The McAfee Labs 2016 Threat Predictions report identifies top threats for the coming year as well as predictions for future cyber threats through 2020. The following is a summary of the report’s findings:
Hardware: Attacks that exploit flaws in both hardware and firmware components are expected to continue; security experts recommend being mindful of this potential avenue of exploitation below the level of the operating system.
Ransomware:
Ransomware attacks will likely become more common and more sophisticated. “Ransomware-as-a-service” is expected to continue growing, which will allow inexperienced cyber criminals access to the ransomware. Additionally, experts predict that ransomware will expand beyond Windows and also start targeting the increasingly popular Mac OSX.
Wearables:
Wearable devices are becoming much more popular. While these devices don’t store very sensitive data themselves, they do connect to smartphones via Bluetooth, offering criminals a new potential “back door” into a user’s smartphone. The report suggests that cyber criminals might, for instance, use GPS data gathered from a user’s fitness tracker to create spear-phishing email attacks that the user is more likely to open.
Automobiles:
Wired magazine stunned the automotive world in July 2015 when it ran a feature story outlining how a couple of enterprising hackers remotely commandeered a Jeep Cherokee. Experts predict a rise in the number of exploited zero-day vulnerabilities but even identified threats pose a problem, because some companies cannot issue remote updates to certain car models.
Integrity:
Integrity attacks represent a new, and potentially costly, type of cyber attack that most companies have seen in the past. Unlike other cyber attacks in which criminals simply damage or steal data, integrity attacks involve criminals selectively and surgically altering data in communications or transactions in ways that benefit them. Experts anticipate integrity attacks will heavily affect the financial sector in 2016 as criminals find methods of intercepting and redirecting their targets’ legitimate transactions to their own bank accounts.
The report also mentioned that employees’ home systems, Cloud services and cyber espionage are likely cyber threats in the coming year. Regardless of the source, it’s clear that guarding yourself from cyber attacks involves identifying your exposures and developing strategies to protect yourself from each developing risk. Contact your advisor at NCW Insurance today to ensure your cyber risks are appropriately covered.
Moody’s to Consider Cyber Attacks in Credit Assessments
Moody’s Investors Service announced recently that cyber attacks are becoming a larger part of the agency’s credit assessment and analysis processes. While Moody’s made it clear that it doesn’t consider cyber risk a principal credit factor, the agency has begun assessing cyber attacks as “event risks.” An event risk is a rare but potentially severe risk, much like a storm or other natural disaster that the company includes in its stress tests as it runs its credit analyses.
The growing number and severity of cyber attacks have made such a move necessary, as companies find themselves sometimes paying hundreds of millions of dollars to counteract the damage of a single data breach. Moody’s has released a report highlighting three important areas for companies to think about when considering the credit impact of a cyber attack:
The type and importance of the affected asset or business
The duration of the service disruption
The scope of the business or assets affected by the cyber attack