The excitement of a brand-new year will only last until the 2018 cybersecurity threats start to kick in.
2017 has given us record-breaking breaches, some extremely sneaky malware, and a Wi-Fi protocol that we can’t trust. At NuData we are unwrapping the four topics that will make headlines next year. Here is the 2018 cyber threat landscape you have to be ready for:
IoT – The internet of too many things
By 2020 we will have 50 billion devices connected to the internet, according to Software.org: BSA Foundation. Connected objects are everywhere; they range from cameras to thermostats, including TVs, watches, and trucks. The growth of mobile devices and sensor technologies will also create a world of omni-channel retail and personalized buying experiences. IoT devices used for online payments come with high levels of security to protect the consumer. However, connected devices that are not designed for online payments can come with important security flaws.
It’s not hard to create objects that connect to the internet; what is crucial is making them secure for the consumer while not impacting the consumer experience. Sure, a Wi-Fi camera takes great pictures, but it can also be incredibly easy to hack for fraudulent access. This is because the camera is probably not developed to protect the customer from cyber attacks. Unlawful access to IoT devices is especially delicate as it endangers not only the customer’s digital persona but also the physical one; a bad actor can block your smart car’s brakes… while you drive.
IoT can also facilitate virtual espionage. Impostors can turn on your TV or any other device that captures sound (Alexa Voice Service and Siri, for instance) and eavesdrop on your conversations.
It is not the unregulated nature of these devices that is the problem; they are regulated. The product works and meets technical standards; ergo it can be sold. The issue is that many devices have little or no security built into them. Your smart refrigerator may not have a button to turn its system on and off but, with a bit of code, a hacker could do that without breaking a sweat.
Ironically, the public doesn’t seem aware of the danger they are exposing themselves to by purchasing these items. According to a Keeper Security survey, 63% of U.S. millennials said they are not aware of the IoT security risks and, similarly, “63% of millennials say they don’t take [the] evaluation of [the] security of IoT devices seriously.”
Firewalls with no walls
A firewall is a system created to prevent unauthorized access to or from a private network. Bad actors have found a way – many ways, actually – to make sure your house or company firewall acts less like a wall and more like an open door to fraud.
When it comes to electronics, it’s a dangerous proposition to put up a firewall for your home or company. If you end up installing a counterfeit firewall, it will only make it easier for bad actors to access your digital space.
We are seeing fake chips installed on equipment that was destined for corporations (routers, firewalls, etc.) that are modified after the factory or even while in the factory.
Identifying the legitimacy of a firewall is becoming an extremely complicated task and, as technology allows for more sophisticated forgeries, next year will bring us larger counterfeit schemes.
Static data on the move
With the static data being stolen and released on the dark web, the industry will increasingly stop relying on or trusting it. Next year we will see more companies making the shift from security solutions that rely on static data only to tools that also look dynamically at the user’s behavior and biometrics. Many companies are already making this switch and, by doing so, they see an improvement in their fraud capture rate. Emerging technologies that include biometrics as a way to look at the human behind the device are proving up to the task.
Companies realize they can’t trust a password and a few pieces of personal information as these are overly shared across the internet. Instead, an approach that evaluates the human behavior through passive biometrics will protect customers and businesses – a turn that will gain momentum next year.
The Frankenstein identities
Fraudsters who create fake online identities using bits and pieces from real ones are in luck. After this year’s epic data breaches (Equifax, Yahoo, and Verizon, to name a few) the exposed record’s scoreboard is pushing 10 billion. These records will be used next year – if they haven’t been used yet – not only for account takeover but also for synthetic identity theft.
Aside from creating false accounts, impostors can get approved for credit through fake identities. When an impostor creates a false identity to apply for credit, the financial institution does what is called a ‘bureau pull’ based on that data. The identity doesn’t exist, but by pulling a bureau, a new identity is created automatically; a brand-new invented individual with no credit activity and no debt either. This Frankenstein persona can have Monica’s full name, Bob’s date of birth, and Tania’s address. Sadly, an invented empty bureau that has no debt is enough for some financial companies to lend money.
Technologies that can evaluate customer behavior and combine it with layers that look at physical biometrics will take center stage. Now is the time for companies to revisit their next year’s cybersecurity resolution to prevent being affected by these plots. Our new year resolution is to help companies implement these strong multi-layered solutions so that our predictions don’t stand a chance.
Related to this post: Five Tips for National Cybersecurity Awareness Month
Want to learn more online authentication? Watch In a Breached World, our webinar featuring Forrester.
Want to read more posts like this? See our full blog here.