Keeping on top of cybersecurity risks is a constant challenge. Threats including phishing, malware and ransomware are continually evolving and adapting, as cyber criminals regularly find new, innovative ways to conduct malicious hacking campaigns, break into computer systems and find a way to stay there.
Many companies are having difficulties keeping up with the technological world and threats that come with it, resulting in security holes in networks and vulnerabilities left unpatched. These flaws are relatively simple elements of cybersecurity to manage, but many organizations are still struggling to grapple.
The way in which cybersecurity and cyber threats are evolving means there’s a risk that many businesses could be left behind. Many businesses could be dangerously exposed as technology moves forward and cyber threats move forward with it. Therefore, it’s very important to stay ahead of the curve and be educated on the best security practices and measures to protect from today’s threats.
Quantum computing is increasingly gaining traction, with big tech companies setting out plans to deliver high-powered quantum computing hardware in the next few years. The power of quantum computing could provide benefits for society in several ways, particularly when it comes to science, research, analyising algorithms, as well as improving artificial intelligence and machine learning.
However, the rise of quantum computing poses a threat to traditional cybersecurity and encryption as we know it because quantum computers could break public-key cryptography. The White House has warned this could be a threat to businesses and national security.
For now, the encryption used to protect data is strong enough, at least when it comes to protecting it from traditional computers. The problem is that with the arrival of quantum computing, those cryptography protocols that date back decades could be challenged by high-performance quantum machines.
It’s possible that malicious hackers could exploit quantum computing to commit cyber espionage or to decode encrypted data they have stolen in the past. Cyber-criminal groups could also look to exploit quantum to help increase the efficiency of their financially motivated cyberattacks.
The threat could come in the form of using quantum computing to breach passwords and other cybersecurity defences to enter the network and install ransomware or other malware. Attackers could also deploy quantum-strengthened encryption to encrypt files as part of ransomware attacks, which are impossible to break or reverse using classical computers, meaning that a victim has no choice but to pay a ransom for a decryption key.
Technology companies are working on quantum-proof cybersecurity and it’s likely to be something that many governments, businesses and other organisations will need to think about in the coming years.
Software Supply Chain Attacks
The world has already seen how disruptive a cyberattack against a major software supplier can be. The attack on SolarWinds, from the Russian foreign intelligence service, saw hackers infiltrating the software-building process and infecting legitimate software updates with malware.
Unfortunately, it’s likely there’s more to come, especially as more and more organizations turn towards software as a service and cloud-based technological solutions. Your own network could be as resilient as possible to cyberattacks, but if one of your suppliers gets their network cracked by hackers, they then have an easy way into the network.
Concepts like ‘secure by design’ can help improve cybersecurity for everyone, but with IT and cybersecurity budgets already facing challenges and software companies making tempting targets for cyber criminals, it’s unlikely that software supply chain attacks will become a thing of the past any time soon.
Internet of Things Making Us More Vulnerable
Many different industries are increasingly rolling out Internet of Things (IoT) connected devices. From huge factories connecting IoT devices to production lines to monitor wear and tear, hospitals using wearable technology to treat and monitor patients to smart meters and other smart devices increasingly used in the home, more and more IoT products are being connected to networks.
While they’re being adopted because they provide benefits and services to users, they also risk making users more vulnerable to cyberattacks because many IoT devices are inherently insecure.
Cyber criminals can search for IoT devices facing the public internet and can exploit the lack of security controls in many devices to gain access to networks. In one example, hackers accessed an internet-connected fish tank at a casino and used it as an entry point to steal information about customers.
While some steps are being taken to improve IoT security, they’re currently very limited, particularly as manufacturers continue to rush products out to the marketplace, seemingly without giving much thought to cybersecurity. Cyber criminals know IoT is an easy target, and the problem is likely to get worse before it gets better.
Deepfakes Powering Business Email Compromise Attacks
Business email compromise (BEC) attacks are already one of the most successful forms of cyber crime, according to the FBI, it costs companies billions every single year. The most common way BEC attacks are carried out is via email, with cyber criminals hacking into legitimate email accounts.
For example, an attacker hacks into a bosses email and then requests a staff member to make large financial transaction. A common way victims are tricked into this attack is they’re told they are working on a secret business deal that needs to be done very quickly.
However, the money isn’t being transferred to another business for a deal, it’s instead being transferred to a bank account operated by the cyber criminals. The transactions often amount to hundreds of thousands of dollars and, by the time anyone notices something is wrong, the fraudsters have taken the money.
The emergence of deepfakes and other technologies could make the BEC situation much worse. While people might be more suspicious of an email claiming to be from their boss, they could be more easily convinced to make the transfer if they think they’re face to face with the real person, with the attacker using technology to look and sound like their CEO.
The FBI has warned that cyber criminals are already using deepfakes to apply for remote jobs and deepfake technology is only going to get better as we move forward, making it more difficult to tell the difference between videos of real people and videos of people generated by artificial intelligence and machine learning.
Destructive Malware Attacks
As demonstrated by countless cyber incidents, malware and cyberattacks powered by traditional computing power can still cause plenty of damage and disruption. Malware has been used to shut down nuclear plants and power stations. Global events, such as the NotPetya attack, demonstrated how disruptive cyberattacks can be.
NotPetya was particularly disruptive, causing hundreds of billions in damages around the world. Western governments blamed the attack on Russia, which launched the campaign against businesses in Ukraine, but the interconnected nature of global computer systems meant that the attack spread across much of the world.
Russia has never accepted responsibility for NotPetya, or a string of destructive wiper malware attacks launched against Ukraine during Russia’s invasion of the country. While these wiper campaigns have mostly focused on Ukraine, there’s the possibility that a rogue state could look to launch similar destructive attacks around the world. It’s another cybersecurity risk that businesses should think about planning resilience strategies around.
Cybersecurity Basics Can Go A Long Way
When it comes to securing cloud services, emails and the wider network, there are steps that information security teams can take that can help protect users and the network from most cyberattacks.
- Applying security patches as soon as possible prevents cyber criminals from exploiting known vulnerabilities in software to enter or move around networks, so it should be a pillar of cybersecurity strategy for any organization in any sector.
- Rolling out multi-factor authentication (MFA) provides a significant barrier to cyberattacks, because even if a hacker has a legitimate username and password, they’re unable to take control of the service or account without the user approving it. According to Microsoft, using MFA blocks over 99.9% of attempts at hacking into accounts.
- Users should avoid using and re-using simple passwords and use a difficult, strong, and unique passphrase to make accounts more difficult to break into. Using a password manager can also greatly help with this.
To many people, these measures might sound like basics of cybersecurity, but in order to ensure that people and networks are safe from cyberattacks, the basics need to be put in place before anything else.