The world becoming increasingly connected through technology benefits consumers and businesses in many ways but with that also comes risks of data breach, theft, and abuse. The more we rely on technology these days, the more we become exposed to cybercriminals who can inflict both virtual and physical damages.
For businesses, their financial, legal, and brand health are threatened by security shortcomings. In the public sector, modes of transportation and facilities such as airplane, automobile, and gas stations can be derailed using controlled Internet-facing devices.
From a financial standpoint, data breaches often affect businesses in three ways—cost of stolen data, cost of recovery, and possible reparations for affected customers. According to the 2015 report from the Ponemon Institute, the average cost for a data breach is USD 3.79 million. The average cost for each stolen or lost record with sensitive data is USD 154 million. In a related recent study by Trend Micro, it was determined that 25% of data breaches are caused by hacking or malware and the most affected industry is the healthcare sector, accounting for more than a fourth of all breaches (26.9%) this past decade (second was the education sector (16.8%) followed by government agencies (15.9%), then the retail industry with 12.5%). The stake is higher for bigger multinational companies as cybercriminals increase the cost of their attack based on the capabilities of the organization.
Security comes with harsher legal implications not just for the violators but for the users to reinforce a proactive approach. In the United States, the Federal Trade Commission (FTC) regulates the cybersecurity practices of businesses. The FTC closely watches how companies secure their data and will reprimand those who fail to meet standards.
Cybersecurity gaps can damage the reputation of an organization. The Ashley Madison data breach tarnished the image of the company to the point where the CEO of its parent company had to step down. This cost the company’s plan for an IPO.
As the Internet of Things advances, smart devices or innovations that are used for public-facing technologies can be exploited, potentially causing virtual and physical destruction. Public transportation such as car and planes, and public utilities such as gas stations can become targets.
To test the security of automated gas tank systems in the United States, Trend Micro, in one of its researches, used a custom honeypot called GasPot to determine how several attackers are abusing the system and which targets they prefer. In this research, Trend Micro found out that automated gas tanks are popular for attackers. Physically tampering with gasoline tanks is dangerous in itself and a simple spark can set everything on fire. Imagine how riskier it is if a hacker can manipulate the equipment remotely and make one of the tanks overflow.
Security investigations reveal that smart systems in cars can be accessed remotely to interfere with its functionality including life-critical ones like the brake. It was reported that Jeep Cherokee, through the car’s public IP address, can be hacked and controlled by another person miles away. BBC reported that even data sent by digital audio radio signals can intervene with a car’s functionalities.
In a Trend Micro’s research that involved SmartGate System which allows drivers to access their car’s data such speed and fuel using their smartphone (first introduced by Škoda Auto in its Fabia III cars), it was determined that any attacker can read more than twenty parameters and even lock out the owner of the car from the SmartGate system. All the attacker needs to do is to stay within the SmartGate’s in-car Wi-Fi range (which is wide by default), identify the car’s Wi-Fi network, and then break the password. The Wi-Fi range could be even wider if the attacker is using a superior antenna.
Cybercriminals can also hack planes’ systems. Recently, LOT, a Polish airliner, confirmed that its 10 planes with roughly 1,400 passengers were grounded as an effect of a major digital hacking that congested the carrier’s system.
Strategic partnerships prove to be vital in formulating immediate and long-term resolutions to combat cybercrimes. Trend Micro aided law enforcement agencies in taking down two notorious botnets that were heavily involved in full-scale cybercriminal operations—SIMDA. Trend Micro worked closely with INTERPOL and provided information such as the IP addresses of the affiliated servers and statistical information about the malware used, which led to the disruption of the botnet activities.
Moving forward, how can organizations stay protected on their own terms? Aside from being proactive, extra-cautious, and running information and education campaigns inside their organization, businesses can leverage on modern-day security solutions. Trend Micro Deep Discovery, a threat protection platform, can help organizations respond to today’s targeted attacks in real time. It provides advanced threat protection where it matters most. Deep Discovery is made up of four key solutions that will help detect, analyze, adapt, and respond to attacks.
For more information on Trend Micro, visit www.trendmicro.com. To read Trend Micro’s complete Q2 2015 report, please be directed to this link:
http://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/a-rising-tide-new-hacks-threaten-public-technologies. A blog post regarding the report can also be viewed here: http://blog.trendmicro.com/a-rising-tide-new-hacks-threaten-public-technologies/.
