The biggest Cyber Security threats in 2016 and beyond

Headless worms, machine-to-machine attacks, jail-breaking, ghostware and two-faced malware: The language of cyber-security incites a level of fear that seems appropriate, given all that is at stake. Hackers are launching increasingly sophisticated attacks on everything from critical infrastructure to medical devices.

Hackers

Research company Gartner estimates that there are approximately 6.8 billion connected devices in use in 2016, a 30 percent increase over 2015 and they also predict that by 2020, that number will jump to more than 20 billion connected devices. Put another way, for every human being on the planet, there will be between two and three connected devices (based on current U.N. population projections).

The sheer number of connected devices, or the “Internet of Things,” presents an unprecedented opportunity for hackers. “We’re facing a massive problem moving forward for growing attack surface,” said Derek Manky, Global Security Strategist at Fortinet.

“That’s a very large playground for attackers, and consumer and corporate information is swimming in that playground,” he said. Many consumer connected devices do not prioritise security. As they proliferate, expect the number of attacks to skyrocket. “A lot of these products and services, oftentimes security will take a backseat, so it puts a lot of information at risk,” said Manky.

In its 2016 Planning Guide for Security and Risk Management, Gartner puts it like this: “The evolution of cloud and mobile technologies, as well as the emergence of the ‘Internet of Things,’ is elevating the importance of security and risk management as foundations.” Smartphones present the biggest risk category going forward. They are particularly attractive to cyber criminals because of the sheer number in use and multiple vectors of attack, including malicious apps and web browsing.

“We call this drive-by attacks — websites that will fingerprint your phone when you connect to them and understand what that phone is vulnerable to,” said Manky.

Apple devices are still the most secure, said Manky. “Apple’s had a good security policy because of application code review. So that helps, certainly, to filter out a lot of these potential malicious applications before they make it onto the consumer device,” he said. “With that, nothing is ever safe,” he said.

Smartphone Security

This year has seen the emergence of entirely new worms and viruses that are able to propagate from device to device such as “headless worms”: malicious code targeting “headless devices” such as smartwatches, smartphones and medical hardware.

“These are nasty bits of code that will float through millions and millions of computers,” said Manky. Of course, the potential for harm when such threats can multiply across billions of connected devices is orders of magnitude greater. The largest we’ve seen to date is about 15 million infected machines controlled by one network with an attack surface of 20 billion devices. Certainly that number can easily spike to 50 million or more,” said Manky. “You can suddenly have a massive outage globally in terms of all these consumer devices just simply dying and going down.”

Expect a proliferation of attacks on cloud and cloud infrastructure, including so-called virtual machines, which are software-based computers. There will be malware specifically built to crack these cloud-based systems.

“Growing reliance on virtualisation and both private and hybrid clouds will make these kinds of attacks even more fruitful for cyber criminals,” according to Fortinet.

At the same time, because apps rely on the cloud, mobile devices running compromised apps will provide a way for hackers to remotely attack public and private clouds and access corporate networks.

As police services and government departments boosts their forensic capabilities, hackers will adapt to evade detection. Malware designed to penetrate networks, steal information, then cover up its tracks are emerging and will continue to spread. So-called ghostware will make it extremely difficult for companies to track exactly how much data has been compromised, and hinder the ability of police services to prosecute cyber criminals.

“The attacker and the adversaries are getting much more intelligent now,” said Manky.

Alongside ghostware, cyber criminals will continue to employ so-called “blastware” which destroys or disables a systems when detected. “Blastware can be used to take out things like critical infrastructure, and it’s much more of a damaging attack,” he said.

“Because attackers may circumvent preventative controls, detection and response capabilities are becoming increasingly critical,” advises Gartner in its report.

Word Cloud

Many corporations now test new software in a safe environment called a sandbox before running it on their networks.

“A sandbox is designed to do deeper inspection to catch some of these different ways that they’re trying to change their behaviors,” said Manky. “It’s a very effective way to look at these new threats as we move forward.”
That said, hackers in turn are creating malevolent software that seems benign under surveillance, but morphs into malicious code once it’s no longer under suspicion. It’s called two-faced malware.

This is at least partially the sheer volume of attacks is so high — Fortinet sees half a million security threats per minute.

“Companies should definitely enforce more security policies,” said Manky. “Security’s becoming a board level discussion, so that’s already happening, and it should continue to happen.”

Part of any cyber-security strategy should be the use of antivirus software, the education of employees not to click on unknown attachments or links as well as keeping software up to date, also know as patch management.

“A lot of these devices are not going to be patched that quickly or they might not have an update mechanism on them,” said Manky. “Certainly, any time a patch becomes available, companies should enforce that because these are closing a lot of the holes where attackers are navigating through.”

Here is how Gartner frames it for business seeking to protect themselves in 2016 and beyond. “While some traditional controls have or will become less effective, techniques such as removing administrative privileges from endpoint users should not be forgotten. Similarly, vulnerability management, configuration management and other basic practices have to be priorities in organisations that have not yet implemented them effectively.”

And ultimately, something is better than nothing, advises the firm: “Addressing priorities does not mean striving for perfection, but rather ensuring, at least, that critical exposures are remediated (or, if applicable, mitigated with compensating controls) and that the residual risks are minimal and acceptable (or at least enumerated and tracked).”

We will rebuild

loss assessor galway, loss assessor donegal,

Could not pass this up… Within 1 hour of the earthquake in Donegal, this was being posted online. Great sense of humour.

As a firm of Loss Assessors based in Galway, Dublin, Limerick and Kilkenny we often deal with situations where people have just suffered a loss and are often distressed and in shock. Its amazing in these situations how well people keep things in perspective, despite the predicament they find themselves in .

 

On the Grapevine with Benen Tierney

Sean Cleary was interview recently by The Grapevine with Benen Tierney on Castlebar Community Radio. This interview is a great introduction to Loss Assessing and what it entails. To listen to the interview just click on the link below. We welcome your comments. Click here to listen to the interview

10th Eircom PhoneWatch Published

Eircom PhoneWatch have recently published their 10th annual Burglary Report revealing an 8.5% increase on last year’s figures. Over the ten years that they have been carrying out their surveys over €700m worth of goods have been stolen from Irish homes.

Speaking at the launch of the report Eoin Dunne, Chief Executive of Eircom PhoneWatch commented “Over the ten years that we have reported on burglary in Ireland, one insight remains constant – burglary regardless of boom or bust is a crime phenomenon, which is simply not going away. The figures consistently demonstrate that the vast majority of burglaries take place while the home is occupied, thus increasing the risk of confrontation and personal danger, so it is of particular importance that people become more security aware while they are in the home. This year’s findings also indicate that burglars are more audacious than ever. As the winter months approach, which over the past ten years has been the busiest for burglars home owners need to be aware that there are simple measures that can be introduced today to make their home more secure”. Continue reading 10th Eircom PhoneWatch Published

The Bankers Interest

Over the years we have dealt with a very large number of household claims. When dealing with large settlements we have discovered surprisingly, time and time again, that the insured will not be aware of the banks interest on their property. If there is a mortgage on your home your bank will have an interest in your property and your insurer is obliged to make your settlement cheque payable to you and your bank if they are aware of that interest. This is where problems arise following a claim.

The bank may be slow to pass the funds on to you – whether you are behind in your payments or not. Due to the confidential nature of our business we cannot talk about specific cases but we have put together the following scenario which is based on cases that we have dealt with;

Continue reading The Bankers Interest

Earthquakes! In Ireland?!

You may or may not be aware of them, but from time to time earthquakes occur in Ireland. Their frequency is rare and their impact is minimal but did you know that almost all insurance policies cover them?

On Tuesday and Wednesday the 26th and 27th of January this year Donegal was hit by two minor quakes measuring 1.5 and 1.7 respectively on the Richter scale.  This brought the number of quakes in Donegal in January to 3! Quakes in Ireland are nothing new, in 1984, an earthquake hit Dublin which measured 5.5 on the Richter scale. This is the largest ever recorded in Ireland. The aftershocks from this quake measured up to 4 on the Richter scale. Continue reading Earthquakes! In Ireland?!

Storm Damage & Your Policy

Storm Damage & Your Policy

Global Warming?, Whatever your views on climate change or its causes, one need only look out a window to see the major changes in the Irish weather. We now receive heavier downpours, more severe flooding from storm surges, higher winds and more frequent and prolonged spells of bad weather.

Ultimately, storms in Ireland are more frequent and more severe. Your home insurance policy will cover the cost of repairing your home following storm damage, but here are a few tips to minimize damage where possible.

Batten Down the Hatches. Continue reading Storm Damage & Your Policy

Do you live in a flood risk area?

Flooding is a natural process which can happen at any time in a wide variety of locations across Ireland. Assets at risk from flooding can include housing, public infrastructure, commercial property and industrial enterprises. Understanding flood risk is an essential step in managing the associated impacts and making informed decisions.

There are two major causes of flooding: Continue reading Do you live in a flood risk area?

Fire Prevention – Top tips for home owners

Fire Prevention

Every year 46 people die in the Republic of Ireland as a result of fire. Over 1,000 are seriously injured from smoke inhalation and burns and millions of euro’s worth of damage is caused. Sadly, most of these incidents could have been avoided given a basic level of fire safety awareness.

A fire in the home can have horrific consequences including death or serious injury, psychological trauma and financial and sentimental loss. The advice set out below will help you to avoid and fire and let you know how to react if one does occur. Continue reading Fire Prevention – Top tips for home owners

Burglary – Simple steps to lessen your risk

Burglary – A crime on the rise.

According to the 2008 Eircom Phonewatch Burglary Report, burglaries in Ireland increased by a whopping 32% over a one year period. In this post, we are going to give you some good advice on how to minimize your risk of becoming a victim of this crime. Firstly we will take a look at some of the figures from the Eircom Phonewatch report.

Between June 2007 and June 2008 over €100m worth of goods were stolen from Irish homes, give that figure a moment to sink in, €100m! The report also showed that a staggering 80% of burglaries took place while occupants are in the home. Continue reading Burglary – Simple steps to lessen your risk