Professor Richard Benham, chairman of the National Cyber Management Centre, has given a severe warning: “A major bank will fail as a result of a cyber attack in 2017 leading to a loss of confidence and a run on that bank.”
Cyber security will undoubtedly be the dominant theme of 2017, as all tech innovations could be undermined by data thefts, fraud and cyber propaganda.
In November last year, hackers stole £2.5m from 9,000 Tesco Bank customers in a raid the UK’s Financial Conduct Authority described as “unprecedented”.
And the more connected the world becomes – think connected cars, smart homes, sensor-laden cities – the more opportunities for hackers to break into the system and wreak havoc.
“The internet of things (IoT) and industrial internet of things (IIoT) will play a larger role in targeted attacks in 2017,” says Raimund Genes, chief technology officer at cybersecurity company Trend Micro.
“These attacks will capitalise upon the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as we saw with Mirai.”
The firm also predicts that throughout 2017 criminals will continue renting out their ransomware infrastructures – the tools that enable hackers to break in to your system, encrypt all your data, then demand a ransom to decrypt it.
Hackers can achieve the same result by knocking out your website or factory control systems in a DDoS [distributed denial of service]attack – flooding your computer servers with so many requests that they cease functioning.
And hackers are not just interested in stealing data and making money from it, warns Jason Hart, chief technology officer in charge of data protection at Gemalto, a digital security company. They’re altering it, with potentially dire consequences.
“It’s scary, but data integrity attacks have the power to bring down an entire company and beyond; entire stock markets could be poisoned and collapsed by faulty data.
“The power grid and other IoT systems, from traffic lights to the water supply, could be severely disrupted if the data they run on were to be altered,” he says.
As well as poorly-secured devices, gullible humans will continue to be targeted, with so-called “business email compromise” fraud continuing to reap rich rewards for criminals, experts predict.
Simply tricking employees in to transferring funds to criminals’ bank accounts is lo-tech but surprisingly effective, with Trend Micro reporting that the average payout in the US was $140,000 (£114,000) last year.
“Cyber criminals are targeting human vulnerabilities,” says Prof Benham. “Millions is being spent on technology, but nothing on awareness training.”