Cyber security is vital. As technology develops, from mobile to cloud to the IoT, the level of complexity needed for organisations to maintain a cyber-aware stance also increases. Delivering a secure environment for a variety of mobile devices accessing corporate networks at any time is a world away from old intra-office systems. Now the default position is that systems are mobile, with significant security implications.
Listed below are the key issues and technology trends impacting the cyber security industry, as identified by GlobalData.
AI malware threats
AI plays a key role in defending against cyber attacks, but a growing concern is the prospect of AI being used offensively within malware. Non-AI malware such as WannaCry and NotPetya created havoc well beyond their original targets, and an AI-based malware attack on critical national infrastructure could be catastrophic. Hackers have already started using AI to accelerate malware. Future AI techniques could allow hackers to bypass facial security and spam filters, promote fake voice commands, and bypass anomaly detection engines. Criminals mask their activities from security tools by blending in and posing as real users in the targeted organisation’s network, using stolen credentials, and running legitimate tools to dig through victim’s systems and data.
The manufacturing industry and power plants are being threatened by the convergence of operational technology (OT) and information technology (IT). Both were once separate networks, and the security risk was lower. Now, the facilitation of data exchange between the two networks offers greater business benefits but introduces significant risk. Many IT and OT-related networks handle critical national infrastructure and the impact of a breach, resulting from immature IoT technology, would be significant.
The cost of data breaches
The cost of data breaches continues to rise, and many affected organisations are unaware of the ultimate cost. Canadian financial services group Desjardins said the cost to it of a data breach in 2019 was $108m. Also in 2019, British Airways was fined £183m ($236m) by the UK Information Commissioner’s Office (ICO) over a General Data Protection Regulation (GDPR) breach, which saw details of about 500,000 customers harvested by attackers. In May 2020, EasyJet admitted a cyber attack had affected approximately nine million customers.
Cross-site scripting (XSS) was a prime cyber attack method in 2019. XSS, in which an attacker aims to execute malicious scripts in a victim’s web browser, made up nearly 40 per cent of all attacks logged by security researchers, with 75 per cent of large companies across Europe and North America targeted during the year. There are three main ways to protect against XSS: sanitising user input such as Get requests and cookies, validating user input, and utilisation of a content security policy that helps define rules to block malicious content by only allowing particular kinds of content from safe sources.
The end of passwords?
Apple’s decision to join the Fast Identity Online (FIDO) Alliance in February 2020 may help reduce the use of passwords. The addition of Apple means that all the main platform providers (including Amazon, Facebook, Google, and Microsoft) are now members of the alliance. FIDO hopes to address the problems associated with passwords by providing a set of standards for simple, yet strong, authentication.
Supply chain breaches
A 2019 report from VMware Carbon Black claimed that 50 per cent of attacks adopt a technique called island hopping, in which they target not only the main organisation but also the networks of any other organisation in that company’s supply chain. Supply chain attacks are increasing, with the hacking group collective Magecart increasingly involved. Online shopping cart systems, notably the Magento platform, have been targeted by groups stealing customer payment card information.
CISOs must know their business better
Cyber attacks by activists are helping drive a sea change in CISOs’ relations with their companies’ senior executives. The increase in activist attacks has direct implications for CISOs because they are regarded internally as being too reactive and compliance-driven, and not sufficiently involved in developing their businesses’ growth objectives. According to EY’s Global Board Risk Survey, only 20 per cent of boards are confident that the cyber security team is effective. The CISO and the cyber security team must have a deeper understanding of the business environment and be better business-aligned, both to win the confidence of boards and to secure the resources needed to protect their company.
Zero trust cyber security
Many chief information officers (CIOs) accept that old-style perimeter-based security architectures are insufficient to defend against attacks in which cyber criminals exploit security gaps to gain the access rights of an administrator or privileged user. Adopting a zero trust environment can be a critical defence against such targeted attacks. Google took six years to migrate its staff to a zero trust framework. For the time being, firms will continue to use VPNs, especially with many employees working from home in response to Covid-19.
Malware authors are starting to pack and build their attack payloads in such a way as to evade AI defences. Attackers have begun packing larger samples with a significant amount of commodity libraries and benign code, accompanied by a tiny percentage – sometimes less than 1 per cent – of malicious payload, or code with malicious intent. The intention is to bias the package by including so much benign code or common software that an ML algorithm will let it through.
This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research. NS Tech and GlobalData are part of the same group.