2016 was a significant year for cyber security. We saw the Russian 'Fancy Bears' hacking team leaking athlete's medical data, the Tesco Bank hack, and the Bank of Bangladesh heist - where US$101 million was stolen in a cyber attack. And all this before we get to the alleged Russian hacking of the US Election campaign...
The hackers and cyber criminals are seriously upping their game. Amongst the most concerning developments is the continuing escalation of ransomware, and the release of the Mirai malware onto the Dark Web in October 2016. Mirai can turn 'Internet of Things' (IoT) devices such as webcams, CCTV systems and home broadband routers into large, malevolent networks called a 'Botnet', which can be used to undertake very large scale Distributed Denial of Service (DDoS) attacks against websites. There is no doubt that we will see an increase in the size and frequency of DDoS attacks in 2017 as a result.
Businesses - as well as the general public - will consequently have to get smarter and more agile if they don't want to fall victim to an increasingly sophisticated and well-coordinated network of cyber gangs.
Is 2017 The Year That Toasters Take Down Big Business?
Whilst the significant DDoS attacks in the latter half of 2016 - including one incident which took down popular sites such as Twitter and Reddit - utilised around 150,000 Mirai infected IoT devices, there are already criminal gangs offering to rent botnets consisting of over 400,000 compromised IoT gadgets on the Dark Web. Such botnets are likely to be included in the arsenal of hacktivist groups such as Anonymous, as well as that of the cyber criminals. We could see DDoS attacks with the capability to knock banks, governments and businesses offline for a significant period of time.
Growth In Crime-as-a-Service Will Require Increased Cyber Education For All
Hackers are now looking to further monetise their skills by offering a range of cyber attacks for hire on the Dark Web. Whilst hiring out IoT botnets for undertaking DDoS is a growing area, I foresee that the real expansion is in ransomware, where the profits can significantly exceed the required investment.
Some cyber criminals are now offering a customised ransomware package for as little as US$100, enabling people with almost no technical expertise to launch a campaign. With one version of the CryptoWall family estimated to have generated US$325m in 2015, it's easy to see why people are tempted.
It's not easy to defend against ransomware - the attackers need only be lucky once, whereas you need to be lucky all the time. Make sure you take effective anti-spam and anti-phishing measures and get used to backing up your data - ideally on a daily basis.
Inspiring Young People Is Key To Bridging The Cyber Skills Gap
The global lack of suitably qualified cyber security personnel - especially at a senior level - is likely to become an increasing issue in 2017. As Boards start to come to terms with the scale of the cyber threat and initiate programmes of work within their organisations, an already small group of available experts will start to reduce. To address this skills shortage quickly, the UK must introduce more information security courses in both schools and universities, create a robust apprenticeship scheme to service a growing SME industry that is crying out for interested and talented young people to train up; and inspire young people early on. We should also look at opportunities for getting those looking to change careers into the industry. After all, what's not to like about a career in cyber security? The pay is good, there are opportunities for global travel and it's certainly a growth industry.
Get Yourself Security Savvy
It's easy to read the stories in the news and get a sense that we cannot win against the cyber criminals. The good news is that there are several measures that we can all take to protect our key data - it just requires some focus and effort. Businesses need to get the fundamentals correct, identify where their weaknesses are, and start plugging the gaps. As individuals there are a number of measures we can take to help protect ourselves and our families. Learn how to construct strong passwords, back-up your data frequently and re-set those factory default passwords on all your smart devices moving forwards.
You lock your front door to help prevent burglars from getting inside your house - in 2017, you need to take measures to prevent the cyber criminals from getting access to your digital life