Georgia Tech just released its annual Emerging Cyber Threats Report for 2014. They have been publishing reports for several years that looks ahead to security issues with data and devices connected to the Internet. As usual, they have summarized a number of threats that companies should be aware of.
Companies Assume the Cloud is Safer than it is. Most companies store their data in the cloud in exactly the same format as it would be stored on a local LAN. This means there is no additional security other than whatever is provided by the cloud provider.
While companies can add additional encryption to cloud-stored data, there is a trade-off between encryption and the accessibility of data by employees, so few firms add the additional encryption.
Unencrypted data can be compromised as has been seen by some of the attacks by the Chinese on companies like Google. But aside from national cyberwar threats, data in the cloud can be hacked in much easier ways, including the next threat which is
Employees are Accessing Corporate Data with Bring-Your-Own Devices. Many companies are allowing BYOD since it saves them a lot of money from buying every employee smart phones and tablets, and it also lets each employee use devices they are comfortable with meaning a lot less training.
BYO Devices create an easy path to hacking into corporate data. For example, somebody hacking, or just coming into the possession of a phone from an employee might have wide-open access to corporate data.
Very Little Security for the Internet of Things. Today we are already starting to see the proliferation of devices that connect wirelessly to networks. This first generation of devices has not paid a lot of attention to security. I am not sure that I care that much if my coffee maker or smoke alarm or sprinkler system are not encrypted. It’s unlikely that anybody would take the time to hack them, and if they did all I might get are some really wet fruit trees.
But the Internet of Things is advancing faster in areas of business automation than it is in the home. The Internet of Things in an industrial setting already includes things like security cameras, devices that sense the presence of various chemicals, thermostats and the equivalent timing devices used during the manufacturing process. And soon the Internet of Things is going to include medical devices and other things that none of us want to see hacked.
And I certainly care if somebody hacks into a heat sensor or water control valve at a nuclear reactor site or hacks into the manufacturing process at an oil refinery.
Mobile Devices Will Become the Focus of Hackers. Until now there has not been a lot of successful malware used against smart phones and other mobile-connected devices. However, these devices are no less susceptible to hacking than are PCs and network servers.
Georgia Tech sees an uptick in attempts to hack into cell phones in various ways. Obviously there be malware that will be distributed in the same manner as with computer spam. But more insidious is the idea of hacking directly into apps so that millions of users download malware with a normal update of a popular application.
And of course, as mentioned above, hacking into cell phones is a lot scarier when those phones have access to work and government networks.
Expect Cyber Attacks Meant to Ruin Corporate Reputations. One thing that has been seen with attacks by foreign governments is that these attacks aren’t always aimed at government sites, but instead at the biggest and most popular companies in the country. The goal is to breach the data and security at big US companies in order to make the general population lose trust in using them. So we have seen attacks leveled at US banks and big companies like Google and Facebook.