Consulting firm Frost & Sullivan recently highlighted the growing threat of cyber attacks, particularly as more industries are becoming increasingly connected to the Internet due to the Internet of Things (IoT).
Analysts at the firm’s Asia Pacific Cyber Security practice shared their key cyber security predictions for 2017. Firstly, they expect Business Email Compromise (BEC) attacks to overtake ransomware and Advanced Persistent Threat (APT) attacks. From January to September 2016, about S$19 million has been lost through BECs in Singapore alone.
"As BECs are relatively easier to execute and evades cyber defense tools better than other popular attack vectors such as ransomware and APTs, it can potentially be the main cyber threat in Asia," noted Charles Lim, Industry Principal, Cyber Security practice, Frost & Sullivan, Asia Pacific.
The analysts also hinted at the possibility of Distributed Denial of Service (DDoS) attacks to bring the Internet down for an entire day in a country. Globally, DDoS volumetric attacks hit over 1 Tbps of traffic and shut down several popular online services in 2016.
Moreover, as authorities become increasingly concerned about the threats of unsecured IoT devices, it will be illegal for these manufacturers to sell their products in countries that demand these devices comply with security standards, they said.
Speaking of innovative technologies, the analysts said that new technologies such as blockchain may be used to enhance trust between stakeholders and facilitate the exchange of threat intelligence among industries.
“The setup of more Information Sharing and Analysis Centers (ISAC) will form platforms for both the private and private sector participants to share threat intelligence”, they added. “Blockchain may emerge as the technology to facilitate the exchange as it authenticates the trusted party to contribute, obfuscates the contributor's detail with anonymity, and offers a tamper proof system that prevents unauthorized alteration of any data shared.”
The analysts further expect more adoption of technologies that focus on threat actors. They noted that more enterprises are working towards trying to know what the attackers are innovating in terms of cyber attack techniques, their next moves, and build up their defenses to counter the new attack vectors. In addition, the experts also foresee more enterprises offering bug bounty programs, which is currently seen as a measure to deter talents from taking up black hat hacking.
Last, but not the least, the analysts predicted that more drones will be used to facilitate cyber attacks. They explained that drones will be an easy way to scan for unsecured wireless traffic as a way of performing war driving attacks.
“While more applications are developed for drones in commercial use, inevitably cyber criminals will think of new techniques in launching a cyber attack. Other possible types of attacks include delivering GPS jamming signals to a vessel or dropping USB drives containing malware to air-gapped critical infrastructures”, they added.