Cyberattacks are evolving. . . so must cybersecurity
If the past few years have told businesses anything, it’s that cybersecurity issues are not going to go away. Hackers, and the methods they use, are getting smarter. There are now more ways than ever for cybercriminals to exploit precious data and use it as a digital weapon. Big Data, while bringing positive disruption to business and society, has made it harder for organisations to keep track of information. So, what should organisations (and everybody else, for that matter) look out for in the next wave of cyber compromises?
1. Machine learning
According to a report by Webroot, 87 per cent of cybersecurity professionals use machine learning to predict and identify cybercrime. However, machine learning has also become a valued tool for hackers themselves. For example, artificially intelligent software can be used to automate the collection of information to get hold of data faster. It can also apply situational data to make it easier to crack passwords. Cybercriminals and cybersecurity professionals are locked in a constant game of technological cat and mouse.
2. IoT vulnerabilities
By 2020, Gartner forecasts that the Internet of Things will comprise over 20bn connected things. The IoT promises to make our lives easier, tying devices together so that they work in tandem. Unfortunately, unless every node within connected networks can be properly protected using endpoint validation and appropriate firewalls, each one is a potential point of entry for cyber attackers. The bigger the network, the bigger the risks. Hacking into a network of connected things could provide access to critical public services like water systems. Instead of damaging a single organisation, attacks aimed at IoT infrastructures could bring entire ecosystems to their knees.
3. Cybercriminal sophistication
Cyberattacks are maturing quickly, becoming more and more sophisticated. Cybercriminals can now combine a variety of techniques including social engineering, malware, and ransomwear to compromise or manipulate digital information. There are so many different types of cyberattack – phishing, vishing, and smishing to name but a few – that it’s almost impossible to keep up. This, though, is exactly what organisations must do. In a survey of 500 senior IT professionals in the financial and public sectors, Invotra found that 79 per cent of public sector participants saw data security as their greatest priority for 2018. Building up ‘cyber resilience’ against a barrage of attacks will require organisational coherence, as well as multi-layered defences.
4. Nation state hackers
Withstanding a security breach from a group of experienced hackers is difficult enough, but imagine if an organisation had to contend with the resources of a state backed cyberattack. Unfortunately, nation state hackers are becoming more prevalent as governments look to gather military and political information. Last year, it was alleged that hackers supported by the Russian state infiltrated the computer system of the US Democratic National Committee to steal opposition research on Donald Trump. The play off between international organisations could eventually lead to cyber conflicts that are fought with digital weaponry. It’s also a major concern for businesses, adding another layer of complexity to the tension between corporations and governing bodies.
5. GDPR failure
In anticipation of the imminent application of GDPR (General Data Protection Regulations), Forrester has predicted that 80 per cent of companies will fail to comply. Furthermore, half of the businesses surveyed state that the cost of compliance outweighs the risks. Not only could this lead to fines of €20m or 4 per cent of annual turnover, but it will open up reams of consumer data to cyberattack. While this might not directly exploit digital assets, wilful neglect will do nothing but undermine online security efforts.
Cybersecurity has gone beyond the cybercriminal. Now, sensitive data bruises even more easily thanks to the wider distribution of data, the failure of businesses to comply with regulations and even politically motivated, state sponsored attacks. There are countless methods and techniques that organisations can apply to reduce the risk of suffering a successful breach, but the most important part of forming a response is to understand what these threats are. Keeping up with and recognising trends will make all the difference as the cybersecurity battleground intensifies.