Enterprises today face new cyberthreats from many different vectors, including some that didn’t exist just a few years ago. Chief information security officers (CISOs) need to keep their eyes on the evolving ways their companies can be breached and close any gaps to minimize the damage.
Four New Cyberthreats Facing CISOs
The latest high-profile cyberattacks have taken a more direct line to profitability while ostensibly becoming less destructive at the same time. The recent WannaCry infestation, for example, halted hundreds of institutions around Europe and affected more than 200,000 computers. Like any ransomware, WannaCry encrypts files and announces itself with instructions to make a payment to receive the decryption code.
This particular ransomware was quickly bypassed, but that doesn’t mean it was financially unsuccessful, and it certainly won’t be the last of its kind. Security teams need to stay current on threat vectors, and keep operating systems and applications up to date with current patches. User education has always been a starting point for enterprise security and is even more important now.
As drones become more critical to enterprise operations, supporting initiatives ranging from product delivery to surveillance, they also become more susceptible to hijacking. Aside from the value of the drones themselves, delivery drones carry products that have their own value. Initial drone takeovers will likely target random flights, but more sophisticated attacks will focus on high-value payloads.
Like other Internet of Things (IoT) devices, drones are typically developed with little or no attention devoted to security. CISOs must be aware of the security measures built into any drones they enlist.
3. Machine Learning-Based Social Engineering
Social engineering has been a threat since long before computers and viruses started to extract information from enterprises. The practice persists, but expect to see an uptick as bots begin to apply machine learning to interact with employees. Chat bots are already gaining humanistic traits as they try to perform legitimate tasks and become true assistants.
But the same machine intelligence can be used to train the bots to fool the human on the other side of the conversation. New tools such as Adobe’s VoCo use artificial intelligence (AI) to mimic speech, so conversations can sound believably like anyone whose voice has been recorded and subjected to the program’s algorithms. As these tools become mainstream, fraudsters will leverage them to edit voice recordings much like they use Photoshop to doctor photographs.
Whistleblowers have brought injustices to light across many industries and governments. Similarly, hacktivists specialize in penetrating secure infrastructure to extract digital content in efforts to uncover what they perceive as malpractice.
The proliferation of easily available hacking tools has put sophisticated programs in the hands of amateurs who can use them against companies or governmental entities they feel have acted improperly. CISOs need to stay vigilant and take precautions against external threats, which starts by understanding that hacktivists can also be employees.
Awareness Is Key
Every segment of enterprise technology is subject to cyberattacks. CISOs need to stay aware of possible threats and understand how they may be used to infiltrate, damage and steal company assets.