A recent report released by the World Economic Forum (WEF) focused on the Global Agenda for 2014 and the top 10 trends facing the world. As one might expect, topping the list were globally pertinent and vital topics like; growing societal tensions in the Middle East and North Africa; income disparity around the world; and ongoing unemployment.
However in fourth place was “intensifying cyber threats”, which was considered a more significant issue than climate change and diminishing confidence in economic policies.
This is a truly insightful conclusion – such a global focused, facts-based organisation marking cyber threats at such a high threat level – shows how rapidly technological threats have evolved. It’s not that long ago that ‘being online’, whether as an organisation or as an individual, meant merely having your own server – relatively secure and simple to fireproof – against typical cyber-attacks and threats.
The evolution of IT into cloud computing, machine to machine (M2M) communications and the Internet of Things (IoT), presents a whole new generation of dangers – ones against which most industries, companies and end-users are not safe.
The cloud of course means more devices and machines than ever are connected through the same network, making it an even bigger target for cyber terrorists. Get one denial-of-service (DoS) attack through successfully and it can grow exponentially through the cloud to other domains, taking many other websites with it.
Similarly the IoT has presented cyber attackers with a particularly attractive playground – the network infrastructure and technological capabilities are really transforming at a rate that is too fast for cybersecurity to keep pace.
Many IoT machines and devices remain quite unsecured, with communications between them being unencrypted. This is clearly a major worry when so much private, personal and sensitive data is communicated via the internet.
Changing habits, changing threats
The nature of how we use IT has also helped form the evolution in cyber security threats. We love all the benefits that come with our increasingly mobile-powered lives; more flexible work practices, greater productivity, increased control and choice over our consumer habits, but we do need to be aware that these changes carry new threats too.
Through 2014 and beyond, it is highly likely that we will see cyber threats piggyback this trend to make attacks more personal. Where previously generic data was the target for cyber-attacks, they may now shift to specific, individual information. These attacks will target mobile operating systems, since thanks too trends like BYOD, mobile devices now very often carry both personal and corporate data on them. In 2013 there was 1000 per cent growth in malicious Android apps, demonstrating the shift in focus by cyber attackers. Factor in SMS floods, development of malicious apps and even fraudulent developer credentials appearing in app marketplaces and it becomes clear that mobile is a fertile hunting ground for the modern cyber criminal.
The growth in social media use presents another big target too. Social is a true modern-day technology success story, enabling people to keep in touch and share experiences in whole new ways, no matter where they are.
That ubiquity however does present new territory for cyber threats, with social attacks likely to increase massively in the near future. Social media utilises personal data, passwords, contacts, location-based activities and more – all of which is highly attractive bait to cyber criminals. So it is perhaps no surprise that earlier this year even President Obama was banned from using his smartphone due to security concerns.
Another modern day advancement that carries its own new threats is online currencies. Ransomware has been developed and targets currencies like Bitcoin, while online currencies also offer cyber criminals the opportunity for money laundering. Currency exchanges are also potential areas of attack. Traditional threats of course remain too – 2013 saw the biggest cyber fraud case in history, as 160 million credit cards were compromised in the US, to the tune of $300 million.
In short, new technologies and the growth of the cloud and increased mobility mean more targets for cybercriminals. Gartner suggests that by 2020 governments and enterprises will leave a massive 75 per cent of sensitive data unprotected – so organisations are going to need to think long and carefully about the security policies they implement to mitigate this threat and tighten up cybersecurity as much as possible.
Malware hasn’t gone away
Another threat which is not gone but merely evolving is malware. Previously the preserve of desktops and the enterprise environment, malware has transformed to take its dangers to the mobile landscape as well. Malware has adapted to target mobile authentication processes via fake SMS confirmations and other means. Android malware is also on the rapid rise.
This year will also likely see malware architects continue with covert command-and-control (CnC) attacks on networks. Encryption techniques go on getting smarter and stealthier and malware is now smarter than ever in evading traditional network defences.
Time to evolve thinking
The changing nature of technology in the mobile era – with disruptive solutions being developed all the time – means that the CSO has to always think one step ahead. As the WEF report indicates, cyber threats will continue to grow and evolve throughout 2014, with the only predictable thing about them being their unpredictability.
Traditional perimeter-based security solutions are today less effective than usual because of disruptors like cloud, mobile and social. M2M, the IoT, wearable technology in the workplace and more will continue to render the perimeter security model less powerful and the financial imperative of modern cyber threats is clear. Some estimates forecast that failure to implement sufficient cyber security solutions and capabilities quickly enough could mean a $3 trillion hit to the world economy by 2020.
Fourth on the Global WEF Agenda – cyber threats
Cyber threats is number 4 on the World Economic Forum of top 10 trends, so it is time to plan ahead and be proactive about new security threats. Allocate sufficient resources and people to head off cyber threats before they attack and organisations can still win the battle and the war.