Intelligent CISO Issue 10 - Page 21

cyber trends won’t suspect the presence of malware activity if the computer is noisier and consumes more power than usual. GDPR According to Nok Nok Labs’ CEO Phil Dunkelberger, ‘the global regulatory environment will become more challenging as regulators and governments worldwide continue to strive to implement better data privacy protection as was done with GDPR. While this is great progress, we’re going to see these governments counter to gain more access to information.’ General Data Protection Regulation (GDPR) offers an innovative framework that the European Union has enacted to augment data protection requirements with amplified responsibilities and obligations for organisations. For global organisations that fail to adapt to this change, fines for non-compliance can reach up to €20 million or 4% of worldwide annual turnover, whichever is greater. By early 2019, around 80% of multinational companies may fail to comply with GDPR if they do not understand modern data protection regulations. GDPR will almost certainly force many multi-national companies to be more accountable for its use and collection of customer data. Rapid rise of identity theft Identity thefts are skyrocketing, and criminals are using more sophisticated, multistep frauds to grab information about new accounts. According to one 2017 survey, one out of 15 people have reported being a victim of some sort of identity theft. Criminals are using SSNs, home addresses and knowledge-based authentication question answers to hopscotch from one kind of account to another. Since many two-factor authentication schemes use mobile phone SMS text messages for logins or password resets, hackers are working hard to break into mobile phone accounts, which will allow them to defeat the two-factor implementation. Criminals are also matching up pieces of various identities to create an entirely new ‘person’ they can use to apply for credit and steal money. It is expected that identity theft will continue to rise. Synergistic threats will multiply, requiring combined responses Last year saw the rise in ransomware attacks and cryptojacking, which provides lower risk and better return on investment. We have also noticed that fileless and ‘living off the land’ threats are more slippery and evasive than ever. It is expected that attackers will combine these tactics to create multifaceted, synergistic If attackers gain control of IoT devices, they can create havoc on individuals and organisations. threats. Synergistic threats are becoming more common because bad actors are developing foundations, kits and reusable threat components that allow them to focus on adding value to previous building blocks and enables them to orchestrate multiple threats instead of just one to reach their goals. Fighting against such attacks requires questioning every threat. To guard against cyberthreats, we need to ask questions such as, ‘What if we are missing the real goal of the attack?’ Remember, it is expected that bad actors will add synergy to their attacks, but cyberdefences can also work synergistically to defeat such attacks. IoT security and attack on voice- controlled devices It is expected that we will have 75 billion devices connected to the Internet of Things (IoT) by 2025. Hence, we will have a huge number of devices to secure and new threats to identify. Both hardware and cloud-based tools have emerged that can monitor threats on multiple devices at a time, but threats can be enormous, often change in tactics and approach, and are not always completely understood. If attackers gain control of IoT devices, they can create havoc on individuals and organisations. They can use the device to mine cryptocurrency or connect them with similar endpoints to form a botnet, launch a DDoS attack, steal personal data and attack websites. To prevent such threats, IoT security solutions are automating the detection process and Crystal Market Research says that the IoT security market is projected to grow to over 30 billion by 2022. Increasingly, voice-controlled assistants will be used to manage IoT devices within the home. With the adoption of voice-controlled devices increasing rapidly, cybercriminals’ interest in attacking voice assistant devices and IoT devices connected to them will inevitably continue to grow. u | Issue 10 21