The good guys seem to be on the losing side of the cyberwars – and that could put a serious crimp in the digital transformation that companies need in order to be able to cope in an ever-more competitive business arena. The connectivity and data that provide businesses with the power to innovate, scale up, and conquer new, distant markets is the same one hackers use to damage those efforts.
Digital transformation promises to bring a lot of good to a lot of people, but hackers and bad actors are proving to be a major thorn in the side of the companies working on it. How are hackers damaging digital transformation efforts, and what can cybersecurity experts do to stop them? One reason hackers have been so successful holding up the digital transformation revolution is the revolution itself. A study by ESI Thoughtlab shows that “cyber risks rise dramatically as companies embrace new technologies, adopt open platforms and tap ecosystems of partners and suppliers.” It’s the building blocks of digital transformation themselves that are supplying bad actors with the tools they use to hurt that transformation. How?
Numbers: Hackers have a vast array of attack tools and vectors to choose from in order to accomplish their goals. According to a report by Kaspersky, nearly 350,000 new malicious files were discovered every day in the first ten months of 2018. The overall volume of ransomware increased by 43 per cent in 2018, and 30 per cent of all computers encountered at least one online malicious threat. With numbers like these, it’s clear that hackers are having a field day - at our expense.
Phishing: Despite years of training, cajoling and threatening employees not to click on the suspicious link, social engineering phishing is still the go-to technique hackers use to infiltrate systems - and it's extraordinarily effective. According to studies, as many as 95 per cent of security breaches have their origins in socially-engineered phishing attacks - and perhaps even worse, 97 per cent of people globally cannot properly identify a phishing message, making it even more likely that they will open it.
Variety: The ace in the hole for hackers is their ability to mask their attacks in a manner that can't be detected by anti-virus software. Using such evasion techniques is far easier than most of us think. With some slight code changes to the “off the shelf” malware that many hackers use, it can be just different enough to elude anti-virus systems that the vast majority of organisations still rely upon as their first line of defence.
Channels: The proliferation of ways to connect and communicate that typifies digital transformation - especially enterprise communication and collaboration (EC&C) tools - provides hackers with a much wider range of targets than they had when work was restricted to the office. Traditional solutions like sandboxes and anti-malware systems do not examine or protect those channels; the former can be fooled by a variety of techniques, while the latter don’t even examine the files in EC&C platforms. Experts believe that collaboration tools may be the “next great security risk,” as hackers can compromise them.
Changing the defence philosophy
For example, an Office file with a poison macro - acquired by a user via a phishing email - that gets uploaded to a collaboration app now poses a risk to anyone in the organisation who has access to that app. According to Symantec, “as businesses and consumers move to newer messaging platforms beyond traditional email, attackers will likely seek to leverage these platforms for malicious purposes,” with platforms like WeChat, Facebook Messenger, and others containing tools hackers can readily make use of.
One way to a more effective defence system is to change our defence philosophy. While hackers have many doors into systems and networks, and many tools to attack them, there are only limited valuable targets they can affect. For example, If they want to steal data, they have to attempt to enter the database. If they want to install ransomware, they have to write it to the disk – or to memory. If they are interested in taking over an email or social media account, they have to try and infiltrate these systems.
Instead of relying on signature-based anti-malware systems, which essentially stop only known threats, companies should harden their defences with both advanced static-based engines and next-gen dynamic solutions. The role of the first layer is mainly to block known threats and uncover evasion techniques, while the role of the latter is to protect against advanced, unseen-before threats. This can be done in various techniques, but it generally should focus on detecting anomalies in the system or network – activities that shouldn't be there, based on the profile of what the system is supposed to be doing (unexpected processor activity, files being written, ports being opened, etc.), that could indicate that hacker-directed activity is taking place.
Digital transformation has indeed revolutionised business. Many of the companies that were branded as new startups with just a few employees not too long ago are today world-class firms that supply the bedrock of our digital society – think MailChimp, Etsy, Shutterstock, and many more. The cloud has given these and many more companies agility and an ability to scale unimagined just a few years ago. Think about how much more we could accomplish, if not for the scourge of malware.
Hackers have done so much damage to business - caused billions in losses, and made us jump through hoops updating anti-virus software and changing passwords. Those are all resources that are harming digital transformation efforts – and denying all of us the benefits of a smoother, safer internet. It's time to change that.
Yoram Salinger is the CEO of Perception Point
Image source: Shutterstock/jijomathaidesigners