With cybercrime increasing by over 10 per cent during lockdown alone, and with remote working looking like it's here to stay, cybersecurity is more important than ever.
Some of the leading voices in the cybersecurity world met recently to discuss the future of cyber threats. Three main themes came out of this conversation: first, nothing has changed substantially cybercrime has just been amplified. Second, the bigger worry should be industrialised cybercrime. And finally, don't just focus on your technology, people are the biggest risk to your cybersecurity.
Same threats, more sophisticated attacks
Despite the growing concerns regarding cyberattacks on already overstretched hospitals or foreign governments, the nature of online threats has been consistent for years. Majority of attacks will be either phishing, ransomware, spoofing or social engineering the difference now is that they are better at camouflaging themselves.
The camouflage is how the criminal persuades you to let them inside your systems, both at home and at work. Over the last year as cybersecurity has increased hackers are relying on human error more than ever using social engineering. This has proved extremely successful as the lack of colleagues working in close proximity to ask about suspicious emails or websites can help open the door for these criminals.
Protecting against future threats will see businesses needing to move away from a short-term mentality of quick fixes, and instead focus on longer-term cyber strategy.
Industrialisation of cybercrime
Perhaps the deeper concern should be the complexity and sophistication of the criminal infrastructure hackers can tap into. The ability to parcel out assets stolen in cyber-heists to specialist teams to dissect and profit from now creates new economies of scale in the black market.
Mustafa Al-Bassam, co-founder of the hacker group LulzSec turned cybersecurity researcher at University College London, stresses this concern about what looks like the industrialisation of hacking: “the long-term trend that I've seen over the past decade or so is that the hacker economy has become a lot deeper. The supply chain has become much more fine-grained”.
This is a threat to consumers and businesses alike. Over the last decade alone, the ability to breach corporate systems and then sell stolen databases to a developed market has grown considerably. Al-Bassam points out “that’s how Dropbox found a security compromise, a researcher saw someone selling on the dark web”. In such a growing economy, it’s the sophisticated logistics and supply chains that surround cybercrime that is the new threat, mainly because they act as force multipliers for attacks.
People are the pressure point
Research has shown the larger an organisation is the more vulnerable it is to a manipulation based attack, simply because there are a greater number of people to approach. One of the exporters Mark Robberts, people can be viewed as a double-edged sword: “people are our first and best line of defence – but they are also responsible or involved in about 90 per cent-plus of all security incidents.”
Many cybersecurity professionals are stressing that training for staff is key, but this isn't the only change that needs to be made. Organisations need systems and policies in place that protect employees and make them less susceptible to a cyberattack. Kevin Jones, Group Chief Information Security Officer for Airbus, illustrated this. He stressed that “all the time I hear that ‘humans are the weakest link’ and we need to really get away from that”. Putting the cybersecurity "pillars" into practice, Jones stresses that “for us, it's very much about people, process and technology, preferably in that order.”
In a world where people are the targets its vital to utilize people-based techniques and technology to counter the rising cyber risk.
So what should we do now? Un-complicating cybersecurity, thinking more diversely and focusing on people, not technology may be the discipline needed to get through the pandemic and beyond.
For training resources or secure, IT infrastructure get in touch today with our expert team on 01642 248 750.