Light Dark
January 9, 2017 By Rick M Robinson 2 min read
Intelligence & Analytics

The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors.

Top Four Security Threats of 2017

The new year will certainly bring its share of security surprises. CIO identified four security threats that deserve particular attention as we head into 2017: the hyperconnectivity of the IoT, the role of cybercrime-as-a-service in powering global crime syndicates, the ongoing challenge of meeting regulatory and legal compliance standards and the rise of attacks aimed at brand reputation.

1. Hyperconnectivity Hazards

The first two of these challenges are broadly technology-driven. Both hyperconnectivity and the IoT arise specifically out of technology progress. With the proliferation of personal mobile devices, we are more richly cross-connected through the web than ever before, which means more potential points of entry for attackers.

This connectivity is extending into domains that were previously offline, creating new types of vulnerabilities that are still poorly understood. Pervasive threats are coming from all directions. This calls for a new and proactive way of thinking about security.

2. Cybercrime-as-a-Service

The rise of cybercrime-as-a-service is also reshaping security threats. Connectivity and computing power have made cloud-based service offerings a key component of the legitimate cyber economy.

Unfortunately, these same capabilities are being harnessed by criminal syndicates, giving rise to an ever more sophisticated cybercrime ecosystem. In effect, online burglars no longer need to painstakingly fashion their own lockpicks. Instead, they can obtain sophisticated burglary tools as a service.

3. Compliance Complications

Unlike these technology-driven changes, regulatory compliance challenges are nothing new, merely an ongoing complication of security life. But this is a blinkered view. While individual regulations can always be debated, the compliance environment broadly reflects precisely the growing connectivity that technology is driving.

Security and privacy are at risk in a growing number of ways and in a growing number of domains. Compliance requirements embody an effort to build shared protection standards, which are all the more necessary in an age of hyperconnectivity. Compliance isn’t just about rules — it’s about protection.

It’s critical for IT managers to know where their organizations store sensitive personal information at every stage of the life cycle to protect it. While noncompliance fines are getting stiffer, the cost of a data breach is rising even faster.

4. The Human Element

The term social engineering is typically applied to the input side of security threats, such as the use of phishing attacks on employees to gain access to networks. However, experts and IT professionals are beginning to apply the concept to cybercriminals’ main objective of damaging an organization’s brand or reputation.

The Sony breach of 2014 foreshadowed a world of brand targeting, and some experts expect this cybercrime incentive to come of age in 2017. This new form of mass social engineering is often powered by traditional user errors and oversights, such as hasty clicks or weak passwords. As the human factor becomes a primary target, organizations must build network environments that encourage safe behaviors and discourage risky ones.

Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

 |  |  |  | 
Rick M Robinson

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature