Cybersecurity is a market that amounted to $167.14 billion in 2019 and is all set to surpass $248 billion by 2023, according to Statista. Surpassing the GDP of some economies in Africa and Asia, it is still far from fulfilling its actual responsibility. In 2019, we saw the ambition of security proliferate to different sectors, which then moved to economies, and finally being scrutinized by lawmakers on different forums. Many reasons combine and create the current cybersecurity problem. We have no uniform law across the world to keep watch on how the data is processed and used across boundaries, and many of the government and government-funded organizations are protecting hackers.
In May 2018, GDPR was implemented by the European Union (EU), mandating many data privacy laws for all the organizations that operate in Europe. In 2019, businesses faced $230 million in fine under the GDPR law, while Facebook is staring at a fine of nearly $2 billion. The fines have pushed organizations to implement better security laws, hire resources to protect their data, and even be open about the breaches, but it has done little when it comes to educating the actual users of law (citizens and organizations). The law has just been here for 1.5 years, and fair results could be expected as the businesses become aware of various loopholes in cybersecurity to protect their data better.
The rise of the government-backed hackers has been one of the most controversial topics many countries had to answer to. According to the businesses, the rise of such a cybersecurity workforce that can be used to cause disruption on a massive scale is one of the biggest threats for cybersecurity. Cyber espionage has been used by countries against each other since the development of the web, with Russia, Iran, China, and North Korea, usually being the countries engaging in such activities. Now it seems that even the western countries are keen on using the new espionage tactics to deprecate more powerful and larger rivals.
Saher Naumaan, a Threat Intelligence Analyst at BAE Systems, said in a statement that over the last 5 years, the companies globally have witnessed that more and more countries are trying to gain offensive cyber capabilities. Every country fits in different categories in terms of their cyber capabilities, but currently, none of them at the level of the big attackers. Advanced Persistent Threat (APT) is targeting rival governments and organizations. As the cybersecurity becomes imperative, we would see more developments in such groups even from other countries.
One of the prime examples is OceanLotus, also known as APT 32, which is the group working out of Vietnam and was initially developed to work in the interest of their governments. The main target for the government is the foreign diplomats and even foreign-owned companies working inside Vietnam. Many such attacks are developed in such a way that they encourage victims to enable macros to allow the execution of malicious payloads. Though most of the campaigns are not strategized to cause any large scale damage, they seem to pose a greater challenge for the businesses.
What 2019 saw,
The year 2019 witnessed an imposition of all types of attacks, not only from the government but even from the single/group of hackers. Even the political parties weren’t spared this year. The UK Labor Party was reportedly hit recently by 2 DDoS cyberattacks before the general elections. The other parties, such as the Conservative Party and Liberal Democrats, were also hit by several cyberattacks. It was believed that the hacking group Lizard Squad was actually responsible for the attacks on the political parties, the group has been well known for the high-profile DDoS attacks.
Disney Plus was one of the most awaited on-demand streaming service launches of the decade, but it didn’t go as planned. Within just hours of its service going live, Disney Plus user account credentials were compromised entirely and were available in the black market for close to £2.30 per user. Disney had suggested that the credentials might be leaked by other websites, as the user had used the same credentials on various websites.
Trend Micro reported that an insider had stolen more than 100,000 customer account details. The data was then later used by the scam artists to make phone calls to customers impersonating the company to a number of their customers. The open investigation from the company later confirmed that this was not an external hack but rather a work of a malicious internal source.
A security researcher in 2019 found that there were close to 4 billion records from 1.2 billion people on an unsecured Elasticsearch server. The information can be scraped from LinkedIn, Facebook, and other social media sources, while personal information includes names, home addresses, email addresses, and mobile numbers.
T-Mobile, the world’s largest telecom service provider and fourth-largest multinational, recently reported a breach in some of its prepaid account customers. The company discovered and shut down some malicious, unauthorized access to certain information that was with regard to the T-Mobile prepaid wireless account.
Cloud threats– Famous conman Frank Abagnale said in a statement that it’s 4,000 times easier to commit a crime today. Cloud applications might be one of the reasons easing pathways for cyber threats to just pop-up. Containers that had become one of the biggest setup functions for the deployment of microservices and applications are a considerable threat to cloud applicability. Many developers just copy the images of the container directly for the creation of new services, thus compromising security.
Capital One breach was one of the biggest breaches in the security history, wherein over 106 million records were stolen. Paige Thompson breached the servers using a third-party cloud company used by Capital One. The hacker was able to exploit the misconfigured web app to gain access to various Capital One data; it included 140,000 social security numbers and 80,000 linked bank account numbers. It even included names, addresses, ZIP codes, phone numbers, self-reported income, email addresses, and birthdays.
DoorDash breach– The breach had affected only those people who had joined DoorDash before April 5, 2018. The breach had affected more than 4.9 million users; the information leaked included a driver’s license for more than 100,000 users that consisted of their names, email addresses, phone numbers, delivery addresses, and passwords.
American Medical Collection Agency (AMCA) Breach– The company after the breach filed for bankruptcy, citing loss of business and legal costs. The breach had most likely occurred at the online portal affecting more than 20 million people, and stolen information was discovered on the dark web. The breach stole information, including social security numbers and bank account information.
Mobile phone use-detection– Governments can use data, but they should be accountable for what purpose they are using it. The use of phones while driving in the UK is illegal since 2003, the new technology detects GSM signals across different networks such as 2G/3G/4G even the Bluetooth signal is detected. But the problem with technology is that it cannot detect whether a driver or passenger is using the mobile device. The technology, if stolen, can be used to track any user’s activity.
Juice jacking– Juice jacking was first implemented in 2011 at a Defcon event called the Wall of Sheep. In 2019, Los Angeles District Attorney warned travelers from using the public USB charging stations since they could be affected by malware. It was reported that the device cloud is locked, or the passwords and data can even be exported.
Why is cybersecurity not just a tech problem but even bigger?
Businesses are approaching the cybersecurity in a very erroneous way. Whether it’s small businesses or multinational corporations, leaders need to think beyond the IT department and technology. Businesses need to focus on protecting their business’s most important assets from attacks. Everyone needs to identify key risks, imagine the potential risks, and develop a plan to combat the threats. Businesses are currently failing at cybersecurity in spite of all the public attention and investment, and, in fact, the number of cyberattacks has only been rising.
There are many reasons why mainly focusing on cybersecurity technology is undercutting its capacity to protect. The companies need to start by focusing on the most critical business activities and how cyberattacks could disrupt them, so there is a need to prioritize the whole process of risk mitigation. Most of the businesses directly invest in resources/tools to solve individual problems. This can dangerously leave loopholes in all the current systems.
Recently a retail giant that was compliant with all the latest technology and security standards for card payment faced a breach in its system, making us question how this could have happened if all required security standards were already in place. This might even get complicated for an industry that has several regulations and compliances in place. The leaders translate it in their minds that being compliant with requirements is equivalent to being adequately protected. It diminishes the security protocols of the business, as opposed to supposedly increase the protection.
The biggest challenge for businesses is to make the paradigm shift. Most of the businesses think that cybersecurity is actually related only to the technology of the company, and only demands the attention of the IT team in the company. Even when the businesses invest millions of dollars, they mostly invest in a certain tool that closes one loophole. Organizations need to create a ‘Cyberthreat Narrative,’ where everyone from the organization, including the owner to every head of different departments, understands where are the business risks in their organization? What is important for the business? What assets are important for the operations? What activities provide the business with a competitive advantage for revenue growth?
Training the employees to deal with different cybersecurity implications can assist them in performing better in case of threat input and even protecting the organization against threat attacks. It will also demand the business to go beyond the generic good things that they need to do or tick certain boxes. Once the business has identified the key risks in infrastructure, it positions them in a better scenario to deal with risks and bringing cybersecurity resources and IT department.
Why 2020 is a bigger challenge for businesses?
With the new year and a new decade just beginning, businesses might find it hard to comprehend that there will be more sophisticated attacks from several regions. A complicated AI becomes part of our system; it could be trigged to act in an unfriendly manner using just a few lines’ code that might not only compromise security but even the lives of people. The security of autonomous objects or chatbots that will be used widely in the next decade will be a major problem for all the businesses around the world.
The IoT industry will see growth, but security solutions will be a priority. The challenge of the developers will be to secure the connection or data transfer between the sensor and the computer. Deepfakes might become common influencing political situations across the globe. Social platforms can be a new war zone for the government to actually show their power so that deepfakes can influence daily updates.
Voice phishing attacks will become a reality in the next year, where a hacker could fake the voices of loved ones and famous personalities to ask for money from the users. It will get better with the usage of NLP and a more customized message of the user. Synthetic identity creation will become easy, bringing more sophistication wherein the hackers can plant seeds in different systems to portray a face used by a genuine person.
AI and machine learning technology will be a double-edged sword, advantageous on the one hand, and would also form a big part of the growing threat we would be witnessing. Automation is going to be more disruptive for various industries, but the part of the challenge for each industry would be that each one has to take into consideration different business domains and assets that are critical. No single cybersecurity model will apply to all industries. Cybercriminals will have a bigger bandwidth when it comes to the pathway to be used for attack, so managing each of them with a single-purpose or definitive tool is a challenge. AI will be implemented in this domain to protect every resource. To know more about cybersecurity, you can download our latest whitepapers on Security.