Deon Olton of the Caribbean Cyber Security Center shares his organisation’s cybersecurity predictions for 2015.
Our 2014 predictions and awareness mission covered attack vectors across websites, data, email, and networks due a rise in malware infestations as well as a rise in persons being victims of cybercrime across the Caribbean. In 2014, five of the six forecasts were right on the money and gave a valuable insight into preparations to pro-actively defend our personal, data and financial assets. The Caribbean Cyber Security Center (CCSC) has a proven track record of accurately predicting the threats that will face the Caribbean and beyond over the next year. Being safe from the attacks of the ever present cyber threat from a public safety, national security / law enforcement and economic development perspective will not get any easier in 2015. Our certified and experienced team uses access to advanced threat intelligence, work in the field, as well as the overall global threat landscape to predict the most likely threats to your critical data
Ministers, Permanent Secretaries, CEOs, CIOs and the public at large, including our children, need to know what threats we will face in 2015 and how to defend against them. Arming ourselves with this information: on how to protect ourselves, will be critical from a personal safety, national security /law enforcement and economic development perspective. This article focuses on the top threat areas we in the Caribbean must be aware of in order to defend against them. We will explore the dangers that lurk within organisations, mobile malware threats, the sophistication of attacks, cyber terrorism and cyber espionage. With that said, the CCSC 2015 predictions are as follow:
The level of sophistication of attacks will continue to increase, which will make identification, detection and remediation harder for systems administrators who are using yesterday’s training and methodologies to address the new targeted threats. Organisations that continue to run Windows XP software, which cannot adequately detect and protect their information assets, and obsolete software will make their systems easy targets for hackers and cyber criminals as the level of vulnerabilities and exploits are high and easily available. Mail and Web servers fitting this profile will add to an already forecasted increase in website defacements. In these environments several variants of crimeware like cryptolocker will be rampant and many will be left with money missing from their bank accounts and unplanned downtime.
We strongly recommend security testing be included in the software development life cycle for new software, upgrades to legacy software and web applications development. Nobody builds from scratch anymore; most developers use interface modules to create the full solution. This methodology, while delivers new services and functionality quickly, unfortunately, security is still not built into most development cycles. Every application, every integration is another opportunity for risk. Flaws in the old code, including legacy proprietary code and open-source code will open up major data breaches in divergent applications because the code was never properly vetted by third parties before or after integration. Security testing before roll out will save many organisation the downtime, cost and embarrassment associated with a security breach due to a lack of security testing of all interfaces and applications.
Retail cyber attacks
With millions of dollars just there for the taking, retail cyber-attacks seeking credit card data are likely to continue in 2015. However, we predict a decline in the growth on a global scale but an increase in the Caribbean as security measures such as Chip and PIN technology are mandated internationally. As a result, the cyber criminals will shift their focus to the Caribbean. In a region with a low level of security and the length of time commercial banks take to migrate to international security measures, it will be the perfect opportunity for digital pirates to wreak havoc on our bank accounts and credit cards. ATM scams, phishing scams and the like, which target bank accounts and credit card data will rise and finally force Caribbean financial organisations to raise their security policies.
There will be an increase in the number of bank customer being exploited in online scams promising new jobs, commission for distributorship of a new product, and payment for assistance in accounting and wire transfer transactions. The unsuspecting victim will be forced to repay large sums of monies they have wired or transferred to parties overseas which were first stolen from compromised bank accounts. The illusion of receiving an additional salary for what is seen as little or no work will be too compelling to resist. Many have fallen victim already and more are predicted as the state of the economy, plus the basic need for persons to attain additional income, will drive many down the wrong path.
Mobile malware will complicate the threat landscape by reaching an all-time high as hackers and fraudsters continue to develop ways to gain access to our confidential data. While the data on the devices might be of little value on the black market, mobile devices will be targeted for credential-stealing to be used at a later date. In other words the mobile devices will be used as the conduits to the cloud and private networks. As more organisations use various kinds of mobile devices to access their data, we will see cyber criminals going after the mobile device.
Other ICT-facilitated crimes
Crimes associated with exploitation of our children, human trafficking, illegal drugs, gun smuggling and pornography will continue to use information and communication technology to execute these crimes. Therefore an integral part of all investigations will highlight the need for appropriate legislation, trained investigators and prosecutors. Criminals will continue to uses social media and professional networks to perpetrate these crimes making it more difficult for law enforcement to keep these criminals at bay.
Cyber terrorism and warfare is rampant on the global level and Caribbean governments need to ensure that there is an appropriate plan to address nation-state hacking and adversaries wielding computers as weapons in the future. Remember it does not require nation-state funding to take advantage of current tools to create destructive malware for targeted attacks. Be wary of Trojan gifts as we embark on the one laptop per child initiatives in the region. In addition, cyber espionage tends to be from countries with forecasted high economic growth to protect and advance their growing position.
Our 2015 predictions for the Caribbean is a litmus indicator of where we are now, and what we need to do proactively to defend and protect our personal safety, national security and economic development throughout the year. Ready or NOT!!! This is not a storm that is hovering in the Atlantic Ocean that we can wait and hope it moves to the north or south or even downgrades. The reality is that some organisations are already compromised and will feel the effects of this evolving digital threat in the coming weeks and months. The lack of preparedness for this threat will lead to Caribbean governments and private sector organisations being battered by an increasing range, type and frequency of attacks which demand an appropriately sophisticated response by those charged with cyber defense.
Mr. Deon Olton, a UWI graduate and Certified Ethical Hacker has worked with LIME, FLOW and Barbados Shipping and Trading (now Neal and Massy). He is also the co-Founder, of the Caribbean Cyber Security Center, and as CTO, he is responsible for developing proactive plans to address the growing cybersecurity threats to the Caribbean region’s economies.
Image credit: www.perspecsys.com; Deon Olton