Cyberattack Predictions: Are We Getting Them Right?
In 2015, it seemed no one was safe from hackers. The year began with Sony reeling from a hack that put the studio and celebrities such as Seth Rogen and James Franco in a web of geopolitics and extortion. Seven months later came the high-profile Ashley Madison hack, which resulted in the release of the email and physical addresses for 37 million users. Cybercriminals stole $1 billion from banks in 30 countries as part of the Carbanak hack. Even the Director of the CIA wasn’t safe – his AOL email account was hacked by someone claiming to be a high school student.
And that’s only a drop in the bucket compared to the many, many cyberattacks of 2015.
Were experts able to predict these cyberattacks? Which ones came out of left field? We compare the predictions to the attacks to see who is getting cyberattack predictions right.
Attacks the Experts Predicted
There were many things the experts saw coming. Here are a few of them.
- More Attacks on Banks
Kaspersky Security predicted more attacks on cash machines and point-of-sale systems. Wired anticipated more bank card breaches. Other security experts predicted financial service companies would continue to be tempting targets for cybercriminals.
They were all correct. In 2015, attacks on the financial sector were up 84 percent from the previous year, which was the greatest increase in any sector. As earlier mentioned, the cybercriminals behind the Carbanak hack alone made off with $1 billion, but it was far from the only attack on financial companies. While this was a stunning hack, it’s interesting to note that not all attacks on banks are motivated by stealing money. Eighty-three million JPMorgan Chase customers had their personal data stolen.
- Nation-State Attacks
At the end of 2014, it was revealed the NSA and its partnering spy agency in the UK had hacked a partly state-owned Belgian telecom, so it’s no surprise many experts expected more nation-state attacks in 2015.
Even though governments don’t always broadcast when they have been victims of a cyberattack, we know enough to know this prediction came true. There were a number of high-profile attacks in 2015, such as when Russia reportedly attacked a French broadcaster. Plus, the FBI recently warned that government networks are continuing to be the target of sophisticated cyber espionage.
- Exploiting the Supply Chain to Launch Attacks
While large companies and companies with sensitive user data may be well aware of the need for stringent security, the third-party contractors they use don’t always have the necessary security measures in place.
As a result, many experts predicted hackers would increasingly use third-party contractors to hack into companies’ data. Booz Allen Hamilton named this the number one security risk to financial services firms in 2015.
Sure enough, Walmart Canada, the Army National Guard, and Louisville Metro were among the diverse victims of third-party security breaches in 2015.
They could have learned a lesson from JPMorgan Chase – in 2014, the bank used a contractor to build and maintain a charity website. Hackers found a vulnerability in that site, and used it to access usernames and passwords for more than 76 million households. That’s a lot of sensitive data to have out there, just because appropriate due diligence wasn’t done when choosing a third-party vendor.
Predictions that Didn’t Materialize
The experts got a lot of things right, but they missed the mark on a few, too.
Notably, Kaspersky thought we would see more attacks via the Internet of Things (IoT). As more and more objects are connected to each other, it makes sense that a refrigerator or a smart television could be the weak link providing hackers access to sensitive personal data. To hack businesses, unprotected hardware like printers that connect to business networks could be valuable targets.
But we have yet to see a serious attack accomplished through the IoT. But it’s worth remembering that although this prediction didn’t materialize in 2015, it doesn’t mean it never will. The more connected devices become, the more attractive entry points like toasters and thermostats may be. It’s possible we will see this type of attack this year, or some other time in the near future. According to Wired, “... 2015 was the year of proof-of-concept attacks against IoT devices, 2016 will be the year we see many of these concept attacks move to reality.”
Keep an eye out.
Attacks No One Predicted
Then there were attacks that no one saw coming. Who could have predicted that a hack on a dating site would receive more attention than any other hack?
Yet the Ashley Madison breach went straight to the top of newspapers globally and inspired many late-night comedians and talk show hosts. More than 32 million users had their email addresses and account details made public.
Many experts have made predictions for 2016. In January, Wired identified the following as security threats:
- More backdoors. Only a month after Wired wrote their predictions, Apple went public saying the FBI wanted them to build a backdoor for their iPhones. Expect more to come on this front.
- Chip-and-PIN innovations.
- More extortion hacks. This prediction has also been made by Kaspersky, so watch out for this one.
Kaspersky’s 2016 security bulletin suggests that, “Perhaps the scarcest commodity in the current internet age is trust.” Consumers see constant headlines about devastating hacks, and it is not a leap to suggest these leaks erode their trust and make them suspicious.
Companies will have to make an extra effort to show consumers they can be trusted.