Insecurity providing testing grounds for cyber attacks
In February 2016, an anonymous group of hackers infiltrated Bangladesh’s central bank and stole $81 million. The cybercriminals were thought to have installed malware in the bank’s computer systems, watching transactions between international accounts for a number of weeks. The group was then able to exploit a weakness in Swift, the messaging system used by global banks. Whilst a code typo prevented the loss of a further $850 million, the Bangladesh Bank will take years to recover. Bangladesh might not immediately sound like the most obvious choice for a cybersecurity heist, that’s precisely why the attack happened. With hackers attracted to developing nations, how can they respond to this growing threat?
Developing countries, developing crime
Unfortunately, an increase in cybersecurity awareness in developed countries has prompted hackers to find other ways to develop their malware. Aside from giving hackers the element of surprise, there are numerous factors that make developing countries the perfect arena to try out digital attacks. A lesson for us all – emerging companies often don’t expect to experience cybercrime so they don’t invest in digital defences. This isn’t always a choice – often, they simply don’t have the resources or personnel to come up with a relevant security strategy. This means that it’s much harder to trace cybercriminals, giving them anonymity. In nation states like the US, companies can expect help and support from the federal government, but this is not the case elsewhere. Threat Intelligence analysts have noted a distinct increase in attacks in Africa, as well as across Southeast Asia and the Middle East. Chris Rock, security research and chief executive of Kustodian, has described these blossoming technological markets as ‘low hanging fruit’. Interestingly, some of the techniques employed by hackers in developing markets don’t actually include malware. The biggest pay offs exist in developed countries, so the malicious software is saved until testing is complete. Even so, it doesn’t always work out for cybercriminals. Some organisations have taken precautions against digital attacks – unfortunately, though, it seems to be the minority.
How should organisations respond?
Now that hackers have found somewhere to test out their malicious software with low risk of detection, their attacks are likely to become more severe and more accurate. The availability of testing grounds has disrupted hacking strategies yet again, but to the complete disadvantage of victims. After the $81 million bank heist in India, the governing bodies of developing countries are now well aware of the potential risks. However, the lack of a coherent response has done nothing but encourage digital thieves to carry on. Obviously, the development of tried and tested cyberattacks will have negative consequences for anyone who isn’t a cybercriminal. Global governments need to find a solution, and fast. One suggestion would be to enforce rules which, if broken, lead to a heavy penalty. As of 2018, any European organisation without adequate cybersecurity settings could be liable to a fine of up to $20 million. If countries outside of Europe set up similar regulations, it would create greater incentive to change. It’s also the responsibility of developing countries to understand the global consequences of insufficient security, and work to reduce the effects.
As hackers take advantage of weak security protocols in the developing world, a domino effect is taking place. Perhaps it’s in the best interests of technologically advanced countries to formulate a global response that encourages and helps organisations in the developing world to protect themselves against cybercriminals. Cybercrime is not going to go away – especially when there are unsuspecting victims to exploit.
Should developed countries and companies help to fund global cybersecurity programmes for all? What is the main obstacle to advanced cybersecurity in emerging tech centres? Should governments in developing countries enforce cybersecurity regulations like those in the EU? Share your thoughts and opinions.