George Santayana famously observed that: “Those who cannot remember the past are condemned to repeat it.” In a year where data breaches escalated, and cyber-criminals found yet more ways to infiltrate the enterprise network, this quote came to mind.
So, as 2017 draws to a close let’s look back over the year and reflect and evaluate past events in cyber security, and understand how they happened, so that we can hopefully prevent them from happening again in 2018.
Data breaches continue to happen
As I have already alluded to, data breaches increased in number and severity over the past year. People may have become desensitized to the news, but the number of personal records stolen or lost is staggering. In 2017 alone Uber, Amazon, the US Government, Equifax and Yahoo – to name just a few – all experienced breaches, and there seemed to be another high profile case every month. Investigating and remediating these incidents is costly, with the latest estimates placing the cost of the Equifax breach at $110million alone.
Additionally, we saw simple configuration mistakes leading to breaches in Amazon Web Services. Financial publishing firm Dow Jones & Company and military intelligence agency, INSCOM, for example, left their Amazon S3 buckets accessible and available to any AWS user.
Scrambling for GDPR
2017 saw businesses scrambling to gear up for the General Data Protection Regulation (GDPR) which will come into force in May 2018. It will apply to organizations that are based in or operate across the EU, or which have operations, customers, suppliers or partners within the EU.
GDPR can fine organizations if they fail to adequately safeguard customer data against a breach or fail to report it to the supervisory authority within 72 hours. The fine can be up to €20m, or 4% of the firm’s annual turnover – whichever is greater – which clearly gives regulators a very large stick to use on companies that do not comply.
What is yet to be seen is how the European regulators decide to exercise their legal powers. Come May 25th we might see investigations and fines handed down to any company that loses personal records, and we could see jurisdiction fights as European regulators try to fine businesses that are based in the US. Equally, the threat of large penalties may not be realized: it will be interesting to see how it all plays out.
IoT and the bots
Throughout 2017, attacks on IoT systems were rife, and I believe they will only increase in 2018. At the heart of many of these attacks were Botnets, which were deployed to hundreds of thousands of IoT devices. In 2017 we saw new variants of the Mirai botnet, including Reaper, and new botnets like Satori, all of which specifically targeted IoT devices.
By increasingly allowing IoT devices onto their enterprise network, enterprises are also offering an open back door for bot attacks. Worryingly, recent estimates suggest that up to 75% of organizations globally are infected by bots, and with IoT devices set to increase, we certainly haven’t seen the worst of it yet.
Indeed, Gartner estimates that 8.4 billion devices were connected to the internet in 2017, and a further 2.8billion will be connected in 2018. These new IoT devices usually have little to no security controls built in, so every additional internet controlled thermostat, door lock, vending machine, air conditioning unit that goes online is another attack vector available to attackers.
To prevent bots working their way onto your enterprise networks, make sure to use up-to-date anti-malware and implement layered defenses to limit their lateral movement if they do manage to infiltrate the network. Additionally, next-generation firewalls can monitor network traffic and look for suspicious activity, block suspicious traffic and cut off from their command and control centers. Intelligent network segmentation, separating IoT devices from the rest of the network, will also help to mitigate risk.
Ransomware is here to stay
2017 was also the first year that businesses globally felt the full force of major ransomware attacks. WannaCry impacted businesses and public services across the globe, Cerber convinced many victims to pay up to unlock their encrypted files and NotPetya, claimed many victims including US based pharmaceutical giant Merck, causing at least $300million of damage.
Threatened by the loss of potentially sensitive files that may not be backed up, some businesses have been paying the criminals’ ransom demands. But of course, paying the attackers not only funds criminal activity, it fuels further attacks. So, ransomware is far from behind us.
As with bots, there are numerous security best practices that can prevent, or at least greatly reduce, the impact of the next ransomware attack, including segmenting the network, regular data backups, patching, and security awareness training for employees.
The reality is that data breaches, botnets, ransomware and human errors won’t be going away anytime soon, and organization must remain vigilant. But by looking back at the events of 2017, IT teams can take steps to reduce the chances of falling foul of these attacks moving forward. After all, learning from history can help stop events from repeating again in the future.
About the author: Professor Avishai Wool is the CTO and co-founder of AlgoSec.
Source: infosec island