Digital life for businesses started out with dumb screens, keyboards and the days of the mainframe. This gave way to a simple set-up: a few PCs connected to a server with staff tapping away on keyboards at their desks. Then came laptops, mobiles, tablets and the era of computing on the move.
Next, cloud computing took digital storage and services and put them wherever you and your team needed to work. But with each evolutionary step came new security threats. And in 2017 we’ll see an ever-broadening range of connected devices becoming new “attack vectors”.
Hackers will exploit new methods to get into networks and find new ways to cause business disruption.
Here are seven emerging threats to watch out for next year:
- Biometric hacks
From Apple’s TouchID fingerprint scanning to banks trialing voice or retinal recognition, biometric security has been growing fast in recent years. The traditional log in to an account via username and password is being replaced by more sophisticated technologies.
But is it any more secure? Hackers and security experts have used photographs to beat biometric checks, including claims last year that a high resolution image of an eye could be used to hack retinal scans. Researchers have shown how high definition video of someone’s face, complete with a couple of blinks, is enough to break in to some devices.
Hackers have even shown that impersonation can crack voice recognition. It can be bypassed simply by grabbing a short recording of someone’s voice, either by making a spam call or stealing a voicemail message, so expect to see more biometric hack stories in 2017.
- Connected car hacking
Security researchers made headlines in 2015 when they hacked a driverless Jeep and drove it off the road. Since then trials of driverless cars and autonomous systems – like Tesla’s autopilot mode – have clocked up millions of road miles.
We’re still a few years away from seeing truly autonomous cars for sale on garage forecourts, but the threat of cyber-sabotage was enough to prompt the FBI to warn in 2016 that owners of connected cars would need to ensure software was secure and up-to-date. As more cities and States in the US open up to driverless trials, and more road tests get under way in the UK, there is sure to be more news about car hacking next year.
- Internet of Things hacks
A major botnet attack on Dyn, one of the companies behind the infrastructure of the internet, in late 2016 revealed the vulnerability of the Internet of Things. The attack – which caused disruption for major websites like Netflix, Twitter, Spotify and Amazon – started with hackers exploiting factory-default security settings in hacked digital cameras and video recorders. As more and more previously inert, unconnected devices connect to the internet – from fridges, to toys and thermostats – expect news of more Internet of Things-related hacks.
- Mobile hacks
2016 will be remembered as the year that mobile web browsing overtook desktop browsing for the first time. Hand in hand with mobile browsing comes mobile malware and an ever-rising tide of malicious software designed specifically to target Apple’s iOS or Google’s Android mobile operating systems.
Through 2016 Google stepped up its efforts to clear malicious apps from the Google Play store, while Apple quickly released security patches for iPhones after the discovery of the “Pegasus” malware package that could read users messages or steal contact information. As mobile usage grows, there’ll be more news than ever of mobile malware.
- Virtual reality hacks
Virtual reality headsets generated the biggest tech buzz of 2016. Facebook founder Mark Zuckerberg gave a sneak look at what Oculus Rift has in store in the future; while Google unveiled its new Daydream headset. But as VR grows, expect to hear more about the location and personal data being collected by devices. As more and more apps are developed for VR tech, it would be no surprise to soon hear about the first hacks of VR in-game payment systems.
- Contractors under attack
But it’s not just devices that are vulnerable: it’s people. It’s become a fact of digital life that hackers will look for easy routes into their targets. So, if they want to hack a big business … they look at its contractors.These are often smaller businesses with more limited security systems, processes and resources. There’ll be more news in 2017 of major hacks that originate with small businesses in the supply chain – and there’ll be a growing expectation on small firms to step up their security if they want to win big contracts.
- Cloud under attack
A list of the “treacherous 12” vulnerabilities of cloud computing was unveiled at a major conference in 2016. These ranged from hacked APIs and broken authentication to denial of service (DoS) attacks. But the benefits to business of being able to access data wherever they are – and cut the cost of IT infrastructure by using cloud services – make it an attractive proposition that’s unlikely to lose its appeal any time soon.
But as more businesses adopt cloud storage and services, do not be surprised to read more reports of businesses being locked out, hacked or losing data. It’s a story that’s not going to go away.
Tony Anscombe, Senior Security Evangelist, AVG Business suggests what may be in store for the New Year, “Overall, I think the big story of 2017 is going to be about the broadening range of tactics, channels and platforms that hackers try to exploit to steal data and extort money from businesses. The buzz around new tech – particularly IoT devices – needs to be tempered with serious questions about security.”
“Manufacturers are racing to get products to market and security is being left behind… businesses of all shapes and sizes need to be careful about what new tech they adopt and how they use it. They also need to bridge their knowledge gaps, 1 in 3 businesses we recently surveyed were clueless about ransomware for instance. Small businesses, in particular, need to be more aware of how their data and systems can be hacked and exploited