DOROS HADJIZENONOS, Country Manager of Check Point South Africa, gives his security predictions for the coming year.
A year in cybersecurity can seem like an eternity. But despite the rapid changes, many things remain constant. Check Point’s top three predicted security threats for 2015 were the rapid growth in unknown malware, in mobile threats, and in critical vulnerabilities in commonly used platforms (Android, iOS and others). These were fully realised, and are likely to remain a significant threat. The cat-and-mouse game that has typified cybersecurity in recent years continues, with hackers constantly finding new ways in which to attack networks – as this year’s high-profile breaches at Anthem, Experian, Carphone Warehouse, Ashley Madison and TalkTalk showed.
Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked or breached. But by anticipating the next wave of threats, we hope to help businesses stay on top of the evolving tactics and exploits that criminals will use to target them. So here are ten IT security threats and trends that I expect we will see during 2016.
‘Sniper’ and ‘shotgun’ malware
We believe that larger breaches in 2016 will be the result of custom-designed malware designed to get past the defences of specific organisations, such as the attack on US retailer Target. While generic, broad-brush attacks will continue to threaten individual users and small enterprises, hackers will raise their game when attacking larger organisations with more sophisticated security postures. They will use deeper, more sophisticated phishing and other social engineering tricks to gain access to the data that they want.
Moving to mobile
Mobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. Our 2015 Security Report found that 42% of organisations had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise. This year has also seen several high-profile mobile vulnerabilities emerge, including Certifigate on hundreds of millions of Android devices and XcodeGhost, the first major malware infection targeting non-jailbroken iOS devices. We expect to find more major mobile vulnerabilities in the next year.
In the ongoing battle between hackers and security professionals, attackers are increasingly deploying more sophisticated, custom variants of existing malware and zero-days that can bypass traditional sandboxing technology. These new attack vectors require more proactive and advanced solutions that catch evasive malware. CPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
Attacks on critical infrastructure
In December 2014, a steel mill in Germany was hit by hackers who accessed the plant’s production network and caused ‘massive’ damage. Also, the US Department of Homeland Security that ‘Havex’ Trojan infections had compromised industrial control systems in over 1,000 energy companies across Europe and North America. Attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes. And as control systems become increasingly connected, this will extend the potential attack surface – which will require better protection.
IoT and smart devices
The Internet of Things is still emerging and is unlikely to make a big impact in 2016. Nevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT. The key questions users need to ask is ‘where is my data going?’ and ‘what would happen if someone gets hold of this data?’ A year ago, we discovered a flaw in SOHO routers worldwide that could allow hackers to hijack the router to launch attacks on any devices connected to it – and we will see more of these vulnerabilities in connected devices.
You wear it well
Wearables like smartwatches are making their way into the enterprise, bringing with them new security risks and challenges. There are a number of security concerns about data that is held on smartwatches, or that wearables could even be used by hackers to capture video and audio via mobile remote access Trojans, so organisations that permit these devices need to ensure that they are protected with encryption and strong passwords.
Trains, planes and automobiles
2015 saw the emergence of car hacking, in which the vehicle’s software is hijacked to take control of it. In July, Fiat Chrysler recalled 1.4 million Jeep Cherokee vehicles in the US after security researchers found that they could be hacked via the connected entertainment system. With modern cars featuring more gadgetry and connected systems than ever before, we need to apply protection to these in-car systems – and the same applies to the complex systems in passenger aeroplanes, trains and other forms of public transport.
Real security for virtual environments
Virtualisation has been adopted rapidly in the enterprise over recent years, whether it’s through SDN, NFV or cloud computing. Virtualised environments are complex and create new network layers, and it’s only now that we are seeing a real understanding of how to secure these environments. As organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
New environments, new threats
2015 has seen the launch of a number of new operating systems, such as Windows 10 and iOS 9. The bulk of enterprise attacks in recent years have been on Windows 7, since adoption of Windows 8 was relatively low, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to trying to exploit these new operating systems where updates are more frequent and users are less familiar with the environment.
Security consolidation – keep it simple!
To protect against multifaceted threats, security professionals are likely to increase their reliance on centralised security management solutions. With large enterprises having a plethora of different security products on their network, consolidation offers a way of reducing both complexity and cost. Having many point products and solutions quickly becomes unmanageable and can actually impede, rather than improve security, so consolidating security provides an effective way to cut complexity and make for easier management, so that new threats don’t get lost in the gaps between systems.
Huawei Mate 20 unveils ‘higher intelligence’
The new Mate 20 series, launching in South Africa today, includes a 7.2″ handset, and promises improved AI.
Huawei Consumer Business Group today launches the Huawei Mate 20 Series in South Africa.
The phones are powered by Huawei’s densest and highest performing system on chip (SoC) to date, the Kirin 980. Manufactured with the 7nm process, incorporating the Cortex-A76-based CPU and Mali-G76 GPU, the SoC offers improved performance and, according to Huawei, “an unprecedented smooth user experience”.
The new 40W Huawei SuperCharge, 15W Huawei Wireless Quick Charge, and large batteries work in tandem to provide users with improved battery life. A Matrix Camera System includes a Leica Ultra Wide Angle Lens that lets users see both wider and closer, with a new macro distance capability. The camera system adopts a Four-Point Design that gives the device a distinct visual identity.
The Mate 20 Series is available in 6.53-inch, 6.39-inch and 7.2-inch sizes, across four devices: Huawei Mate 20, Mate 20 Pro, Mate 20 X and Porsche Design Huawei Mate 20 RS. They ship with the customisable Android P-based EMUI 9 operating system.
“Smartphones are an important entrance to the digital world,” said Richard Yu, CEO of Huawei Consumer BG, at the global launch in London last week. “The Huawei Mate 20 Series is designed to be the best ‘mate’ of consumers, accompanying and empowering them to enjoy a richer, more fulfilled life with their higher intelligence, unparalleled battery lives and powerful camera performance.”
The SoC fits 6.9 billion transistors within a die the size of a fingernail. Compared to Kirin 970, the latest chipset is equipped with a CPU that is claimed to be 75 percent more powerful, a GPU that is 46 percent more powerful and an NPU (neural processing unit) that is 226 percent more powerful. The efficiency of the components has also been elevated: the CPU is claimed to be 58 percent more efficient, the GPU 178 percent more efficient, and the NPU 182 percent more efficient. The Kirin 980 is the world’s first commercial SoC to use the Cortex-A76-based cores.
Huawei has designed a three-tier architecture that consists of two ultra-large cores, two large cores and four small cores. This allows the CPU to allocate the optimal amount of resources to heavy, medium and light tasks for greater efficiency, improving the performance of the SoC while enhancing battery life. The Kirin 980 is also the industry’s first SoC to be equipped with Dual-NPU, giving it higher On-Device AI processing capability to support AI applications.
Read more about the Mate 20 Pro’s connectivity, battery and camera on the next page.
How Quantum computing will change … everything?
Research labs, government agencies (NASA) and tech giants like Microsoft, IBM and Google are all focused on developing quantum theories first put forward in the 1970s. What’s more, a growing start-up quantum computing ecosystem is attracting hundreds of millions of investor dollars. Given this scenario, Forrester believes it is time for IT leaders to pay attention.
“We expect CIOs in life sciences, energy, defence, and manufacturing to see a deluge of hype from vendors and the media in the coming months,” says Forrester’s Brian Hopkins, VP, principal analyst serving CIOs and lead author of a report: A First Look at Quantum Computing. “Financial services, supply-chain, and healthcare firms will feel some of this as well. We see a market emerging, media interest on the rise, and client interest trickling in. It’s time for CIOs to take notice.”
The Forrester report gives some practical applications for quantum computing which helps contextualise its potential:
- Security could massively benefit from quantum computing. Factoring very large integers could break RSA-encrypted data, but could also be used to protect systems against malicious attempts.
- Supply chain managers could use quantum computing to gather and act on price information using minute-by-minute fluctuations in supply and demand
- Robotics engineers could determine the best parameters to use in deep-learning models that recognise and react to objects in computer vision
- Quantum computing could be used to discover revolutionary new molecules making use of the petabytes of data that studies are now producing. This would significantly benefit many organisations in the material and life sciences verticals – particularly those trying to create more cost-effective electric car batteries which still depend on expensive and rare materials.
Continue reading to find out how Quantum computing differs.