Cyber security threats aren’t going away. In 2017 there will be a number of them as technological development continues to advance rapidly and society becomes increasingly dependent on this technology — a boon for hackers who are only becoming defter by the day. While the threats will be many in 2017, these are four areas we believe will be particularly vulnerable to cyber attack.
While the driverless car is close, but not yet here, the connected car is. A connected car, as defined by McKinsey, is “a vehicle able to optimize its own operation and maintenance as well as the convenience and comfort of passengers using onboard sensors and Internet connectivity.” This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent, accounting for half of all vehicles sold in 2015, according to a GSMA study. The study also predicts that by 2025 every new car sold will be connected. For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers.
Source: McAfee Labs 2016 Threat Predictions
In 2015, Charlie Miller and Chris Valasek, now famed car hackers, successfully exploited a Jeep Cherokee, disabling the car remotely via the entertainment system. As Wired wrote, “Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes and transmission, all from a laptop that may be across the country.”
In addition to safety concerns, connected cars pose serious privacy concerns.
“When you get down to it, your car knows a lot about you: where you go, when you go, how long you are there, the route you took to get there, the way you drove to get there, the temperature of the cabin, what entertainment you engaged in, and how long you were chatting on the phone (if you use Bluetooth). If you’re using it, quite a detailed record of your life is being collected and potentially transmitted somewhere,” wrote Security Week.
As manufacturers rush to market with high-tech automobiles, 2017 will likely see an increase in not only the number of connected cars but in the number and severity of system vulnerabilities detected.
Smart Medical Devices and Electronic Medical Records (EMRs)
– The healthcare industry is going through a major evolution as patient medical records go online and medical professionals realize the benefits of advancements in smart medical devices. However, as the healthcare industry adapts to its digital revolution, there are a number of concerns around privacy, safety and cyber security threats.
As the Software Engineering Institute of Carnegie Mellon University wrote in its 2016 Emerging Technology Domains Risk Survey, “As more devices are connected to hospital and clinic networks, patient data and information will
be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient, or disable vital sign monitoring.”
Carnegie Mellon further stated, “Many of the devices in this field have little to no security, and the increased scrutiny required by the Food and Drug Administration (FDA) makes the patch cycle extremely long.”
Similarly, patient medical records, which are now all online, are a prime target for hackers due to the breadth of sensitive information they contain. According to a poll by Health IT News and HIMSS, 75% of hospitals surveyed have been hit by a ransomware attack over the past year. With hospitals and medical facilities still adapting to the recent digitalization of patient medical records, hackers are capitalizing and exploiting the many vulnerabilities in these organizations’ security layers. Breaches within the healthcare industry will likely continue into 2017 until the industry is able to get a better grasp on the mass amount of digital patient data now under its control.
Third Parties (Vendors, Contractors, Partners
– Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees — according to a Ponemon Institute Research Report, “there is no clear accountability for the correct handling of the third-party risk management program.” With 21 percent of survey respondents saying there is no one person/department who is accountable and the remaining respondents giving a myriad of answers ranging from head of procurement to the CIO. As cyber criminals become increasingly sophisticated and cyber security threats continue to rise, organizations are becoming more and more aware of the risk third parties pose. In 2015, Wendy’s fell victim to a data breach that affected at least 1,025 of the fast-food chain’s locations and was caused by a third-party vendor that had been hacked. Similarly, hackers stole the data of 110 million Target customers in 2013 by exposing a vulnerability in the retailers third-party refrigeration vendor.
Ethical hacker Jamie Woodruff said in a V3 article, “As more technology comes out we’re ever more reliant on third-party vendors. Look at how APIs work, and how we feed them into third parties. That’s a potential way in to the corporate network.”
In 2017, third-party attacks will continue if not increase. Yet corporations will also begin to recognize the need for a more secure third-party management system. Identity management providers like SecZetta are leading the charge in bringing awareness to this crucial yet overlooked area of security.
– Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cyber crime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As such, President Obama’s 2017 fiscal year budget proposes a $19 billion allocation toward cyber security.
As McAfee stated in its 2016 Threat Predictions report, “Nation-state cyberwarfare will become an equalizer, shifting the balance of power in many international relationships just as nuclear weapons did starting in the 1950s. Small countries will be able to build or buy a good cyber team to take on a larger country. In fact, cyberwarfare skills have already become part of the international political toolkit, with both offensive and defensive capabilities.”
Cyber security threats today are coming from all around the globe and attacks are becoming more sophisticated. One of the major obstacles to combating these cyber security threats is the lack of cyber security professionals with the level of knowledge required to mitigate attacks. Learn more about Copy Cat Group Security capabilitiess