Businesses have been urged to redouble efforts to boost their cybersecurity resilience with hackers becoming increasingly sophisticated.
Fujitsu’s Threat Predictions Report 2017 has warned that hackers could conceivably disable smart lighting grids across entire cities and are likely to harness machine-learning to launch hitherto unseen types of attack.
Faced with an evolving threat landscape, governments and enterprise-level organisations must be more vigilant in bolstering resilience and harnessing machine-learning innovation themselves, says Fujitsu. Detecting anomalies in web-traffic patterns, for instance, machine learning – also known as artificial intelligence – can give organisations earlier warning and offer scope for a more proactive approach to risk mitigation.
The Japanese electronics giant has also predicted that banks will come under greater attack over the next 12 months. Until now, banks have been remarkably resilient, but a recent breach at Tesco Bank, which affected 40,000 accounts, is by far the biggest crime of its kind to date. And now Fujitsu is forecasting a growth in banking Trojans that target older, more vulnerable back-office applications.
As international banking networks scramble to establish mandatory controls, the report asserts that this “still presents a window of opportunity for cybercriminals”.
A greater focus on vulnerabilities in supply chains is another trend highlighted by the report, whose full title is ‘Blind spots and security basics – letting your guard down could cost you in 2017‘.
“Housekeeping tasks”
The Fujitsu Security Operations Centre, which conducted the research, concluded that lax security practices are leading to avoidable breaches. “An amazing number of businesses don’t carry out the simple – yet vital – housekeeping tasks that cut down on risks,” it says in the report.
These “housekeeping tasks” include rigorous vulnerability patching and vigilance in granting access privileges only to users who need them, when they need them. Companies are “needlessly vulnerable to data loss, data theft or external disruption of their systems” because of neglect in these areas, says the report.
Fujitsu also says that encrypted channels that provide external access to critical systems in order to facilitate remote working can inadvertently allow hackers to roam inside breached networks undetected. It’s “a blind spot, with attacks over encrypted channels being missed due to the lack of SSL inspection capabilities”.
“Every move to tightening up cybersecurity means an exponential decrease in vulnerability,” says Rob Norris, VP and head of enterprise cybersecurity (EMEIA) at Fujitsu. Many organisations have not yet fully realised that when you depend on computing to run your business, then being offline essentially means being out of business.
“It’s not only financial risk but also the cost of damage to your reputation from data loss and theft. Our new report highlights some easy steps that any organisation can take to ensure they are not needlessly exposed to data loss, data theft or external disruption of their systems.”
Fujitsu Security Operations Centre (SOC) – whose remit is detecting, analysing and neutralising threats – has highlighted the following top 10 cybersecurity trends for 2017:
- Network blind spots
- Articifical Intelligence making for smarter security
- Banks are in the firing line
- Attackers will shit their attention to mobile devices
- We will see how clever smart cities realyl are
- Rapid recovery required to protect reputations
- Business will want their data in the safeest jands
- Global clients will keep a beady eye on supply chains
- Boards are waking up to the truth of cyber security
- The biggest problem still remains in the basics
Listen to the IFSEC Insider podcast!
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
