Four Disruptive Hacks to Come in 2015
While out in Maryland to talk security with a few government contractors, I realized I was stopped at the intersection of “Snowden River Parkway” and “Broken Land Drive.” The Parkway is named for a Revolutionary War sea captain and not Edward, the thorn in the side of the U.S. government. The coincidence and irony from the intersection of Snowden River Parkway and Broken Land Drive weren’t lost on the handful of security architects and CISOs I talked with later that day in nearby Fort Meade.
It’s with this backdrop of Snowdens in a “Broken Land” that I’m presenting our take on potentially disruptive security challenges for 2015. A few of the business and security leaders at PKWARE put together a broad list of hacks, threats and breaches we felt could happen this year if businesses don’t make ample updates and process changes. From the four I’ve posted below, the influence of the Sony data disaster at the end of last year can’t be understated. It exposed the entry points, depth of damage and ranging interests from an exposure of internal communications and IP. More broadly, it showed everyone from disgruntled employees to rogue nation states that they could grab hold of the spotlight in front of a vast audience with criminal actions that weeks later result only in hazy culpability.
Here are four disruptive data security boondoggles we see as very likely to happen this year.
Air Traffic Loss of Control:Infrastructure and transportation have been infiltrated by penetration testers and shady agents for years. Few sectors are so reliant on antiquated tech than air traffic control systems, both in the U.S. and abroad. From your hair gel to your belts, there is so much invested in physical security at airports and by airlines. This same industry is reliant on technological protection from scanners running on unsupported and outlandishly old operating systems. The airline industry has been a target for threats since as long as planes were in the sky. A hack of a major hub’s passenger or plane info could show off a new type of airline terror. But even something more benign would be a big blow to the industry. Heck, we were complaining about a Chicago airport’s mile-long passenger security checkline when things were running normally during the holidays.
Spygate 2.0: Major sports franchises will do anything to get a leg up. So might their frenzied fans. There’s plenty of cash and attention on sports, which led us to see a well-known franchise as the next victim of a disruptive hack. With every team touting a “Moneyball” approach to big data and analytics, it doesn’t seem outlandish that they’d be ripe for an insider willing to share details – for a price. Or maybe a crazed fan doesn’t want to see their rival’s QB play the championship game … couldn’t a few tweaks to test result data provide damning problems for that player and their team?
Big Pharma’s Bitter Pill: The pharmaceutical industry spends millions of dollars on drugs, many times without any idea of they’ll have an end product or a desperately desired health remedy. Bad actors manipulating trial data or spilling unique plans – maybe even for a rival – could be one of the huge data thief stories of 2015.
Open Espionage: One of the big takeaways we had from Sony was the potential for a well-known, fiscally impressive brand name to be knocked down a few pegs. Put that together with dated security practices and a few grumpy employees and you’ve got the plot to more than the next hacker blockbuster. Forget about breaches, the bad guys are already in with admin rights. We see information from a leader of a massive company put in front of them as blackmail. This could happen in public at one of the many file sharing sites. Or it could happen in direct communications between execs and a hostile entity. But if word gets out, it could send stocks and reputations tumbling – and set a dangerous new low for corporate espionage.
In a follow-up blog, we’ll take on a few more security trends we see unfolding from the technical perspective. I promise, they won’t be all as doom-and-gloom as those above. I’m speaking for more than just my fellow “geeks” when I say there are some exciting and truly wild technological changes that may roll out in the coming months. (Oh, and feel free to add any industry predictions of your own in the comments below).
The battle of Midway ... Airport?