The Way Hackers Will Try To Attack Businesses In 2017

By Mary Ann Yule

Picture this. You’re sitting in your office gazing out the window when something catches your eye—a drone. You watch it a few minutes and then quickly return to work. It all seems innocent enough, but what you didn’t notice is the small hacking device mounted to the drone. In the brief time you watched it, a hacker used that device to remotely load malware onto one of your company’s smart light bulbs. In just the blink of an eye that malware spread from one light bulb to the next and so on, wirelessly, based on physical proximity alone.

That’s exactly the scenario researchers from Dalhousie University in Nova Scotia, Canada and Israel’s Weizmann Institute of Science recently proved was possible when they delivered a worm via drone to a Philips Hue smart lamp.
These findings underscore a very important point. Today’s hackers are extremely innovative and adaptable.

Every time businesses implement increased security measures, hackers evolve and find new, more creative ways to attack. The more connected the world becomes thanks to the Internet of Things (IoT), the easier it is for hackers to prey on security vulnerabilities.

For Canadian businesses, where the average cost of a data breach is just over 6 million dollars, the best defence is a strong offence. Being aware of any potential security vulnerabilities is critical to mitigating or even preventing a cyber-attack. Here’s a look at some security threats business leaders need to be aware of in 2017:

The drones are coming

With the ability to be flown autonomously or via remote control, drones are a prime target for either being hacked or providing the delivery mechanism in an attack. By using them to hack into a single smart office device, a hacker could easily facilitate targeted physical and logical attacks. Those attacks might involve holding a company’s smart devices hostage for ransom, or using one smart device as an entry point into corporate networks. Regardless, securing all web-connected end-point devices are essential to mitigating this risk.

The Internet of Things to hack

In today’s office environment, any number of IoT devices may be used, whether a smart board, printer, thermostat, and even video conferencing cameras. If not properly secured, these connected devices can offer hackers a gateway into corporate networks.

Unfortunately, many end-point devices are overlooked.

According to recent internal data HP Inc. commissioned from IDC Canada, in which 150 Canadian IT security decision makers were surveyed, 55 per cent of participants reported security breaches which involved a printer. Almost all included documents thought to contain sensitive or private information. Last year’s high-profile hacking of printers which subjected students and faculty at Vancouver’s Simon Fraser University to hate literature, is just one case in point.

And printers aren’t the only devices on the hacker’s radar these days. Increasingly popular wearable devices like fitness trackers and smart watches are also a target when worn in the office environment. As researchers from the University of Toronto showed last year, these devices have a number of security vulnerabilities. Because they communicate unencrypted information to other systems, hackers can use them to indirectly connect to business networks. Any information the wearable is exposed to becomes free to exploit for the hacker.

Mitigating the threats to end-user devices such as printers or notebooks requires end-point security featuring mechanisms which prevent data theft of unencrypted data – whether at rest or in non-sanitized disposed storage. Additionally, consider using only IoT devices with strong device security and authentication technology to guard against credential theft.

As for wearables, protecting the connection between personal and corporate systems demands a strong device management policy, policing to ensure employee adherence to that policy and both antivirus and endpoint security.

Visual hacking can happen away from the ATM too

People make mistakes; they leave their computer screens open or put their passwords on sticky notes. Employees might also be working remotely from the local coffee shop and have someone looking over their shoulder to collect valuable company data useful in a future hacking attempt.

This is referred to as “visual hacking” and is not easy to protect against. It’s also an extremely effective strategy used by some hackers.

According to Ponemon’s Global Visual Hacking Experiment report, 91% of global visual hacking attempts are successful in obtaining sensitive information.

Educating employees and ensuring they adhere to basic security procedures and policies is key to overcoming this threat. This might include guidelines on setting up strong passwords and changing them regularly; implementing a clean desk policy and mandating employees use a password manager and close computers when leaving their desk.

Most effective, however, is the use of privacy screen technology built directly into a notebook’s display screen. Privacy screen technology currently exists in notebook devices which ensure users can see the content while in front of their screen, while minimizing what others can see from the sides.

Road rage

Comprised of 30 to 100 electronic systems that communicate with one another, connected cars are basically computer systems on wheels. Once hackers gain access to one system, they can quickly take over others. Last year, Chinese researchers did just that to one of the best-selling electric cars—the Tesla Model S—remotely controlling its braking system, door locks, side-view mirrors, sunroof, trunk, and more. That poses a major security risk for businesses using connected cars to offer business/consumer services or manage fleets and logistics. A hacker could use it as an entry point to corporate networks and to take control of business data.

One way to mitigate this threat is through the use of Multi-Factor Authentication (MFA). Similar to the concepts that protect other end-point devices, MFA is a security system whereby more than one method of authentication from independent categories of credentials is used to verify a user’s identity.

Cyberattacks are costly and becoming increasingly frequent in business environments. Hackers are shifting toward new techniques like “visual hacking” and targeting end-point devices because they are quick and easy attacks that can lead to big monetary rewards.

Business leaders need to arm themselves with the knowledge they need to root out security vulnerabilities and foil attacks before they occur.

Mary Ann Yule is President at HP Canada.