Large organizations with deployments of IoT security cameras, DVRs, and sensors will be especially impacted by ransomware's pivot from the desktop to IoT, says IBM Security's Caleb Barlow.
In 2017, there was a massive amount of ransomware attacks targeting corporate systems. In 2018, those attacks will shift to target Internet of Things (IoT) devices. TechRepublic's Dan Patterson met with IBM Security's vice president of threat intelligence Caleb Barlow to discuss the consequences of IoT-based ransomware attacks.
Now that people have internet-connected devices in everything from dishwashers to cars, we're more likely to see those devices locked up by ransomware, Barlow said. These devices are often highly vulnerable, and there is also a lot of information available on how to exploit the vulnerabilities.
"We suspect next year we'll start to see larger scale attacks in the IoT space," he said.
SEE:Enterprise IoT Research 2017: Benefits, Trends, and Security Concerns(Tech Pro Research)
System administrators need to understand the inventory of where these IoT devices are located, what they are connected to, and how to update them. With any device that connects to the internet, "we need a way to update it in real time over the wire, and if we don't have that we should really question why we should use it," he said.
Barlow's other 2018 predictions include:
- Africa will emerge as a cybersecurity powerhouse. There will be new forms of cyberattacks, and Africa will be added to the world stage of cyberplayers. Barlow reported IBM's intelligence team has seen a lift in actors coming from Africa, as well as attacks landing in Africa.
- Cybersecurity will transition into an artificial intelligence (AI) vs. AI fight-- meaning defenders will use AI to defend their systems, while adversaries will use AI to find the holes in those systems.
- Data firms will move away from using personal identifiers as forms of access. Immutable data such as a person's social security number, date of birth, or mother's maiden name will no longer be used as forms of access because of the large amount of people who had their personal records hacked in 2017.
- How to build security into your company's IoT plan (TechRepublic)
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- How CXOs should plan their approach to IoT (Tech Pro Research)
- The Internet of Things: 10 types of enterprise deployments (ZDNet)
- 3 inexpensive steps to secure IoT (TechRepublic)