In the cat-and-mouse battle for cyber security, cybercriminals and chief security officers continually go toe-to-toe to out move each other. With each step companies take to protect their assets – from USPs to data and the firm’s funds – cybercriminals are looking to undo this work, by adopting even more sophisticated strategies and harnessing disruptive tech for their own gains.
But what are the latest cyber security threats impacting UK businesses and how can organisations fight these emerging threats while not losing sight of the all-important cyber security basics.
1. Weaponising artificial intelligence
While there are no confirmed cases of artificial intelligence (AI) malware being released into the wild by cybercriminals just yet, it won’t be long - according to internet security firm Webroot, 86% of cybercrime professionals think it will soon become a reality.
AI is already being used to fight cybercrime thanks to its ability to help humans deal with the sheer number and complexity of security threats. Companies in the US are among the early adopters, with 87% of US cyber security professionals saying their firms are already using AI in a bid to arm themselves against the threat of a breach, with the top three most commonly used AI applications being malware detection, malicious IP blocking and website classification.
However, adoption of AI by hackers will vastly increase the volume of attacks and the only way to effectively cope will be with AI cyber security countermeasures. The result is likely to be an AI arms race between the good and bad guys.
One AI cybercrime scenario involves devices being infected with AI malware capable of monitoring the victim’s message style and collecting personal information so that an entirely plausible spearfishing email can be created and sent to someone on their address book. If your company’s cybercrime expert doesn’t have access to AI expertise yet, now is the time to factor it in.
2. Data manipulation rather than theft
Making money from data theft can be very hard work for criminals. Most hackers sell off large batches of stolen personal data on the dark web as soon as they steal it, leaving other criminals to sift through the data to use it to commit fraud.
Manipulating data, on other hand, is potentially much quicker and easier to profit from. In theory hackers can inflate bank balances or use manipulated data to influence commercial decisions. Exaggerated company performance data could inflate share values, for example. Another tactic is to both steal and manipulate data in an attempt to damage the reputations of individuals and companies.
Systematic data manipulation would be crippling for any organisation and, if carried out over weeks or months, a single system restore would be of little help. The best way to prevent data manipulation is straightforward network security best practice, such as automated system monitoring for unusual data flows, closely scrutinised access authority, effective network segmentation, a rigorous password regime and educating colleagues about the dangers of clicking on suspicious emails and attachments.
3. The Internet of Things risk
By the end of this year, there will be an estimated eight billion Internet of Things (IoT) devices globally, according to Gartner, with a great many of these in use within businesses. These devices include everything from sensors and trackers used in digitally transformed supply chains, to security cameras and smart screens in corporate offices. Every single internet-enabled device is a potential entry point for a hacker, who can then move around a corporate IT network if it is not sufficiently secured, segmented and monitored correctly.
In many cases, securing an IoT device can be as simple as changing a manufacturer’s pre-set password, but with billions of such devices in use, a lax attitude to carrying out this simple task could still present a potential field day for hackers. Hackers will always target the lowest hanging fruit, so companies need to keep an inventory of IoT devices and ensure a comprehensive password regime is maintained.
4. The reign of ransomware continues
In the last couple of years, ransomware has become a major headline grabber. In 2017 alone, ransomware growth topped 2,500 percent, according to cybersecurity firm Carbon Black, hitting hospitals, private businesses, and individual users alike. Ransomware has now started to spread to previously immune Mac, Linux and Android/iOS smartphones.
The next possible target, according to the MIT Review, could be smaller more vulnerable cloud providers, which lack the resources of Google, Amazon and IBM and are more likely to pay up if their customers’ data is encrypted and held for ransom.
A recent analysis of the third quarter of 2017 found that combined Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) markets were worth more than $35 billion. With all that money and data growing, it’s little surprise that cyber criminals are expected to turn their attention to the cloud.
Like most cyber security threats, a layered approach to ransomware is usually most effective. Get the best antivirus software and make sure your systems are regularly updated with the latest versions, educate staff about the risks of clicking on suspicious emails and attachments, back up data, ensure your system patches are up to date and restrict access and admin rights of employees if necessary.
5. British retail increasingly prone to DDoS attacks
Distributed denial of service (DDoS) attacks are not new, but cyber criminals have certainly woken up to the vulnerability of British retailers in this area.
In fact, the British retail sector is now among the most vulnerable industries in the world, according to a study by international security company Neustar.
DDoS attacks, in which an online service is taken offline by overwhelming levels of traffic, can be motivated by revenge, politics or petty trolling. But, with online UK retail generating between £77,000 and £200,000 an hour, analysts expect to see DDoS attacks used in extorsion attempts on UK retailers.
The best way to defend against a DDoS attack is to have a good incident response plan. This may include using an ISP that has a DDoS detection service which can spot early traffic spikes. Companies may also consider a backup ISP in the event of an attack. Other tools include a cloud-based anti-DDoS solution to filter and divert malicious DDoS traffic.
Hackers are becoming increasingly smart, basing themselves in countries that lack the resources to tackle cybercrime. They’re also selling their tools and know-how to less-skilled criminals. This ‘crime-as-a-service’ approach benefits the wider cybercrime community, threatening to overwhelm cyber security efforts as the volumes of attacks increase.
As companies across all sectors ramp up their digital transformation activity, cyber security becomes even more of a priority. Hackers, like wolves, invariably attack the slowest and most vulnerable in the herd.
Don’t forget the cyber security basics
Whilst looking ahead to how cybercriminals are getting smarter is important in the pursuit of cyber security, it’s often not the highly complex system breaches which are the most commonplace – and effective – for cybercriminals. Simple actions, like clicking on suspicious links, still present a significant risk - and if end-users within the business don’t take the very basic security steps, all that hard work - and budget – on securing a company can be wasted.
Critical to this back to basics approach is educating employees to always escalate any suspicious activity to their IT team and regularly reinforce the importance of basic online security to everyone in your organisation.
Martin Blower, Head of Technical Strategy at Black Pepper Software
Image Credit: Sergey Nivens / Shutterstock