Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.
According to a report highlighting findings from the Identity Theft Resource Center and CyberScout:
- Data breaches in the U.S. reached an all-time high in 2016, with the number of breaches tracked reaching 1,093, a 40% increase from the year earlier
- The financial services industry accounted for only 52 of the breaches, or 4.8%, making it the least hit of the five industries tracked. Business, healthcare, education and the government and military were hacked more than the financial services industry
- For the eighth consecutive year, hacking, skimming and phishing were the main drivers of data breaches, representing 55.5% of all reported incidents. Many were due to CEO phishing in which sensitive data is exposed
- While consumers and businesses are constantly warned to pay close attention to their email, breaches that used email and the internet as a way to hack people only accounted for 9.2% of all the hacks, while employee error was responsible for 8.7% of the hacks.
This isn’t the first data set to show that data breaches surged in 2016. According to Gemalto’s Breach Level Index, in the first six months of 2016, data breaches rose 15%, and the number of compromised data records jumped 31% compared to the previous six months. The findings also revealed that 64% of all data breaches involve identity and personal data theft.
A new report has revealed 95% of cloud services used by enterprises aren’t enterprise ready.
The January 2017 Netskope Cloud Report reveals a staggering 82% don’t encrypt data at rest, 66 per cent don’t specify in their terms that the customer owns their own data, and 42% don’t allow administrators to enforce password controls.
The report also shows an increase in the use of cloud services – with an average of 1031 cloud services in use per enterprise, up from 977 in the previous quarter. The retail, restaurant and hospitality industry was the biggest user of cloud services (1193), followed by financial services, banking and insurance (1132).
By Cameron Abbott and Allison Wallace
With the EU heading full throttle towards the implementation of new data protection regulations in May 2018, there has been a lot of buzz around the impact the regulations will have, not only on day-to-day life, but other existing regulations.
One of these regulations is the Directive 2002/58/EC aka the ePrivacy Directive, which has been urgently reviewed ahead of the data protection regulations being implemented.
SAP has expressed concerns over the implications of the landmark EU data privacy regulations, saying the penalties that will be imposed are too high, and could impede the development of Europe’s start-up culture.
The data privacy regulation will be implemented in May 2018, and includes fines for EU companies up to 4 per cent of their global revenues if they commit a significant breach of data privacy.
In an interview with the Financial Times, SAP’s head of products and innovation, Bernd Leukert said he believes the penalties are too high, and put companies at risk of losing their entire revenue if they commit multiple breaches.
Mr Leukert said he also fears that the EU regulations were not properly aligned with laws in other jurisdictions, such as the US.
A survey of nearly 600 organisations across a variety of industries globally has revealed 98% of these organisations experienced some form of cyber-attack in 2016. (We are left wondering if the other 2% just didn’t notice?)
The survey, conducted by cyber-security company Radware, also found that many organisations are still not prepared to face the threat landscape including that 40% of organisations do not have an incident response plan in place.
Respondents indicated that ransom was the top motivation behind cyber-attacks (41%), followed by insider threats (27%), political hacktivism (26%) and competition (26%).
Radware’s Vice President of Security Solutions, Carl Herberger, says that money is the top motivator in today’s threat landscape. He says “attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data”.
Radware predicts that in 2017, we will see an increase in the use of IoT botnets, cyber ransom, telephony DoS, permanent denial of service for data centre and IoT operations, and public transport being held hostage.
Not the most positive outlook for 2017, but it would be a brave person to suggest they are wrong with those predictions.
There was a 50% growth in the adoption of cybersecurity-related insurance in the UK between 2015 and 2016.
CFC Underwriting discovered the trend after polling industry representatives at the 2016 Cyber Symposium late last year.
The underwriter, which provides cyber insurance to more than 20000 clients globally, found the factors driving clients to purchase these kinds of policies included the “fear factor” of a cyber attack (23%) and the impending introduction of the European General Data Protection Regulation in 2018 (26%).
More than half of the respondents to the poll (53%) indicated they believed electronic computer crime will lead to an increase in insurance claims. Earlier figures released by CFC Underwriting revealed it handled over 400 claims on cyber policies in 2016, a 78% increase on 2015.