A new IDC survey has revealed that industry professionals believe that the internet of things (IoT) will pose the biggest security threat to their business in 2017, with respondents citing the rise of DDoS attacks and botnets as key concerns in this area.
“A single IoT botnet (Mirai) managed to cripple the internet for several hours by simply targeting one of the major DNS providers,” said Catalin Cosoi, chief security strategist at Bitdefender. “This is, simply put, a level of control over worldwide communications that was previously reserved for the most powerful state actors, now in the hands of unknown individuals.”
“IoT applications are a key feature of the home of the future and these could easily become at risk to ransomware, as attackers deny access to underlying hardware and services, unless the owner is willing to pay a sum of money,” adds Quentyn Taylor, director of information security at Canon Europe. “The industry must look at how security should be adapted and guidelines introduced as this will be crucial to ensuring security is made a fundamental part of all future IoT products by the industries own hand and not enforced by legislation.”
Breaches related to staff and users came in second. “In our opinion, people may be the weakest link in cyber security for 2017,” says Andy Thomas, managing director at CSID Europe, a part of Experian. “With social engineering attacks on the increase, people are fast becoming the biggest vulnerability, particularly to organisations. We believe that a lack of available consumer education about cybersecurity is the biggest security threat because without education, consumers may be more likely to fall victim to phishing and malware traps.”
Amongst the general comments a wide number of different threats were highlighted. Data – and the vast glut of personal details now for sale on the dark web got a mention. “Hackers will no longer simply be stealing data, but instead aim to gain unauthorised access to manipulate vital data – which businesses will make important decisions on – for a number of ulterior motives, such as financial or reputational,” said Jason Hart, CTO for data protection at Gemalto.
The continued reliance on passwords, the rise of criminal AI and the increased professionalisation of cyber skills were also called out. “As AI becomes commoditised, we can expect cyber attackers to take advantage in a similar way as businesses: 2017 will be characterised by the first AI-driven cyberattack, which will transform the ‘advanced attack’ into the common place, and attacks that were typically reserved for nation-states and criminal syndicates will now be available on a greater scale,” said Matt Middleton-Leal, regional director, UK, Ireland and Northern Europe at CyberArk.
Read the responses in full here.
Share this story