Here's what 'the brave new world' of cyber security will look like

Photo: Richard Cartwright/CBS via Getty Images

Over recent years, cybersecurity and cybercrime have become areas of increasing concern for both the public and private sector. It is important to note that this is not merely a panic stirred by media and politicians, nor is it a signifier that technology is failing us.

Rather, it is symptomatic of a world increasingly reliant on new and evolving technologies, and the need to be prepared and manage the realties that come along with it.

As controversies during the recent US election demonstrate, no business or organisation is immune from attack, and cybercrime is a professional and organised activity which poses real consequences for international security, politics and economic stability.

Stroz Friedberg, the global risk management firm recently acquired by Aon, has released its Cybersecurity Predictions Report for 2017 which foresees a year marked by continued nation state cyber espionage, increased data integrity attacks and advancement of spear-phishing and ransomware techniques by cyber criminals.

Nation state cyber espionage to influence global politics

Cyber espionage will continue to influence global politics and many will watch upcoming elections in Latin America in nervous anticipation. Meanwhile, volatile countries like Russia, China, Iran and North Korea will continue to develop their capabilities, harnessing cybercrime talent.

On the home front, the Australian government will continue to actively take precautions against threats. 2017 will usher in increased co-operation between the public and private sectors, including follow up on recent developments such as changes to company data breach disclosure laws, and increased funding for various initiatives such as CERT Australia and the Australian Cybersecurity Centre (ACSC).

Data integrity attacks on the rise

A nod to its value to corporations as well as nation states, data and its integrity is set to become another major focus in 2017. It is predicted that criminals will seek to sow confusion and doubt over the accuracy and reliability of information, thus impairing decision-making across the private and public sector. Whereas organisations previously focused their attention on loss and leakage of data, their new focus will be on maintaining integrity and accuracy.

Spear-phishing and social engineering tactics become more advanced

Photo by Christian Vierig/Getty Images

In recognition of organisations increasingly leveraging cloud and IoT technologies, cyber criminals will also increase their focus on the human element as an entry point.

In 2017, it is predicted that advanced social engineering tactics will become more targeted, cunning, and more effective, exploiting the weakest link – employees – that organisations always find challenging to safeguard.

To date, over 80% of cyber insurance claims in Australia have involved spear-phishing and social engineering, predominately ransomware. This will continue, if not increase, as organisations are increasingly accepting that paying extortion is an option.

In response however, we may also see more advanced backup systems from organisations as they attempt to find ways to mitigate this risk.

Cyber criminals to harness IoT devices as botnets to attack infrastructure

This year is also predicted to see an increase in compromised IoT devices. When you consider that in 2017 the number of IoT devices globally will exceed 28 billion, the scale of this threat is really put into perspective. Cybercriminals will harness botnets, interconnected networks of computers infected with malware, as launching points for SPAM, DDoS attacks and anonymising malicious activities.

Australia’s mining and utilities sectors in particular have become hugely dependent on supply chain automation to improve profitability and increase efficiencies. This includes use of IoT technologies, such as driverless trucks. Recognising that an attack on these critical technologies could reap havoc on operations and safety, bad actors will look to test these systems and probe for vulnerabilities.

Industry first-movers embrace pre-M&A cybersecurity due diligence

Adopting cybersecurity due diligence is also set to become a critical part of the pre-M&A due diligence process. As an example, private equity and venture capital firms in Australia have already started looking into the cyber risk management strategies of potential portfolio companies.
In addition, mandates for industry standards compliance, incident response plans and cyber risk insurance will become the norm, with Australian government tenders also inquiring as to how much cybersecurity precautions respondents have undertaken.

Cybersecurity talent development will become a priority

Looking at the above pressures, it is of little wonder that the final major trend we will see in 2017 entails an increased focus on in-house red teaming capabilities. For companies that are not operating in the cyber business, recruiting, motivating, and retaining highly technical cyber talent to keep their red teams at the forefront of cybersecurity will become a major priority.

This push will likely first occur in financial hubs such as Hong Kong, Singapore, London and New York. Some Australian organisations, especially in the banking and finance industry, have already responded with building in-house red team capabilities. The recent passing of the mandatory data breach disclosure laws through the Australian Senate also makes industry best practice now a legal requirement – this something that all company employees should be made aware of.

The above predictions demonstrate that the threat of malicious cybercrime is far from over. In this highly volatile climate, it is more important than ever for all individuals and businesses to adopt precautionary measures against cybercrime. Businesses need to look at their security posture and, if they don’t know what the gaps are, get a risk assessment done.

The single biggest risk to a business is the damage to brand and reputation – both of these could be severely impaired in cases of poor cybersecurity management in future.

Fergus Brooks is the national practice leader of cyber risk at Aon.

Stroz Friedberg is a specialised risk management firm and global leader in the field of cybersecurity. Founded in 2000 and acquired by Aon in 2016, Stroz Friedberg has thirteen offices across major business hubs, servicing Fortune 100 companies, 80% of the AmLaw 100, and the Top 20 UK law firms.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.