Technologies put forward that attempt to block and ensnare cyber-criminals and the more infamous advances of said cyber-criminals searching for new loopholes and implementing fresh attacks. Unfortunately, just as tech advances such as artificial intelligence aid the security world in the design and development of modern defences, so too is it being used by hackers in automated attacks that are able to more quickly break into user accounts. Overall, cyber-security is a chicken and egg conundrum that’s not likely to change in the foreseeable future.
With regards to security breaches and cyber-attacks, said Jonathan Couch, SVP of Strategy at ThreatQuotient, at the end of last year, “Unfortunately right now I think we’re still in that area where the bad guys are winning.” According to Trend Micro’s Rundown of the Biggest Cybersecurity Incidents of 2016, ransomware attackers were the most persistent cyber-criminals, while Mirai with the capability of turning devices into DDoS attacking bots took the role of worst all-round troublemaker. In 2016 we unfortunately also saw the first successful cyber-attack on an industrial facility when parts of the Ukrainian power grid were captured causing unscheduled power outages that affected approximately a quarter of a million customers. And with news in December of over a billion users breached and compromised, Yahoo takes the dubious prize for largest breach on record. Along with SWIFT vulnerabilities, the prevalence of ransomware, and further vulnerabilities coming to light, 2016’s cyber-security landscape was troubled, to say the least.
A New Year, a New Strategy?
As much as we’d like to believe that all these holes have been plugged, 2016’s cybersecurity failures imply more to follow in 2017. Experts believe IoT will continue to be vulnerable to attack this year, but with the landscape broadening across personal, business, and governmental areas, as well as innovations and adoptions steadily expanding, the potential for attacks cresting even the recent DDoS attack on Dyn can be envisaged. Malware is also being predicted to be an active threat this year, and with artificial intelligence imbuing such methods with greater ability as well as the industrialisation of cybercrime, it’s a race to see whether security providers and experts can plug holes as quickly as they appear.
Gladly, security automation and orchestration could provide greater defence against cybercrime through machine learning, behavioural analytics, and threat intelligence, but while bolstering the security field and filling skill gaps, such innovations can also be exploited for immoral assistance’s; just as autonomous security programs seek out and patch vulnerabilities, so too can autonomous hacking programs seek vulnerabilities, but with a very different end goal in mind. Ransomware is also likely to evolve in 2017, and being one of the ‘better paid’ forms of cybercrime, organizations will have to review strategies to safeguard their systems and data. Regrettably, some experts predict ransomware attacks may develop from primarily finance-driven models to efforts to influence business decisions and policies, affecting strategic outcomes.
A daunting setting, but it’s important not to forget the good guys tirelessly battling these challenges, racing against the clock to prevent intrusions, disruptions and violations; the news seldom highlights failed assaults and successful threat prevention, but they are growing as significantly as the misdeeds. Going forward, organisations and individuals will have to make the commitment to get more involved in cybersecurity; it’s no longer enough to trust providers with this eternal task. Regulators are already coming to the fore helping consumers and providers alike implement necessary security strategies, and the practical among us track current trends while implementing policies that limit vulnerability. It’s time to pick a side, and those reluctant to join the fight against cybercrime are directly enhancing the position and tools of cyber-criminals.
By Jennifer Klostermann