDoS and crypto-mining activity. This is up a staggering 33 percent from two years ago, confirming that malware is here to stay and growing in complexity.
Cybercriminals have unwittingly created an impressive, and legal, money-making opportunity – cyber insurance. The cyber insurance market is about to become huge, as experts believe companies will double their spending by 2020 to some 8 billion – 9 billion dollars compared to last year’s average of 3.4 –billion 4 billion, Munich Re, the world’s leading German reinsurance company, recently announced.
Critical national infrastructures such as the energy sector, public transportation, commercial facilities, government and defense, and medical services, among others, have been under attack in recent years, following a large volume of security vulnerabilities and a lack of encryption.
With speech recognition and voice-activated personal assistants slowly making their move into the corporate world, companies will have to adjust their security and digital strategies, infrastructure and customer interactions.
Security executives fear cyberattacks will heavily target critical infrastructures in the near future, but they don’t seem to be doing much about enforcing security policies that also cover IoT devices. Despite the major threat they pose, connected devices have so far been overlooked in security policies. It appears that in general, in spite of the increasing awareness of high-profile cyberattacks and threats, enterprises tend to look the other way rather than invest properly in a cybersecurity strategy.
In 2015, Russian hackers shut down Ukraine’s electrical grid after infecting the infrastructure with malware. It was only a matter of time until they would target the US power system. As of 2016, US critical operational infrastructures have been under siege by "Russian government cyber actors," as described by the Department of Homeland Security and the FBI.
