Cyber threats pose a growing danger to companies and individuals, and the risks are constantly evolving like a moving target. An estimated half a million attacks are happening every minute in cyber space, where the hackers are intent on keeping one step ahead with their latest malicious scheming, says Charl Ueckermann, managing director of AVeS Cyber Security.
“For instance, ransomware attackers have moved up a notch lately in the realm of extortion.” Instead of just planting malicious code on victims’ computers that locks them out of their systems, these cyber criminals threaten to release sensitive company or customer data publicly if their demands are not met, says Ueckermann.
“Once hackers have control of a victim’s computer they could also sabotage the data by changing and manipulating it.” He says such attacks would be difficult to detect if the changes were subtle, and could compromise the integrity of the information to the point where it was nonsensical.
Ueckermann says companies are not always equipped to tackle the evolving cyber security threats or do it quickly enough on their own, and there are not enough security professionals in the job market to meet growing demand. So companies of all sizes are partnering with technology providers that specialise in this area and can offer expert advice and affordable solutions that are easy to implement and manage.
He says looking ahead and anticipating how cyber security threats are likely to evolve as well as having a workable plan will help companies to pinpoint their critical vulnerabilities, fine-tune their anti-intrusion strategies and strengthen their defenses to protect their systems more effectively.
“As more organisations store all types of valuable data in the cloud, the cyber criminals will come up with increasingly ingenuous ways to gain access to it.”
He says lack of mobile security governance and access procedures, such as inadequate usernames and passwords and unsecured apps make it easier for them to do this. Statistics show that more than 75% of network intrusions exploit weak or stolen credentials, and more than 80% of employees admit to using non-approved software as a service application in their jobs, says Ueckermann.
This opens up serious vulnerabilities, because the sheer number of intelligent smartphones and tablets in use provide an attractive entry point into corporate systems for cyber criminals using malicious apps, web browsing and other devious means.
“An escalation of increasingly ingenious cyber security threats is expected in the future, fueled in part by the internet of things as more and more devices are capable of collecting, storing and transmitting data,” says Ueckermann.
These include connected printers, surveillance cameras, cars, medical devices, TVs, coffee makers, refrigerators, baby monitors, and wearable devices. “Hackers can take control of these to launch attacks on other connected devices, companies, governments, financial institutions, and other categories of victims,” says Ueckermann. “Few of these types of connected devices currently have effective cyber security functionality,” he says.
Research company Gartner predicts that by 2020 there will be 25 billion connected devices, up from 6,8 billion in 2016. “This represents a vast number of entry points for hackers to gain access to personal information and corporate systems,” says Ueckermann.
He says the first ‘headless worms’, malicious code that targets connected devices like smartphones and wearables, are expected to emerge by the end of 2016 and is capable of spreading through billions of computers.
“Other advances in malicious code include ‘ghostware’ that penetrates networks, steals information and then covers its tracks. This makes it difficult to determine exactly how much data has been affected or hunt down the cyber criminals,” says Ueckermann.
He says as future connected devices become more technologically advanced they are likely to be increasingly exploited, not just by hackers, but by activists, governments, mercenaries and terrorists all bent on stealing information of some description.