Page 13 - GS170102
P. 13
News
Cyber Security practice analysts consider the leading easy to use. Researchers believe insecure wireless
methods of cybercrime and their potential impact on networks will provide easily accessible methods of
business owners and consumers: transport for nefarious drone attacks.
• Business email compromise (BEC) attacks: Email Drone use in the commercial sector is also on the
continues to be the leading conduit of fraud and rise, adding to the possibility of enterprise-scale
malware, accounting for $19 million in losses in Sin- drone attacks. Analysts believe drones will be de-
gapore between January and September 2016. Glob- ployed to jam GPS signals on marine and terrestrial
al BEC attacks increased 20 percent worldwide in vehicles and to drop contaminated USB drives into
2016, compared with the previous year. Businesses critical network environments.
that transact internationally are most vulnerable to
these attacks, researchers stated. Recommended remedial measures
Charles Lim, Industry Principal, Cyber Security In addition to their predictions and warnings, Frost &
practice, Frost & Sullivan, Asia Pacific, predicted that Sullivan analysts provided salient advice and described
BEC will be more prevalent than both ransomware enhanced security methods for protecting critical
and advanced persistent threat attacks throughout infrastructures. Following are some examples of how
Asia-Pacific in 2017. "As BECs are relatively easier to collaborative efforts and emerging technologies can
execute and evades cyber defense tools better than protect against cybercrime:
other popular attack vectors such as ransomware • Implement emerging technologies: Distributed
and APTs, it can potentially be the main cyber threat ledgers such as blockchain can be used to safely
in Asia," he stated. transmit sensitive intelligence between trusted par-
• Distributed denial of service (DDoS) volumetric ties. "Blockchain may emerge as the technology to
attacks: DDoS attacks caused nationwide Internet facilitate the exchange as it authenticates the trusted
outages in 2016. Cyber attackers exploited device party to contribute, obfuscates the contributor's de-
and network vulnerabilities caused by insecure net- tail with anonymity, and offers a tamper proof sys-
works with insufficient defenses against volumetric tem that prevents unauthorized alteration of any
attacks and default passwords on newly-deployed data shared," researchers noted.
IoT devices, triggering day-long Internet outages in • Share and distribute threat intelligence: The Infor-
some areas. mation Sharing and Analysis Centers (ISAC), a col-
• IoT entry point attacks: Criminals used insecure laborative effort of government and private sector
IoT devices to gain access into numerous business participants, is focused on creating a public forum
networks in 2016, report authors noted. The preva- where individuals and organizations can share in-
lence of insecure devices and default passwords has formation about the evolving threat landscape. Crit-
prompted some governments to expand regulatory ics have questioned some participants' authority,
guidance and security standards for IoT devices, an- warning that untrusted sources may deliberately or
alysts noted. The authors cited a recent botnet attack unwittingly propagate inaccurate intelligence.
on IP cameras as an example of "how manufactur- • Employ enterprise-level, proactive security teams:
ers did not include a security process of changing Researchers found an increased number of enter-
default passwords when connecting the devices to prises committed to staying ahead of attackers by
the Internet." understanding new and evolving cyberattack tech-
• Ransomware attacks targeting healthcare: Health- niques. This improved understanding will help the
care providers were significantly disrupted by ran- teams anticipate criminals' next moves and defend
somware attacks in 2016. Facilities compromised by against new attack vectors.
infected computer systems had to reroute patients to • Initiate bug bounty programs: This relatively new
other hospitals. Major healthcare providers in Asia approach uses crowdsourcing to reward potential
are HIPAA compliant but are vulnerable to attacks hackers who identify a network vulnerability or
due to their legacy infrastructures and weak secu- "bug." By paying the hackers to find and report vul-
rity tools, researchers noted. nerabilities, organizations hope that hackers will be
Report authors noted the importance of protecting motivated to use their talents as a force for good.
personal healthcare data, which many criminals
value more than credit card information, adding, These recommendations are consistent with Frost &
"The healthcare industry needs a good 'cyber health Sullivan's belief in innovation as a core value and the
check' before it is too late." cornerstone of every business. "Identifying, developing
and leveraging innovation will give your company a
• Drone attacks: Mainstream consumer adoption of competitive edge and solidifies your company's long term
drone technology has made drones affordable and success," the company stated.
13
