London, 14 December 2017 – Researchers at Airbus’ external Cyber Security business have compiled their top technology predictions for 2018, based on trends identified at its Security Operations Centres in France, UK and Germany during 2017.
Prediction 1: A lack of social media security policies will create serious risks for enterprises
As observed during 2017, social media platforms are regularly being used for the spread of fake news or the manipulation of public opinion. But social media can also be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise. Criminals and hackers are known to use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.
Markus Braendle, Head of the Airbus CyberSecurity business: “Social media provide the medium for connecting people globally, in the rapid exchange of ideas, discussions and debates in our digital world. However, from an attacker’s perspective, social media have become an easy target because of the number of non-cyber security savvy users, and the fact that these platforms are easy and cost effective to use. To protect themselves against social media attacks, organisations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.”
Prediction 2: Attacks on Wireless networks will escalate
Attacks on Wireless networks will increase as attackers seek to exploit the Key Reinstallation Attack (KRACK) vulnerability, first made public in October 2017.
The vulnerability can allow an attacker to intercept and read Wi-Fi traffic between devices and a WiFi router, and in some cases even modify the traffic to inject malicious data into websites. It could also allow attackers to obtain sensitive information from those devices, such as credit card details, passwords, chat messages and emails.
Braendle continues: “We can expect to see an escalation of attacks over public or open WiFi connections, and in turn, an increased security provision by organisations that offer such services to their customers. Such attacks may be particularly damaging for people using old devices that are no longer supported by vendors, making them an attractive target for cyber criminals. These threats may also trigger an increased use of Virtual Private Networks (VPN) by the most security conscious users.”
Prediction 3: Encryption will continue to represent challenges for law enforcement
Concerns about data privacy, the increasing use of cloud computing, an increase in data breaches and the introduction of General Data Protection Regulation (GDPR) will all contribute to the emergence of End to End Encryption (E2EE) as the most effective way for enterprises wishing to secure their data. But E2EE will also represent some challenges to law enforcement as criminals continue to use this technique for espionage and subversion.
Braendle continues: “When weighing up the cost of any security solution, it’s important to consider the financial impact of suffering a security incident. After General Data Protection Regulation (GDPR) comes into effect, organisations could be fined up to 4% of their global turnover in the event of a data breach – so the cost of any solution must always be viewed in relation to the risks involved.”
Airbus is a global leader in aeronautics, space and related services. In 2016 it generated revenues of €67 billion and employed a workforce of around 134,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats and business aviation products. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as one of the world’s leading space companies. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
About Airbus CyberSecurity
Airbus CyberSecurity, a unit of Airbus Defence and Space, provides companies, critical national infrastructures and government and defence organisations with reliable, high-performance products and services to detect, analyse and respond to increasingly sophisticated cyber attacks.