Trends and Concerns in Cybersecurity
Recently the Internet service in parts of the United States suffered a major outage that disrupted service to many of our popular websites including Twitter, PayPal, Amazon and Reddit. Reports indicate that the cyber attack had all the markings of a Distributed Denial of Service (DDoS) attack by a multi-national group of hackers whose identity remains a mystery. This latest attack closely follows the attack last month on Yahoo where a record 500 million records were stolen. These attacks only highlight the fact that cyberattacks are not going to go away in the foreseeable future. In fact, cyber experts fear that such attacks are going to be growing in their sophistication and intensity as hackers continue to poke, probe and archive information.
These attacks are causing people to ask what are the immediate issues that they should be concerned with, and what are the trends they should prepare for? Currently there are three major issues that need to be addressed: Social Engineering, Ransomware and what has become known as Bring Your Own Device (BYOD).
A large percentage of cyber attacks (by some estimates over ninety percent) are caused by or related to interaction and involvement of people with access to the system - usually the members of an organization. The fact is, people are only human and they are prone to making mistakes. Hackers known as 'Social Engineers', are skilled at getting people to violate rules and do what they know they shouldn't do. Essentially these social engineers are modern con artists wrapped in technology who persuade employees to divulge sensitive information that lays the groundwork for a future cyber attack.
A further problem that involves the members of an organization is the ongoing issue with regard to emails that contain malware. After years of warnings, people continue to open emails from questionable sources they are not familiar with. When they do their digital system often pays the price for their carelessness. Ransomware is a current example of the price that is paid. The employees open an email containing the malware which then encrypts the files of their system and then demands payment for the decryption key to unlock the files. This criminal activity is responsible for organizations in the US having paid over three hundred million dollars last year in ransom..
Another issue that is related to the interaction of humans and computers is BYOD. Across America there is an escalating trend for employees to bring their mobile devices into the workplace. Unfortunately these personal devices are often infected due to downloads from sketchy websites. While an organizations may spend a great amount of money in defending their systems from outside attacks, it can all be undone from the inside when an infected personal device connects to the company system.
These current concerns are troubling to be sure but for those of us with a vested interest in cybersecurity two developing problems are very disquieting - The use of 'Big Data' by hackers for cyber sleuthing, and the evolving Internet of Things (IoT). Those with malicious intent are keen to collect data and they troll social media sites and anywhere else they can to collect and archive information that can eventually be leveraged for a cyber attack. 'Big Data' is therefore a gold mine for hackers, allowing them to easily collect vast amounts of information on just about anything. Equally concerning is the evolution and advance of the IoT. This trend towards connectivity allows all chip enabled electronic devices to interact with one another. By some estimates there will be as many as 21 billion connected 'smart' devices by the end of the decade, all sharing information. This has benefits for the consumer, but also greatly broadens the attack surface thereby increasing vulnerabilities exponentially as each new unsecured device is connected to the digital world.
The current threats and trends in cybersecurity are an ongoing concern to the security community. By all accounts the cyber attacks by hackers will continue to escalate in both sophistication and numbers, and on the horizon a new generation of threats waits to be engaged. Advances in technology will play an important role in defending our digital systems, but people are the key to the successful defense of our digital systems. The members of an organization are the essential assets against those with malicious intent. Employees must be thoroughly trained to meet current threats and educated to withstand whatever the future holds. Not only does the economic success of our organizations depend on it, but our security and national well being depend on it as well.
About the Author
Dr. Jane LeClair is the President of the Washington Center for Cybersecurity Research & Development. Prior to assuming this position she was the COO of the National Cybersecurity Institute (NCI) in Washington, DC and the Dean of the School of Business and Technology at Excelsior College.