Whether it’s a sophisticated threat group or simply an amateur, organisations, big and small, are now more than ever in the crosshairs of attackers. 2015 had a fair share of incidents such as the cyberattack on TV 5 Monde, by the ISIS-linked ‘Cyber Caliphate’. But the year also saw campaigns from alleged state-sponsored actors, including the group responsible for breaching Anthem’s IT system and stealing personal information on millions of current and former customers and employees, writes Ray Kafity, Vice President for the Middle East, Turkey and Africa (META) at FireEye.
Disruption driving the security market
Disruption is a valid concern in 2016 and the losses associated with business disruption are considered some of the highest. Since 27 per cent of all attacks are considered advanced and targeted, the potential for an attack to interrupt productivity is great.
In certain circumstances, disruption can be more than just the inability to perform regular work operations. Due to certain high-profile incidents, chief information security officers (CISO) have had to change their risk profile. There is now a chance that someone could just break in and delete everything, without any risks or repercussions involved.
Investments in infrastructure making industries liable to attack
Another valid concern in 2016 is the growth of infrastructure-based attacks. As heavy industries such as the energy sector invest in new technologies to automate production, the potential for attacks inevitably grows. We will start to see more visible attacks against industrial control systems (ICS). Additionally, environments shifting to Wi-Fi will broaden the attack surface, potentially opening the doors to increased cyber terrorism aimed at critical infrastructures. To stay ahead of all threats, the C-level and boards will need to address ICS security in their risk reviews and begin allotting a larger budget to protection.
Energy sector still under threat
2015 was characterised by a spate of attacks on the oil and gas industry. The energy sector has long been the mainstay of regional economies and as the GCC consolidates its position as an economic hub, 2016 will witness further cyber attacks on this sector.
The Internet of Things and the rise of smart cities
The notion of a connected home brings up the emerging idea of the Internet of Things. According to IDC, IoT-related expenditure in the Middle East is set to rise at a five-year growth rate of 21.9% to total $10.18 billion by 2018. New internet-enabled devices are being released regularly these days, and many have weak security controls, allowing for new ways of accessing data. These “things” could be held hostage by ransomware, which will subsequently lead to extortion. As smart city initiatives, centred on the Internet of Things, pick up in the region, various cybersecurity issues will need to be addressed.
Payment systems as a channel of attack
Though still at a nascent phase, the popularity of mobile wallets, magstripe readers and other similar payment systems is growing rapidly, but without the protection needed to secure transactions. The proliferation of these systems gives potential attackers another front to launch cyberattacks. As a result, we will likely see an increase in malware targeting these systems.
Attacks on iOS devices set to rise
Apple’s market share in desktop and mobile continues to increase and this, consequently, makes the tech company’s products more exposed to attack. Apple’s traditionally secured software and devices have experienced various threats in recent years, such as the first masque attacks in 2014, a threat that replaces authentic apps with malicious ones. 2015 saw the discovery of three new masque attacks. XcodeGhost, a previously identified iOS malware, managed to make its way into the App Store. FireEye researchers recently discovered that the threat had entered US enterprises, and that a more advanced variant called XcodeGhost S had been previously undetected.
Government will be a key player in cyber security initiatives
The government has an important role to play as well. Many GCC countries have established independent national cyber authorities which report directly to the government. A key area of focus is building a new generation of experts to defend critical network infrastructure (CNI) entities from threat actors. It is also imperative to ensure that CNIs to comply with certain cybersecurity laws and regulations. Government will continue to drive more security investments and put more laws into effect.
The key to a successful and comprehensive cybersecurity strategy is when the private sector complements government efforts. An example is the launching of the Data Law in the UAE, which will facilitate data sharing between government sector entities and private companies with ease.
Recommendations
Altogether, organisations need to focus on prevention in 2016. Compromise is inevitable and companies would do well to work on quick response. Products should be set to ‘block’ and ‘protect’ instead of ‘alert’. Ultimately, organisations must improve in rapidly detecting, responding to, and stopping attacks. In 2014, attackers remained on networks for an average of 205 days before being detected, which is far too long.
When it comes to future mergers and acquisitions, organisations should exercise diligence. Acquiring a company could also mean acquiring tainted networks and compromised intellectual property. In order to ensure a secure merger, groups will have to increasingly rely on compromise assessments.
Conclusion
Additional predictions include more destructive attacks, improved counter forensics, attacks aligned with conflicts, and a growing number of threat actors. More attackers will move to the cloud, hosting command-and-control servers on popped cloud virtual machines, and use social media channels for communications.
In the constantly evolving world of cybersecurity, many of these predictions are already beginning to come true.