Some of the few things we can predict with any certainty about 2020 include the UK finally leaving the EU, the USA electing a president, and most worryingly, an increase in cyber attacks. We’ve only just started the new year and already we have seen a crippling cyber attack on financial services organisation Travelex. And this is likely to be the first of many.
As organisations continue to integrate systems and applications, with more corporate infrastructure moving to the cloud, it stands to reason that along with the explosion in data growth will come more attacks.
The more data there is in cyber space, the greater the risk for businesses and bigger the opportunity for hackers.
Wider reaching attacks
The damage an attack can cause to an organisation has also increased in severity. In the past, the worst that a distributed denial-of-service (DDoS) attack could do was take down an organisation’s website. Such malicious attacks disrupt the traffic of a targeted sever, network or service by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.
Previously, the organisation would at least still be able to operate other channels of communication/business. However, DDoS attacks have now evolved to have the potential to take down the whole company. Using the organisation’s connectedness against it, hackers can take down a website, revoke access to key documents, systems and applications, and even cut lines of communication.
Sophisticated new techniques
It’s not just the volume and severity of attacks that will increase. The actions of threat actors will become more sophisticated or more frequent – relying on chance rather than planning, according to Kaspersky. Technology will be a key factor, with new approaches and techniques used against businesses and in misinformation campaigns set to ramp up in 2020.
In fact, this has already started to happen. In March, last year, we saw the possible first instance of cyber criminals using deepfakes when a UK energy firm was targeted by criminals using artificial intelligence-based software to impersonate the CEO’s voice in phone calls requesting fraudulent fund transfers.
It is likely we will soon see the first products being developed to detect so-called deepfake recordings as traditional cyber security tools designed to keep hackers away from corporate networks are unable to spot spoofed voices. The problem of deepfakes is forecast to become so pervasive that; “by 2023, up to 30 per cent of world news and video content will be authenticated as real by blockchain, countering deep fake technology,” according to Gartner.
Another new area potentially ripe for the illegal picking of data is the evolution of drones, which researchers have used to demonstrate a range of network attacks. These could allow criminals to “establish a network foothold, deliver malware, or otherwise interfere with wireless networks,” according to a Booz Allen report).
The report states; “drones equipped with specially fitted hardware and software may also be used to install malicious malware on systems or disrupt system’s operations, particularly devices that are vulnerable to exploitation of wireless protocols like Bluetooth.”
Regardless of the mechanism, we have reached a point where every organisation should expect to be attacked at some point and needs to be able to respond in the right manner.
Businesses must have the right policy, processes and tested mechanisms in place to be able to react quickly and effectively to mitigate risk. There is no room for complacency, cyber threats are changing daily, so it is more important than ever that businesses keep abreast of the latest developments.
At Bridewell Consulting we are in it for the long term. As a trusted partner, our team of experts can assist you on your cyber security journey and beyond. For further information or a no commitment chat, on any of the above, please get in touch here or give us a call on 01189 255 084.