menu-close
search-icon
banner

Category Archives: IoT

Don’t miss this critical cybersecurity requirement

70 percent of information security leaders miss this critical cybersecurity requirement

According to a recent survey by an information security magazine, over 30 percent of unintentional data compromises can be traced to a ‘C’ level employee.

What else could you be missing?

Targeted attacks on supply chains connected with various sectors rose significantly in the last 8 months, according to various research firms. And this is just the tip of the iceberg as these findings relate to existing threats or threats that have been identified.  There could be many new ones lurking in the Dark Web and elsewhere.

Most information security leaders tend to ignore the potency of unknown threats. This is because the security architecture in most enterprises and projects doesn’t permit adequate versatility to understand and identify latent threats to deal with them.  The problem is compounded by security practices based on restrictive network activities at the perimeter rather. This means that a threat that somehow manages to trick the perimeter-based security mechanism is free to wreak havoc inside the core network.

Unfortunately, even the compliance mandates that are prevailing in various countries also fail to encourage businesses and other entities to look into emerging threats through a combination of insights, forecasts, and sheer imagination.

Besides, thanks to the increasing diversity of processes and devices, it is easy to lose track of baseline cybersecurity requirements with every increase in surface area. No matter what your network architecture, industry, or level of security sophistication, gaps could arise during periods of transition, capacity expansion, or infusion of new technology.

Essential cybersecurity nestworks

The addition of IoT exponentially amplifies the threat factor. In another survey, over 70 percent of cybersecurity practitioners reported some level of unfamiliarity with threats that emerge in converged environments spanning IT, OT, and IoT.

Unfortunately, these converged environments represent the event horizon – a vista that presents infinite possibilities for hackers, malware developers, and threat actors to exploit.

Converged environments needn’t be your organizational Achilles heel. Instead, such environments can be harnessed for testing new tech and workflows to improve efficiency, data analytics, and insights as also improving your cybersecurity posture and providing depth to your cyber resilience strategies.

Subex Secure  - IOT/OT Cybersecurity Solutions

Connect with natalie.smith@subex.com to learn how you can join 30 percent of leaders who have successfully addressed this threat.

Read our latest threat landscape report here to learn about cyber threats you need to know about.

Proof: How we helped a leading manufacturer improve their cybersecurity posture and avoid such threats

Cybersecurity is key to a successful 5G strategy

5G brings forth new opportunities and threats. While the opportunities are more or less understood, the threats. While new virtualization technologies including software-defined networking (SDN) and network functions virtualization (NFV) are drawing attention and investment, there is no denying that they have raised new security concerns owing to their highly open, flexible, and programmable nature.

Cybersecurity for 5g strategy

Director Chris Krebs from the Cybersecurity and Infrastructure Security Agency (CISA) calls 5G “the single biggest critical infrastructure build that the globe has seen in the last 25 years”–an assessment that isn’t hyperbolic, given the new networks promise to revolutionize everything from IoT, to augmented reality, to farming, while also creating a whole host of new security challenges.

This underscores the importance of 5G security and the need to understand and manage it early. Enabling technologies such as robotics, IoT, IIoT, large scale automation and AI come with a huge dependency on 5G. For projects in these domains to succeed, 5G has to deliver value securely. Sacrificing value for security or sacrificing security for value are not the recommended options. A laser-sharp focus on cybersecurity aligned to outcome priorities is the way forward.

Here are a few points to ponder in this regard. These points were culled from a presentation made by Subex at the “Enterprise 5G: The Edge of Innovation “event in October.

  • 5G innovation within the enterprise space is an area witnessing plenty of action from a strategy and roadmap perspective
  • 5G is secure by design but as the data moves closer to the endpoint, the level and control of security oversight thin out. There was broad consensus on deriving ways in which different players in the market can collaboratively engage to secure the 5G ecosystem
  • What are the challenges in deploying 5G with legacy systems? Though 5G will continue to evolve there may be networks and systems that will still be on traditional networks bringing forth generational security challenges to the fore
  • The new revenue models that 5G will generate will propel massive IoT adoption
  • The success of 5G innovation will have a force multiplier effect on solving various challenges across verticals

Plenty of unknowns will be uncovered as we move forward with the deployment of newer and more robust sub-networks that rely on 5G. We need to be prepared.

In case you want to know more about strategies and solutions to deal with the cybersecurity challenges posed by sequestered 5G deployment, generational vulnerabilities, and cybersecurity innovation for 5G, Natalie Smith will be happy to assist you. Do reach out to her at natalie.smith@subex.com

You can also download a complimentary whitepaper we have prepared for fine-tuning your 5G cybersecurity strategy below.

Download Whitepaper Here!

Pandemic era cybersecurity: types of cyberattacks organizations must be aware of

When the year began, few businesses and cybersecurity vendors had imagined the extent to which the cybercrime landscape globally would deteriorate. Subex’s threat research team had started seeing a clear increase in targeted cyberattacks. We, therefore, decide to call out this trend and in early March, we came out with our first advisory.

The cyberattacks that saw a spike in the last 180 days emerged in two distinct waves. The first wave included more actors, malware, variants of malware, and geographies and was designed to exploit the confusion created by the Covid-19 pandemic. The second wave had lesser moving parts, was more organized, and in many ways built upon the success of the first wave.

Type of Malwae Cyber Attacks

 

From our analysis, the second wave of attacks is still gathering momentum and will continue for at least another 65 days. We expect the attacks to slow and move into reconnaissance mode after that.

Key trends

  • Cyberattacks on Chinese interests globally and in China rise 230 percent
  • The majority of the attacks on China are emerging from just 4 countries
  • Attacks on datacenters and utility firms increase the most
  • Phishing attacks continue to rise
  • Most attacked regions – NA, South-East Asia and the Middle East
  • Attack on pharmaceutical manufacturing companies; increasing rogue activity detected; targets include attempted batch and recipe changes as also operational disruptions to reduce the production capacity
  • Variants of NotPetya are being discovered across manufacturing firms
  • Coronavirus-themed attacks evolve
    The second wave of the Coronavirus-themed attacks grew more specific and potent towards mid-May. Chatter on the Dark Web and closed-door forums picked up indicate that there were many successful breaches in the last 90 days with many firms giving in to the demands of the hackers by meeting the ransom demand placed by hackers. Regional, businesses in Europe handed over the maximum amount in ransom to hackers followed by South East Asia and the Middle-East.
  • In terms of frequency, at least one ransom was paid every 43.2 hours by some company somewhere. In some instances, APT groups in Pakistan, Russia, Iran and some other countries were also involved in multi-stage ransomware attacks. So why have APT groups resorted to monetizing their cyberattacks? One probable reason could be because in the aftermath of Covid-19, many governments have shrunk their black ops/cyber offense budgets and this must have hit the APT groups in countries that were already under sanctions, starved of funds for their cybercrime operations. It seems that some of these countries have authorized monetization of cyberattacks to keep the operations sustainable and to prevent erosion of cyber strike and malware development capabilities.
  • A threat actor based in Somalia/East Africa launched as many as 700,000 attacks in a just under four days and walked away with a huge bounty in ransom. This group seems to have used stolen credentials available on the web along with compromised apps inadvertently installed by victims. This group targeted oil and gas companies in the Middle East.
  • While deflective attacks on critical infrastructure came down this quarter, the attacks on this segment kept on rising. While the initial half of the second wave of attacks on critical infrastructure used Covid-19 themes to a large extend, the latter half of attacks used more targeted messaging and tactics.

IoT and OT cybersecurity solutions and strategies are definitely the need of the hour.

Read more about these threats and security challenges in the latest edition of our Threat Landscape Report for Q2, 2020

How IoT Security Impacts the Telecom Industry

According to our in-house research and published information obtained from research firms, telecom service providers including MVNOs and M2M connectivity providers suffered the highest volume of breach of sensitive customer information through DNS attacks. With the addition of the Internet of Things, data security takes a whole new level of significance for connectivity service providers.

In the last two years, many IoT and critical infrastructure projects involving telcos have been impacted by issues related to loT Connectivity Security leading to delay in project outcomes or projects being abandoned altogether.

This has had a clear impact on the margins of telcos as well since many of these were proof of concept projects that could theoretically have led to an increase in the number of endpoints on their network, increased data consumption, and direct revenue as a result of connectivity and managed services.

It is not just the revenue alone but the credibility and erosion of the enterprise customer base that telcos are staring at. With the emergence of other connectivity options such as satellite-based connectivity service providers, even the marketplace relevance of telcos is threatened.

It is no surprise therefore that telcos are now paying more attention to the machine to machine or M2M security practices, IoT security solutions, and cybersecurity postures that are aligned towards offering better security and assurance to customers. Telcom IoT security has therefore come into prominence like never before.

As the world battles a pandemic, there is another battle going on in parallel. Many enterprises and telcos have reported a surge in Coronavirus themed attacks designed to lure employees into downloading potent malware and application manipulation objects. This threatens telecom networks in a big way and telcos need to adapt their security posture to contain and eradicate this threat. Key elements of this change could include:

  • More focus on early detection and containment of suspicious activity and rogue devices
  • Use a Zero trust approach when it comes to enabling access to network resources
  • Work on segmenting networks or rather micro-segmenting them to prevent lateral movement of malware
  • Sensitize employees and all stakeholders to align them towards heightened awareness of cybersecurity
  • Invest in identifying threats across the spectrum including emerging ones
  • Deploy a cyber resilience strategy that prevents disruption

telcos cybersecurity

Monetizing cybersecurity has been a holy grail of sorts for telcos. On the one hand, they have to deal with meeting their security needs while on the other they have to also ensure that the deployments hosted on their networks are also secure and cyber resilient.

Recently, a leading mobile virtual network operator was able to not just monetize cybersecurity, but also use it as a vector to deepen their existing relationship with premium customers. The result – a significant increase in additional revenue. What’s more, they were also able to stay protected against malware that impaired some of their competitors and their large customers. The average savings per breach ranged from USD 250,000 to over a million. These numbers are rising as the threat environment continues to deteriorate.

The gains lodged from strengthening the profitability of key relationships – priceless. Subex Secure is powering this endeavor.

You can read this unique case study here.

IOT / OT Cybersecurity Company

To know more about Subexsecure’s offerings and to schedule a demo, call: +91 80 6659 8700

Click here to know more about how Subexsecure has been working with telcos across the globe to secure the IoT initiatives adopted by their customers.

Why cybersecurity can be a source of innovation for IoT projects

An interesting survey finding came my way almost a year ago that revealed that as much as 80 percent of projects falling in the Internet of Things domain didn’t utilize their data in its entirity. This means that most of the projects are configured to churn data that is futuristic in nature and may not be of much relevance to the stakeholders in the short run. This leads us to an interesting question. Can this huge volume of data being generated be put to some use after all?

There are various reasons why there is an overflow of data in such projects. The most agreeable one is that business owners are often pre-occupied with the need to get their hands on information that can justify their investments in such projects and in the process ignore data streams that cannot be monetized or deployed to improve efficiency, productivity or preventive maintenance practices. Such a myopic view can indeed lead to value stagnation in the long run for such projects.

A Spanish company had deployed a set of temperature sensors across its offices to monitor the ambient temperature. The data showed the existence of islands of significant temperature variation across floors. The company didn’t invest any time or resources in determining how such differences affect the productivity of employees or outcomes of meetings. Yes it would need a stretch of effort to figure this out but then its not impossible.

In another instance, a well-known retailer in South-East Asia is currently accessing information on supply chain efficiency across various points in the chain using IoT. However, this entity is still ignoring information on ambient weather conditions that are also collected alongside the data gathered by various sensor and device configurations. Again the weather information in this instance could be correlated with supply chain efficiency to determine the best weather conditions for movement of goods and supplies as also to avoid conditions that might adversely impact movement.

There are many such examples of businesses ignoring data already available to further their business interests.

Linking cybersecurity

IoT is one of the few enabling technologies that still have a long way to go when it comes to cybersecurity. Often times, proof of concept projectsrun without security coming into the picture in any form or manner. The capital and resources invested in the project are thus rendered vulnerable to a possible cyberattack. A sizeable one could lead to the project being shelved complety – a possibility that is not just a remote possibility but is happening more often than it should.

Given the significance that security entails,

Cybersecurity could be considered as an avenue for innovation. There is no reason why businesses shouldn’t be thinking and acting this way. Let me elaborate. For one, cybersecurity is all about doing more with all the data available. It is also about getting deeper into data to determine how and why data is behaving the way it is (is it under the influence of malware or has it been subject to some form of compromise?).

Attention to data for purposes of cybersecurity can yield remarkable results. It can make decision makers aware of the quantum and content of data that they are drawing from sensors and devices and therefore put it to better use. Financial services entities and retailers can take the lead in this arena. By making businesses delve deeper into data patterns, organizations are rendered more data-sensitive thereby opening avenues to better use and deploy data. And this could enable competitive differentiation and innovation across the enterprise.

Data awareness could also reduce the rate of failure of proof of concept projects. It could lead to customer delight as well when used in the right way to give actionable data and insights. A large aircraft manufacturer recently found out the hard way how ignoring basic data could be a perilous endeavor. The lesson, therefore, is clear and apparent.

Cybersecurity, when viewed as an enabler of innovation, could also lead to greater investments in time, attention and resources in securing enterprises. This holds good for all businesses irrespective of their size, maturity or market addressed.

To read the latest State of IoT Security reports

Download now!

IoT poised to transform healthcare

Among the sectors where the Internet of Things is offering a non-conventional way to address traditional challenges, healthcare stands out not just in its uniqueness but also in bearing significant potential to positively transform the quality of life of citizens. As the use cases increase, so does the scope for IoT to do more and this is just a beginning. In the days to come IoT will bring in a drastic reduction in healthcare administration costs, improve the efficacy of medicines and improve our ability to identify and isolate disease vectors well before they reveal their darker side.

Healthcare is a vast ecosystem. IoT has already made deep inroads into applications such as remote patient monitoring, clinical trials, pharma administration, personal healthcare, drug testing, insurance, robotics, smart pill cases, and treatment. Preventive healthcare is another area where IoT is helping. IoT enabled wearables are providing real-time data on every individual’s health enabling physicians to diagnose early warning signs of disease and administer medication or other interventions before it turns into a major risk to the person’s health.

With evolving technology and improving connectivity (with the arrival of 5G) and personalization of medical attention, it will be possible to do a lot more with IoT. For instance, data on responses to a certain medicine (collected and analyzed anonymously) will enable doctors to derive the exact dose to be given to the patient to ensure maximum drug efficacy. Smart jars will also remind patients to have their medicines on time and in the right dosage. This will help prevent misuse of vital medicines such as antibiotics.

Smart pills add a unique dimension to IoT. Smart pills, or simply digital pills, are medications prescribed to patients and come with edible electronic sensors that dispatch wireless messages to devices like patches, tablets or smartphones that reside outside the body when ingestion of these pills.  Since this technology will allow patients and doctors to track their drug regimen compliance, increasing patient adherence, it could lead to savings to the tune of $100 – $300 billion annually in the US alone.

Adoption challenges

Storing, securing and managing data are aspects that still pose a challenge to widespread IoT adoption in the sector. In addition, there are reliability and security issues with data alongside the lack of infrastructure and training among providers. This is because there are providers who lack the infrastructure to harness and analyze data even when it flows freely. Another issue is the cost of wearables. It is still not cheap enough for it to be used widely by populations in rural areas.

Security is still a key concern for the whole eco-system. With a diversity of devices, communication flavors, storage options, through fare networks, every aspect brings in its own security challenge. Since patient data is involved in the form of healthcare records or treatment efficacy, there are many entities and individuals out there who would want to get their hands on this data. Healthcare devices could also be highjacked to be used as conduits to launch larger Distributed Denial of Service attacks on other networks.

With so much data floating around in the networks, privacy issues have already come to the fore. Groups are suggesting that with smart pills, for instance, a surveilled compliance scenario would emerge and the doctor or the pharma company may end up receiving and hoarding more data than necessary.

The road ahead

The challenges that IoT brings forth should be measured against the benefits that it delivers. Overall, it is now becoming increasingly difficult to view healthcare minus IoT interventions in varied aspects. As these interventions get bigger and the benefits expand, the challenges will also be addressed. For a country like India that is trying to bring affordable healthcare to the masses, IoT is more than a game changer. What changes is not just affordability but also the availability of timely medicare. The savings in terms of replacing traditional and more costly alternatives are alone for India to give more attention to IoT.

India will definitely enable the emergence of many interesting use cases.

Cyberattacks grew 26% on India’s IoT deployments

India has been attracting complex cyberattacks for a while now. Hackers are using a mix of complex malware, social engineering and hit and run tactics to target various facilities and IoT deployments here. In the last quarter alone, cyberattacks on the country registered a 26 percent increase and some unique samples of malware were isolated by our threat research team.

Mumbai, Delhi and Bangalore were the most attacked cities and hackers are looking at monetizing attacks while creating large scale disruption. They are also working to overload defense mechanisms in order to prevent early detection and mitigation of these attacks.

The IoT Security Report for India for the third quarter (July-September) of the calendar year 2019, highlights the continuing attention that hackers are paying to IoT and OT installations in India. The report notes attacks, attack techniques, sectors drawing attacks and the various types of malware used to attack smart cities, defense projects, manufacturing entities, retailers and other entities using IoT or OT in the country. Download this report to find out how the threat environment in the country is evolving.

To read the latest State of IoT Security report for India

Download now!

Securing mobile edge computing

Mobile edge computing or Multi-access Edge Computing (MEC) – is a network architecture that enables cloud computing to be performed at the edge of a mobile network. Currently, many applications manage their online computations and content storage on servers far away from the devices and the end user. MEC brings those processes closer to the user by integrating with the local cellular base stations.

Multi-access edge computing is based on the principle that offering processing capacity at the edge of the network offers significant application benefits especially in responsiveness and reliability. MEC enables faster and flexible deployment of new applications and leads to lower latency — and better performance — for local applications and data when compared with centralized data center resources.

Businesses that run multiple applications that entail high volumes of data with low latency such as IoT gateways in healthcare, retail etc., will find MEC quite appealing. It is going to be a key enabler for connected cars, autonomous vehicles and industrial IoT. Edge computing will help autonomous vehicles achieve higher levels of situational awareness by merging information gathered and processed at the edge and through AI/machine learning. In such areas, even a millisecond delay can make a huge difference. Autonomous vehicles, for instance, cannot wait for information stored to be processed in the cloud (even if it only takes 200 milliseconds) to make a critical decision.

The MEC market is expected to range anywhere between USD3-9 bn by the year 2022. Start-ups will find a new world of opportunities coming their way through MEC. The convergence of connectivity and compute power and the resultant context awareness at a node will lead to services and content being customized to a new level. Wearables, smart homes, utilities and transportation are expected to drive business. All these are segments that hold great potential for start-ups to capitalize on.

As the industry evolves, and the eco-system becomes more enabling, entry barriers are expected to ease. Hyper localization a significant need from a content delivery and a last mile user perspective is enabled with lesser latency. With the content delivery networks or CDNs coming closer to the user, localized content such as area maps can be delivered faster and with more detail to a user. A CDN is a system of distributed servers (network) that deliver pages and other Web content to a user, based on the geographic locations of the user, the origin of the webpage and the content delivery server. Till now, CDNs were in datacenters far away from the user.

On the security and safety front, MEC will enable a new level of surveillance and monitoring as surveillance and video analytics can be done much closer to the source. This also means that the data available to decision makers will be much closer to real-time.

In an industrial environment, MEC can improve safety levels by giving real-time information on heavy equipment, machinery, vehicles and environmental factors. MEC will also improve the response timings in case of an accident or an emergency by enabling first responders to reach ground zero and locate the affected people faster.

In the entertainment vertical, Augmented Reality and Virtual Reality require faster response with the least possible latency. MEC makes that possible. It is expected that many new VR and AR-based games will be released once MEC becomes a commonly used technology.

Challenges

Lack of standards around MEC is one factor that might slow down adoption of MEC. Many organizations are currently working in parallel on evolving competing standards around MEC focusing on various aspects. With data being stored and processed at a local node the possibility of attacks at that level also increase as a new attack surface emerges. These challenges are being addressed and there are strategies and solutions available to secure MEC and its users.

All said and done, MEC is nothing short of a revolution in the works. Beyond bringing the web and allied services closer to users, it will also usher in a new era of user experience and engagement. The opportunity is clearly on the horizon it is now up to the eco-system players to ramp up their game to hasten adoption without compromising on security in any manner.

Rising importance of IoT in the Indian manufacturing sector

According to a leading analyst firm, by the end of next year, 30 percent of our interactions with technology will be through conversations with smart machines. The manufacturing sector has already taken a lead in this direction by deploying high levels of automation and enabling data exchange across the board. Factories have been turned into smart factories and shop floors have become safer, productive and innovative, and this is just the beginning as there is still a long road to tread as we move forward on this innovation superhighway.

Industry 4.0 as it is popularly referred to relies on several key technologies including autonomous robotics, simulation, horizontal and vertical system integration, the Industrial Internet of Things(IIoT) and cybersecurity. These technologies are transforming manufacturing like never before and are poised to bring in efficiencies, productivity enhancements, safety and sustainability. Such technologies are also generating unique use cases in India as well, meeting the unique challenges that we have see her so far.

Industrial IoT is set to transform the Indian manufacturing landscape as well. Manufacturers here are already using IoT for tracking assets, increasing equipment efficiency, preventive maintenance, supply chain management and more. Proof of concept projects are also running in various areas as manufacturers try out the best possible combination of technologies, processes, human intervention and outcomes.

Use cases

A large manufacturer in Maharashtra is using IIoT to streamline its supply chain. Its factories have a huge vendor footprint spanning multiple cities across the country and abroad. Cargo coming in has to be synched with production schedules and delivery commitments to customers. Thus the whole process has to be orchestrated with precision. Every bit of cargo is tracked till it reaches the warehouse from where the production teams takeover. The shop floor is also IoT enabled with devices tracking the position of each employee and machines sharing data such as temperature, speed of various components, production efficiency, movement of carousel etc.

Another manufacturer is using IIoT to manage equipment health. Each equipment shares data on its current state, state of inputs and essentials such as oil and variables influencing its performance at an optimal level. This data is monitored from a central hub from where help in the form of maintenance staff can be dispatched at short notice if required. Since this entity operates in a precision environment, manufacturing a critical component for a defense hardware manufacturer, the data is also shared with the client as part of an agreed compliance process.

In other cases, IIoT is helping ensure safer working environment for employees, cleaner production environment, preventing industrial espionage and more.

Why is it important?

The Indian government has made “Make in India” initiative a priority. The goal is to strengthen India’s manufacturing prowess while providing a nurturing environment for Indian and international manufacturers to manufacture here. For Make in India to succeed, Indian manufacturers need to manufacture more efficiently, cost effectively and deploy all-round innovation to stay competitive. Industrial IoT will help do that. By streamlining supply chains and processes, reducing operational costs, improving safety and environmental conditions in the workplace, manufacturers can afford to focus more on improving competitiveness and on business strategies while IIoT strengthens their ability meet quality norms and other criteria.

The significance of IIoT should also been seen in the context of the competition Indian manufacturers are facing from entities located in other parts of the world such as South-East Asia. Embracing IIoT will give Indian manufacturers a clear competitive advantage. Also, with norms around pollution and clean manufacturing tightening due to countries voluntarily adopting international protocols, the onus will shift to manufacturers to prove that they comply and are following green and sustainable manufacturing processes and norms. IIoT can also help here as it can give manufacturers clear and precise data to facilitate intervention-oriented decision making to improve production and reduce practices that could cause strain on the environment.

IIoT can not just transform our manufacturing sector but also serve as a strong platform for adoption clean, safe and environment friendly manufacturing processes. It is now up to the sector participants to embrace IIoT and work towards integrating it with their supply chains, processes and manufacturing methods. All said and done, IIoT will be a strong ally for Indian manufacturers to succeed on a global stage.

Cybersecurity trends for 2019 in the Latin America region

From Buenos Aires to Rio de Janeiro, cities all over South America are today using Internet of Things(IoT) to improve the lives of its citizens. Sensors in Brazil now warn of gas leaks before they become dangerous. Smart technology is everywhere, enabling city organizations to proactively alert people about traffic conditions, inclement weather, and other hazards.

It wont be an exaggeration to say that the region is getting ready for an IoT boom. According to a report by the Evans Corporation this year, South American developers are particularly keen on developing IoT technology; 60 percent of developers are planning IoT projects and 22 percent are already executing on them. But as more and more sensors and devices are connected to the internet, cyber criminals gain more opportunities to leverage unattended vulnerabilities. IoT botnets have the ability to compromise and leverage thousands of these devices to wreak havoc.

2018 saw a range of attacks on IoT infrastructure. Wicked, OMG Mirai, ADB.Miner, DoubleDoor, Hide ‘N Seek and Mirai-Variant IoT Botnets were widely seen in cyberattacks around the world. VPNFilter malware was behind the largest attack of the year with over half a million devices infected across over 50 countries in a single episode.

2019 will see hackers go after data with increased zeal. This include highjacking devices as part of Advanced Persistant Threat attacks and using them to gain access to sensitive data and IP which could be held for ransom. The sectors that will attract maximum attacks in South America include oil and gas, infrastructure, utilities, defense and retail. Attacks bearing a geo-political motive are also expected to increase this year.

Regional hackers have figured out that businesses are more willing to pay ransoms to prevent such data from being published online or on the dark web. This they are working to target devices and networks to pilfer data and record conversations of value.  Another tactic gaining currency is data poisoning wherein inaccurate information is fed into decision making systems to disrupt large systems.

Publishing zero-day vulnerabilities without taking the vendor into confidence or giving them reaction time to patch devices creates a unique advantage for hackers as they can take advantage of such vulnerabilities to create widespread damage.  This trend will persist in 2019 albeit with vendors turning more cooperative, lesser instances will come to the fore.

With more businesses using bots to log data in CRM\ERP or other business management software, the data accessed by such bots is becoming more critical with each passing year. By spoofing identity, hackers can gain access to critical systems and then use such bots to exfiltrate data and since most of these bots are today working with very less monitoring, an attack could theoretically last months or even years, if they go undetected.

As geo-political faults expand, cyberwarfare has turned deadlier. Today actors sponsored by nation states are investing in AI-based offenses to harass their adversaries. Geo-political attacks are now targeting critical industrial systems, utilities, smart devices, renewable energy farms, offshore oil rigs and more. With agencies finding it difficult to suppress information on such attacks from leaking out into the mass media, hackers are getting more aggressive as the impact of their work becomes more visible, monetarily rewarding and discussed.

Sectors such as banking and financial services, healthcare, oil and gas and retail will continue to attract attention from hackers in 2019. The attacks will get more sophisticated and the attack signature will turn even paler as hackers use newer tactics and strategies to breach networks.

On the response front, as this article is being written, we are clearly seeing cybersecurity being addressed through “codes of practice” and “guidelines”. The government of California has openly come out with its resolve to make businesses do more towards securing their infrastructure and others will follow in 2019. What is still missing is a coordinated effort to address the problem at hand. Cybersecurity will remain a half-hearted battle till all stakeholders join hands and launch a coordinated effort to curb the menace.

Globally, cybercrimes cost $600 in damages in 2017. No nation is rich enough to afford such a huge loss individually or collectively. Instead if this money were to be deployed for improving healthcare, generating employment and in improving civic infrastructure, the magnitude of the loss becomes more apparent.  Hopefully 2019 will be the year where we see more coordination between stakeholders. Such a collaboration is inevitable if we are to see lasting progress in the war on cybercrimes.

Get Started with Subex

Schedule a Demo
close slider




I consent to receive communications from Subex Limited. Confirm Opt-In