Prepare for a new wave of cutting-edge cyber attacks linked to emerging technologies like networked IoT devices. Deloitte vice chairman Paul Sallomi explains how hacks are evolving in the terabit era.
Are you ready for terabit-size cyber attacks? Professional services firm Deloitte recently released its annual technology, media, and telecommunications (TMT) report. The research predicts that the rise of the cloud, powerful mobile devices, and the Internet of Things is intrinsically coupled with large-scale hacks.
Innovation, the report confirmed, has helped companies scale business quickly and cut costs. "With many technologies coming into their own as their power and speed increases and the cost of delivering them goes down, [expect to see] these platforms grow exponentially and expand their role across industries, creating a whole new value proposition and opportunities," the report said.
Innovation has also ushered in a new era of high-scale digital threats, the company said. Founded in 1845 Deloitte is one of the four largest professional services companies in the world. Along with competitors PricewaterhouseCoopers, Ernst & Young, and KPMG, the firm provides enterprise-grade business products like accounting, auditing, financial advice, and industry-specific strategic consulting. In 2016 Deloitte grossed $36 billion in revenue from clients including Boeing, Apple, Microsoft, Adobe, Starbucks, Berkshire Hathaway, and Best Buy.
The firm's pedigree and access to business giants gives it a privileged perspective on the technology market. The broad study highlights top business technology trends, forecasts emerging markets and innovations, and warns of potential disruptions and threats.
Cybersecurity is a major concern for companies in all business sectors and dovetails with most emerging tech trends, said Deloitte vice chairman and global TMT lead Paul Sallomi. "There are various kinds of cyber attacks, many of them growing this year," he said.
SEE: Three ways encryption can safeguard your cloud files (Tech Pro Research)
Deloitte warns that companies large and small, nonprofits, and government organizations should all prepare for a tsunami of digital crime to accompany the next wave of innovative tech. Though IoT could soon be a trillion-dollar market, the escalation of the denial of service threat correlates directly with the growing number of IoT devices with, the report said, "the online availability of malware methodologies ... [which] allow relatively unskilled attackers to ... launch attacks, and access to ever higher bandwidth speeds." Cyber attacks could average terabit (Tbit/s) scale per month and over 10 million attacks in total.
In response, biometric security like fingerprint scanners is a rapidly growing market. Over a billion mobile devices are currently equipped with biometric components. With the rapid pace of access and adoption of this technology, the challenge is to determine which additional applications could use fingerprint readers and other biometric inputs to provide rapid and secure authentication," the report said.
READ: Killer KPI's For Professional Services (TechRepublic white paper)
IT-as-a-service could help companies cut costs while combatting cyber attacks. Outsourced IT functions could be a $550 billion global industry by 2018, up from $361 billion last year. "It's not just about developing new technology, but how this technology is procured that is set to transform how we live and work," the report concluded.
Sallomi spoke with TechRepublic about how cyber threats in the terabit era are transforming business.
Can you explain how cyberattacks have changed in the so-called "terabit era"?
Although spear-phishing is a significant threat, we decided to focus on distributed denial of service (DDoS) attacks for [the 2017 report]. DDoS has been a threat for years, so that's not new. But the scale and frequency of attacks is unprecedented. Deloitte predicts that there will be on average one terabit per second attack per month in 2017, with more than 10 million attacks of all sizes during the year, up more than 20% compared to 2016. DDoS attacks flood sites or servers with fake traffic—increasingly from botnets of insecure IoT devices—that prevent legitimate customers from getting through. Payments, retail, and streaming video are all relatively more vulnerable. Reasons for the increased expectancy of large scale cyber attacks are the growing installed base of unsecured IoT devices, higher than ever bandwidth availability, and the emergence of many malware technologies that do not require highly skilled attackers.
READ: Professional Services on the Brink of Disruption (TechRepublic white paper)
Can you explain the emerging IT-as-a-service trend?
IT-as-a-service is a market-wide business model transformation trend that disrupts traditional asset intensive or Capex-based business models and replaces them with more flexible Opex-based business models. In the past, most enterprises owned their IT infrastructure, leading to large investments in data centers and software and causing limited operational flexibility. Challenges in keeping up with product improvements and growth needs have also often resulted in lower customer satisfaction. IT-as-a-service, also known as flexible consumption, allows technology companies to bill their customers for the use of their products and services as needed.
How large is the biometric security market and why is it important?
The biometric security market was worth about $10 billion in 2016 but is growing rapidly: Some estimates are looking for it to be $24 billion by 2021. There are many biometric tools and sub-markets, but when we look at smartphones and tablets, the most effective near-term technology is the use of fingerprint readers to unlock these devices and the applications residing on them. Deloitte predicts that the active base of fingerprint reader equipped devices will top 1 billion ... this year, generating more than 10 trillion aggregate presses.
Why so big? Two factors: More and more people have phones with effective and reliable fingerprint readers on the devices, and more and more people are willing to actually use the readers as part of their daily lives. In the U.S., 43% of smartphone owners have fingerprint readers on their devices, and 72% of those who did, use the reader regularly! By the end of the decade, fingerprint reader security will be ubiquitous, and more than 40% of smartphone and tablet devices will be equipped with fingerprint recognition. The exponential growth is driven by [biometric reader's] ability to provide rapid and secure ways to access [their devices], relative to other means, like passwords. Other means of biometric security, like voice recognition, iris recognition, and face scanning, will have limited adoption relative to fingerprint readers, with only 5% of mobile devices using these technologies for authentication.
SEE: Cybersecurity in 2017: A roundup of predictions (Tech Pro Research)
What are the key strengths and weaknesses of biometric security?
Biometric security in the form of fingerprint readers is being adopted for a variety of reasons. Fingerprint readers provide rapid and secure access to devices and applications relative to passwords, which are often forgotten and hard to input in mobile devices. In addition, setting up biometric fingerprint security is easy to do, usually taking less than 30 seconds. Critically, the technology works much better than it used to, and it has lost any stigma it may have once had. As adoption by consumers increases, more and more apps and websites will incorporate that functionality in their products and solutions, driving further adoption. At one time, fooling the fingerprint reader (spoofing) was relatively easy; current state of the art readers are much harder to spoof.
SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)
While fingerprint biometrics is considered secure, as any other security measure, it can be breached as we have seen in a number of popular movies. The fingerprint data is stored on the device in a secure element, but anything can be compromised. Combining different layers of security—password, fingerprints, iris scan, voice patterns—may be the best way to fully protect highly sensitive information.
What IoT cyber threat trends are not yet mainstream but on your radar?
Internet of Things is poised to generate large volumes of data, deliver valuable business insights, and potentially to capture significant economic value. But it also introduces substantial new cyber security risks. The risks come from having a large number of "smart" devices now connected and sharing information. More data, and more sensitive data, accessible across a broad network of interconnected stakeholders could pose significant dangers if compromised. Two risks specific to IoT are sensor related risks and ecosystem related risks.
How should SMBs and enterprise companies manage cybersecurity mitigation?
I would suggest that any enterprise, at any scale, needs to consider two key factors: First, what cyber risk is being created by their actions as a business, for example, as part of their course of operations to grow shareholder value and market share? Second, what are the cyber risks faced by the company from relevant adversaries? Using [these points] as a foundation, enterprises should craft appropriate strategies that reduce their attack surface, for example, by simplifying their infrastructure, limiting the sensitive data they collect and store, and implementing effective leading practices related to the management and operations of their network, systems, data, and third-party ecosystem. They should also consider where third parties might afford stronger cyber protections than they might be able to as an enterprise.
- Experts predict 2017's biggest cybersecurity threats (TechRepublic)
- Poll: What new cybersecurity trends will dominate 2017? (TechRepublic)
- 2017 cybercrime trends: Expect a fresh wave of ransomware and IoT hacks (TechRepublic)
- Gallery: The 10 biggest business hacks of 2016 (TechRepublic)
- Interview with a hacker: Gh0s7, leader of Shad0wS3c (TechRepublic)
- Five essential cybersecurity audiobooks (TechRepublic)
- Five essential cybersecurity podcasts for IT professionals (TechRepublic)
- Cyberwar: The smart person's guide (TechRepublic)
- How to safely access and navigate the Dark Web (TechRepublic)
- IT Security in the Snowden Era (ZDNet)
- Russia's role in political hacks: What's the debate? (CNET)