By Sanket Sarkar; Chief Executive Officer, Teamcognito
We are living in interesting times, with break neck pace in emerging technologies. With this pace of innovation, the threat to our cyber infrastructure is fast evolving with the industry struggling to keep up. Last couple of years witnessed exponential rise in breaches. Lateral movement has become simpler. Poor security practices have further fed into global phenomenon. However, the rising cases of ransomware and malware attacks have been met by wide scale awareness and precautionary steps are being taken to tackle the ever growing sophistication levels of the attackers.
While Bill Gates in 2004 might have thought that spams would be short lived, the current scenario shows that it’s much worse. Yes almost 99% of the spams are indeed stopped, but what goes through are highly sophisticated and prey on ignorance and vulnerability of the users by making them click on malicious links, which might trigger a ransomware or give away your password.
Blockchain as Security Technology is fast gaining ground. More and more investment is pouring in and it is deemed as the future to security. Blockchain can potentially eliminate passwords, provide highly advanced encryption, and create tamper proof infrastructures. Hence, Blockchain security will definitely be a fascinating arena to watch out for.
AI vs Social Engineering
Social Engineering is the fastest growing arena in cyber-crime. As per industry reports, Phishing attacks surged by about 74% from Q2 to Q3 in 2017 alone and it has only surged further. A lot of it has been attributed to human error and there is viewpoint that AI can eliminate that. In an Utopian world we will be able to assess and predict all such attacks well in advance, however let us see what lies ahead.
Industry Specific Attacks
There is an increased focus of Scammers on targeting their attacks based on where the largest pay-out lies. These pay-outs are of two types. The first is finding a large and accessible financial transactions. The second is in importance and value of data. The financial industry and heavy industrials have the large pay-outs and funds transfers. The Health sector have invaluable data. These industries hence, will continue to see a surge in targeted attacks.
Cloud and BYOD
The year gone by has seen a shift towards more pay off based scams. With the proliferation of BYOD (Bring Your Own Device), mobile and remote work, scammers have realized that it’s more valuable to access the network as a whole rather than some employee. Hence private mails are being used to access company network.
Similarly, as businesses continues their shift towards cloud, and the normal and traditional idea of Firewall changing, businesses are looking for newer ways to secure their networks, such as Email Archiving Solutions, Encryption, URL Defence, Mobile Defence etc. With the growth in diversity in how and where employees are accessing networks, companies have to continue and intensify focus on strong awareness and training as important preventive measures.
The last couple of years have seen the growth of highly publicised ransomware attacks. Although the attackers did get their pay-out, most of the damages was in the reputation and legal costs and were major blow to the confidence level of the organisations. What the year gone by also showed us that even unskilled attackers can launch a ransomware attack through the growing underground economy by the growth and proliferation of RaaS (Ransomware as a Service).Ransomware attacks are a major concern along with Phishing and other Social Engineering attacks which has seen major growth in the last couple of years. What we have to observe is how the valuation of cryptocurrency will impact this.
As more people and devices are plugged in, the threat continues to increase manifold. Indeed IoT comes with revolutionary evolution, but it has been seen that over 70% of the IoT devices have serious security vulnerabilities opening up limitless opportunities for the attackers and scammers. Insecure web interfaced and data transfers have left the users vulnerable, and as multiple devices are connected, if one is breached, all others are easily accessible.
Cyber criminals will lead on to increase a profound number of jobs in cyber security. However the fight seems to be continuous and never ending. AI will take over some of the burden in security. However attackers are becoming more sophisticated by the day and importance of awareness is paramount. They are out to get to us. We can’t afford to help them out in that endeavour.