Cyber-crimes are becoming increasingly sophisticated and ambitious in the current age of advanced persistent threats, zero- day attacks and advanced malware. Highly sophisticated threat actors are focused on stealing confidential information including intellectual property, PII, Credit card information, medical records, customer information and state or federal information. If we analyse the key happenings in the threat landscape last year, we can see that businesses have witnessed the highest magnitude of online crime in 2015 with the average total cost of a data breach increased to $3.79 million from $3.52 million in 2014. Studies from renowned institutes reveal that cybercrime will become a $2.1 trillion problem by 2019. The technology revolution happening around IoT, Mobility, Cloud, Wearables and Advanced Machine Learning are also expected to affect the security landscape and enable an expanded set of cyber threats analytics in the upcoming years. Global CISO’s believe that cybercrime will become a key driver in shaping the internet governance, data storage and usage, and how the respective stakeholders engage with each other in the cyberspace.
Certain key focus areas in the cyber-crime space includes:
- Data storage and processing in the cloud : The storage and processing of data in the cloud raise security concerns. Lack of competent security policies in the cloud can enable cyber criminals to target the data in the cloud.
- Handling sensitive personal information collected through wearables: Wearable devices handle lots of sensitive personal information and it is mostly managed by smart phones. The lack of proper security measures can enable cyber criminals to target wearable platform a key area for cyber-attacks.
- Big Data or Data aggregation in the form of large datasets : Organizations are focussed on Big Data storage and analysis to derive actionable business intelligence from it. However, aggregation of large data sets without proper data security policies can make data breaches more rewarding for cyber criminals.
- Cyber Extortion or Ransomware attacks: Ransomware threats have started dominating the cyber security landscape recently. It is a matter of greater concern as the impact of ransomware attacks can bring a halt to the business operations itself.
- Hardware attacks: The all-time hardware attacks for cyber criminals are expected to continue in the coming years as well. The evolution of tools and sophistication in attack methodologies can make the hardware attacks more prominent.
- Social Engineering Techniques: Employing social engineering techniques for cyber-attacks are expected to increase in the coming years. Such attack models will help attackers to bypass defenses easily and thereby achieve their malicious motives by persuading the victims.
Digital Technologies are advancing quickly and threats are evolving along with it. Well-equipped and highly focused Cyber attackers are actively developing new ways to compromise organizational security postures by leveraging sophisticated techniques. The new gen cyber attackers are well organized and even state sponsored. They work collaboratively as teams or leveraging lower-level security vulnerabilities to launch targeted attacks by leveraging attack models ranging from phishing emails, social engineering techniques, and attacks that launch from a legitimate website. In this age of increasing number of interconnected devices including wearables and IOT enabled automobiles and concepts like BYOD it is a constant threat for organizations to safe guard sensitive data including personal health information, credit card related data, sensitive business data, employee information.
Predictions on the future threat landscape
Cyberwarfare, the politically motivated or state sponsored attacks is a key area of concern in cyber security landscape. It focusses on digital attacks on the networks, systems and data of another state, with the aim of creating significant disruption/destruction or for strategic espionage.
IT discussions are focused on the upcoming revolution of quantum computing and its impact in the cyber security space. As several of current security mechanisms including public-key encryption and digital signatures could be cracked by quantum computing, cyber security experts are looking forward to develop quantum resistant algorithms and advanced cryptographic technologies to come up with.
Smart cities with smart transportation, smart healthcare, intelligent buildings and smart power grids contribute another upcoming revolution in the technology space. This increasingly interconnected ecosystem also increases the vulnerability, both to malicious attacks and unintentional incidents.
As the number of devices that access corporate networks continue to grow rapidly and systems become smarter by interconnection, time is up to rethink our traditional approaches to cyber security protection strategies. To address the emerging and highly sophisticated threats organizations need to adopt a defense in depth strategy with well-rounded multi layered security policies, better monitoring tools and a better trained workforce. Better planning needs to be in place for responding swiftly and decisively to security incidents. Real-time security intelligence, incident response with security analytics, shared threat intelligence and device/ platform specific security measures are required for ensuring cyber security when we are heading towards an era of upcoming technology revolutions including Quantum computing, Internet of Everything, Artificial Intelligence and Advanced Machine Learning.
Jyothi has over 14 years’ specialization in Identity, Access and governance solutions, Information Security consulting, Privileged IAM and Endpoint Security solutions. Has helped customers in Security services across banking, financials, PCI, Education, Pharma and Utilities sectors. Currently leading disruptive and next gen Security Solutions at Happiest Minds Technologies.