FINAL WORD
Steve Grobman, Chief Technology Officer
for McAfee
and industry strategies improve to counter
them. Attackers will adjust to target less
traditional, more profitable ransomware
targets, including high net-worth individuals,
connected devices and businesses.
The pivot from the traditional will see
ransomware technologies applied beyond the
objective of extortion of individuals, to cyber
sabotage and disruption of organisations.
This drive among adversaries for greater
damage, disruption, and the threat of greater
financial impact will not only spawn new
variations of cybercrime ‘business models’
but also begin to seriously drive the expansion
of the cyber insurance market.
“While much about the motives behind
WannaCry and NotPetya are still debated,
the use of pseudo ransomware is likely
to continue, partly due to the ease with
which as-a-service providers can make
such techniques available to anybody with
the means to pay,” said Raj Samani, Chief
Scientist and head of McAfee Advanced
Threat Research. “Such attacks could be
sold to parties seeking to paralyse national,
political and business rivals, which raises
perhaps the biggest, unavoidable ransomware
question of 2017: Were WannaCry and
NotPetya actually ransomware campaigns
that failed in their objectives to make
significant revenue? Or perhaps incredibly
successful wiper campaigns?”
104
INTELLIGENTCIO
Serverless apps will save time and reduce
costs but they will also increase attack
surfaces for organisations implementing
them. Serverless apps enable greater
granularity, such as faster billing for services.
But they are vulnerable to attacks exploiting
privilege escalation and application
dependencies. They are also vulnerable to
attacks on data in transit across a network,
and potentially to brute-force denial of
service attacks, in which the serverless
architecture fails to scale and incurs
expensive service disruptions. guidelines are not yet well defined or
enforced, and where the user interface is so
personally engaging that children and their
parents do not consider the consequences of
creating content that corporations could use
and potentially abuse in the future.
Function development and deployment
processes must include the necessary
security processes, scalability
capabilities must be made available, and
traffic must be appropriately protected by
VPNs or encryption. In the corporate world, McAfee predicts
that the May 2018 implementation of the
European Union’s General Data Protection
Regulation (GDPR) could play an important
role in setting ground rules on the handling
of both consumer data and user-generated
content in the years to come. The new
regulatory regime impacts companies
that either have a business presence in EU
countries, or process the personal data of
EU residents, meaning that companies from
around the world will be compelled to adjust
the way in which they process, store, and
protect customers’ personal data. Forward-
looking businesses can leverage this to set
best practices that benefit customers using
consumer appliances, content-generating
app platforms and the online cloud-based
services behind them.
Connected home device manufacturers
and service providers will seek to overcome
thin profit margins by gathering more of
our personal data – with or without our
agreement – turning the home into a
corporate store front. Corporate marketers
will have powerful incentives to observe
consumer behaviour in order to understand
the buying needs and preferences of the
device owners. Because customers rarely
read privacy agreements, corporations will be
tempted to frequently change them after the
devices and services are deployed to capture
more information and revenue.
McAfee believes that there will be regulatory
consequences for corporations that make
the calculation to break existing laws, pay
fines, and continue such practices, thinking
they can do so profitably.
Corporations collecting children’s
digital content will pose long-term
reputation risks. In their pursuit of user
app ‘stickiness’ corporations will become
more aggressive in enabling and gathering
user-generated content from younger users.
In 2018, parents will become aware of
notable corporate abuses of digital content
generated by children and consider the
potential long-term implications of these
practices for their own children.
McAfee believes many future adults will
suffer from negative ‘digital baggage’
user content developed in a user-app
environment where socially appropriate
In a competitive app environment where
‘stickiness’ easily becomes ‘unstuck’ the
most enterprising, forward-looking apps and
services will recognise the brand-building
value of making themselves a partner with
parents in this education effort.
“The year 2018 could well be remembered
most for how we finally started to
tackle data protection and for whether
consumers truly have the right to be
forgotten,” said Vincent Weafer, Vice
President at McAfee Labs.
“The large-scale gathering of personal
information and user generated content
opens consumers up to the risk of data
misuse, abuse, and even compromise.
Irresponsible service providers can
overindulge in the gathering and
monetisation, allowing user privacy to be
carried away by market forces, data to
be compromised, and user reputations
threatened years into the future.
“GDPR makes 2018 a critical year for
establishing how responsible businesses
can pre-empt these issues, respecting users’
privacy, responsibly using consumer data and
content to enhance services, and setting limits
on how long they can hold the data.” n
www.intelligentcio.com