2017 was certainly a challenging year for cybersecurity. The volume of data breaches continued to climb from the already alarming experiences of previous years. The sophistication and intensity of cyberattacks from social engineering, ransomware, and DDOS attacks also experienced exponential growth. The question remains, what should we expect (or fear) in 2018?
Succinctly, in 2017, globally there were a total of 5,207 breaches and 7.89 billion information records compromised. Eight of 2017's reported data breaches made the Top 20 list of all-time largest breaches. The US led the world with the most reported breaches, with 2,330, followed by the UK (184), Canada (116), India (78), and Australia (62). These figures were disclosed by Risk Based in its annual Data Breach QuickView report on breach trends. The true tally of victims is likely much greater as many breaches go unreported.
According to McAfee Lab's Threat Report covering Q4 2017, eight new malware samples were recorded every second during the final three months of 2017. Ransomware increase in volume, 59% year on year, and 35% in Q4 alone. The report cites that an average of almost 500 new threats were discovered every minute in Q4 last year. These stats are certainly eye opening.
There are several reasons for the continued rise of cyber breaches. For one thing, the cyber –attack surface area is growing as more and more people and data are coming online globally. That means more opportunities for digital targets and more opportunities to implant malware. According to Forrester Research’s 2017 global security survey, there are 430 million types of malware online—up 40 percent from just three years ago.
Secondly, social engineering and phishing hacks have become easier with graphics and the ability to mimic. The poor quality misspelled bank emails asking you to click are a thing of the past. Even more frightening is that, according to an analysis by Health Information Privacy/Security Alert, 46,000 new phishing sites are created every day. The bottom line is it is easy for anyone to be fooled by a targeted phish, especially when it appears to be coming as an email from someone higher up the work chain. No one is invulnerable to a crafty spear-phish, especially CEOs.
Thirdly, sophisticated hacking kits and tools are more readily shared on the Dark Web and among hackers. When a vulnerability is spotted by the bad guys it is often rapidly shared among their groups. On the Dark Web marketplaces have sporadically popped up selling "zero day exploits" and they are unfortunately difficult to close down quickly enough before real damage is done.
Fourthly, with the introduction of cryptocurrencies it is now easier for criminal to receive payment for ransomware. The reason why bitcoin and other cryptocurrencies have become opportune for hackers is that they are stored in digital wallets rather than banks. These wallets are basically an ecosystem of easy targets because they do not have the levels of or layers of cybersecurity protections necessary to protect the owners of the currencies. It is not just the ransomware that is a treat, hackers may also be mining your PC for cryptocurrency via hidden software.
And there are other factors, despite attempts at promoting cyber-hygiene, there is still a plethora of companies using out-of-date anti-virus software that they fail to monitor and patch. This is exacerbated by the huge dearth of skilled cybersecurity workers and lack of understanding of the implications of cyber-breaches on both reputation and the bottom line from many who operate in the corporate C-Suite.
Why will be 2018 likely be worse than 2017?
Today there are an estimated 3.8 billion internet users. The number is growing rapidly. The research firm Cybersecurity Ventures predicts there will be 6 billion internet users by 2022 — and more than 7.5 billion internet users by 2030. In addition the cost of cyber-crime is expected to rise to $6 trillion by 2021.
And there is the Internet of Things (IoT). The connectivity of technologies, especially to the internet, makes everyone and everything a target of cyber intrusion. It is estimated that there will be as many as between 25 to 65 billon connected Internet devices by 2020 (depending on who you cite). The commercial and governmental IOT "landscape of sensors” will expand the attack surface area for hackers even more.
The good news that accompanies our foray into IoT is that technology is also an enabler for cybersecurity. There are a myriad of emerging technologies that can help us navigate the increasingly malicious cyber threat landscape including: Artificial Intelligence (human/computer interface) and Machine Learning; Automation and Adaptive Networks; Big Data: Real-time Analytics and Predictive Analytics; Biometrics and Authentication Technologies; Blockchain; Cloud Computing; Cryptography/Encryption; Quantum-computing and Super-Computing. These emerging technologies combined with robust cybersecurity planning and processes can be excellent tools to create defense in depth against threats. Please see my earlier blog in Alien Vault for more detail: https://www.alienvault.com/blogs/security-essentials/emerging-technologies-and-the-cyber-threat-landscape
So is there light at the end of the tunnel for 2018?
They answer is maybe. If policies of risk management expand into a prevailing strategy. That strategy will need to include cyber-hygiene, proactive measures, and incident planning. It will also require the layering of new and potentially enabling technologies to help mitigate cyber-attacks.
Defined by the most basic elements in informed risk management, cybersecurity is composed of:
- Layered vigilance (intelligence, surveillance);
- Readiness (operational capabilities, visual command center, interdiction technologies);
- Resilience (coordinated response, mitigation and recovery).
The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency. These guidelines are represented in the NIST mantra: “Identify, Protect, Detect, Respond, Recover”. If companies, governments, and individuals adhere to a strong risk management approach, 2018 can offer us some light on how to better secure the risky cyber landscape.