By Sanjay Aurora, Managing Director, Asia Pacific, Darktrace
Dec. 22, 2016
This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
US$81 million stolen from a Bangladesh bank. 500 million Yahoo! accounts swiped. A DDoS attack that brought down much of the internet.
2016's cyber-attack headlines proved more than ever that companies have a visibility problem - they cannot see what is happening beneath the surface of their own networks. Based on Darktrace's observations, the following predictions demonstrate the need for a new method of cyber defence - an immune system approach, to keep up with the fast-evolving threats that await us in 2017.
1. Attackers Will Not Just Steal Data - They Will Change It
Today's most savvy attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target - data integrity. We've seen ex-students successfully hack college computers to modify their grades. In 2013, Syrian hackers tapped into the Associated Press' Twitter account and broadcasted fake reports that President Obama had been injured in explosions at the White House. Within minutes the news caused a 150-point drop in the Dow Jones.
In 2017, attackers will use their ability to hack information systems not to just make a quick buck, but to cause long-term, reputational damage to individuals or groups, by eroding trust in data itself.
The scenario is worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at risk. Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises.
These 'trust attacks' are also expected to disrupt the financial markets. An example of this is falsifying market information to cause ill-informed investments. We have already glimpsed the potential of disrupted M&A activity through cyber-attacks - is it a coincidence that the recent disclosure of the Yahoo hack happened while Verizon was in the process of acquiring the company?
These attacks even have the power to sway public opinion. Hillary Clinton's election campaign suffered a blow when thousands of emails from her campaign were leaked. An even graver risk would not be simply leaked emails but manipulation to create a false impression that a candidate has done something illegal or dishonourable.
2. More Attacks and Latent Threats Will Come from Insiders
Insiders are often the source of the most dangerous attacks. They are harder to detect, because they use legitimate user credentials. They can do maximum damage, because they have knowledge of and privileged access to information required for their jobs, and can hop between network segments. A disgruntled employee looking to do damage stands a good chance through a cyber-attack.