May 30, 2017 By Scott Koegler 2 min read

Enterprises today face new cyberthreats from many different vectors, including some that didn’t exist just a few years ago. Chief information security officers (CISOs) need to keep their eyes on the evolving ways their companies can be breached and close any gaps to minimize the damage.

Four New Cyberthreats Facing CISOs

1. Ransomware

The latest high-profile cyberattacks have taken a more direct line to profitability while ostensibly becoming less destructive at the same time. The recent WannaCry infestation, for example, halted hundreds of institutions around Europe and affected more than 200,000 computers. Like any ransomware, WannaCry encrypts files and announces itself with instructions to make a payment to receive the decryption code.

This particular ransomware was quickly bypassed, but that doesn’t mean it was financially unsuccessful, and it certainly won’t be the last of its kind. Security teams need to stay current on threat vectors, and keep operating systems and applications up to date with current patches. User education has always been a starting point for enterprise security and is even more important now.

Download the Ransomware Response Guide from IBM INCIDENT RESPONSE SERVICES

2. Dronejacking

As drones become more critical to enterprise operations, supporting initiatives ranging from product delivery to surveillance, they also become more susceptible to hijacking. Aside from the value of the drones themselves, delivery drones carry products that have their own value. Initial drone takeovers will likely target random flights, but more sophisticated attacks will focus on high-value payloads.

Like other Internet of Things (IoT) devices, drones are typically developed with little or no attention devoted to security. CISOs must be aware of the security measures built into any drones they enlist.

3. Machine Learning-Based Social Engineering

Social engineering has been a threat since long before computers and viruses started to extract information from enterprises. The practice persists, but expect to see an uptick as bots begin to apply machine learning to interact with employees. Chat bots are already gaining humanistic traits as they try to perform legitimate tasks and become true assistants.

But the same machine intelligence can be used to train the bots to fool the human on the other side of the conversation. New tools such as Adobe’s VoCo use artificial intelligence (AI) to mimic speech, so conversations can sound believably like anyone whose voice has been recorded and subjected to the program’s algorithms. As these tools become mainstream, fraudsters will leverage them to edit voice recordings much like they use Photoshop to doctor photographs.

4. Hacktivism

Whistleblowers have brought injustices to light across many industries and governments. Similarly, hacktivists specialize in penetrating secure infrastructure to extract digital content in efforts to uncover what they perceive as malpractice.

The proliferation of easily available hacking tools has put sophisticated programs in the hands of amateurs who can use them against companies or governmental entities they feel have acted improperly. CISOs need to stay vigilant and take precautions against external threats, which starts by understanding that hacktivists can also be employees.

Awareness Is Key

Every segment of enterprise technology is subject to cyberattacks. CISOs need to stay aware of possible threats and understand how they may be used to infiltrate, damage and steal company assets.

Listen to the podcast series: Take back control of your Cybersecurity now

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today