How some key technologies and their users are changing the cybersecurity landscape
In 2017, the malware NotPetya spread to some of the largest businesses globally, disrupting shipping lines, bringing business operations to a halt, and resulting in losses of more than USD 10 billion. Pharmaceutical company Merck was among one of the worst hit with USD 870 million worth of damages, while Danish shipping company Maersk, which handles 20% of all world trade, suffered losses of USD 300 million, and had to rely on “human resilience”1 to reinstall its entire network of 4,000 servers, 45,000 PCs, and 2,500 applications in a span of 10 days.
As the spread of NotPetya illustrates, cyber threats have increasingly taken on a more global dimension, transcending national borders and reflecting the greater interconnectedness of cyber risk. Cyber attacks may affect not only a business itself, which may be exposed to reputational impacts and lawsuits beyond direct revenue losses, but also its customers as well as the broader society.
However, there exists a large disparity between cybersecurity spending and the cost of cyber attacks. While global cybersecurity spending is predicted to exceed USD 1 trillion cumulatively from 2017 to 20212, cyber crime damage costs are projected to reach USD 6 trillion annually by 2021. As the global nature of cyber attacks reflects in part the role of technology in creating an increasingly borderless world, we thus look at how some key technologies and their users are changing the cybersecurity landscape.
Artificial Intelligence (AI)
AI has transformed industries in fundamental ways and likewise has profound implications on cybersecurity. However, the use of AI to protect or attack security systems depends on the motivations of its user. For instance, machine learning is useful for understanding how a system normally functions and flagging unusual occurrences for human review. AI could thus be a beneficial tool for detecting phishing and malware in apps, protecting cloud content, or automating repetitive security tasks.
At the same time, there are many ways malicious actors can exploit AI for cyber attacks which range from simple to more sophisticated techniques, such as automating attacks, developing virulent malwares and viruses, and turning machine learning against itself with data poisoning. AI also exposes vulnerabilities more easily and allows cyber criminals to carry out targeted attacks.
Quantum computing could exponentially increase the computation power of machines and break the most secured encryptions today.
IBM3 predicts that quantum computers will be able to break the encryptions of sensitive data in slightly more than five years. Depending on whether attackers or defenders obtain the technology first, quantum computing presents one of the biggest potential game-changers in the cybersecurity landscape. Furthermore, it is not only future data that could potentially be compromised, but also all data that have ever been collected and stored by malevolent hackers today.
Blockchain, which uses distributed ledger technology (DLT), is a shared and immutable ledger for recording the history of transactions. The technology’s key characteristics could potentially enhance cybersecurity in three ways. First, for decentralised blockchain applications, there is no single point of failure, thus making it difficult for hackers to access the blockchain network from a central point. Second, transaction records on a blockchain public ledger are accessible to all members, allowing greater transparency of transactions. Third, as transactions recorded on blockchain are immutable, they cannot be deleted or changed, thus removing the risk of data tampering.
However, challenges remain in using blockchain in cybersecurity efforts. First, even in a decentralised network, attackers may take control of a sufficiently large group of participating members, allowing them to manipulate the validation process. Second, a decentralised model of blockchain application could potentially be exploited by criminals. For instance, cybercriminals have favoured the use of cryptocurrencies such as Monero due to the anonymity that such currencies provide, both in terms of the amount and source of funds. Third, private keys, which allow direct authorisation of activities from an account, may be vulnerable to access by hackers, thus compromising assets secured by these keys. While traditional systems allow server administrators to track attempts to breach accounts, users of blockchain technology may not be aware of such attempts until after a hack is successful.
While blockchain technology presents new opportunities to boost cybersecurity efforts, it is currently still in its development stage and there remain challenges in terms of its adoption.
Third-party providers and IoT
The growing reliance of organisations on third-party service providers and other vendors to support core functions has contributed to the rising interconnectedness of cyber risk. According to a report by Ponemon Institute4, 56% of organisations experienced a data breach caused by one of their vendors in 2017, up from 49% in 2016. On average, these breaches are estimated to cost US firms USD 7.35 million in fines, remediation costs, and loss of customers. However, 57% of companies continue to share data with third parties despite not having visibility into the security practices of such vendors.
In addition, Internet of Things (IoT) cyber attacks have been increasing significantly. According to a report by cyber security firm Symantec, IoT attacks increased 600% between 2016 and 20175. By 2020, Gartner predicts that 25% of identified attacks in enterprises will involve the IoT. Despite this, less than 10% of IT security budgets are placed in IoT defence. The rise in such attacks is due partly to the large number of unsecured IoT devices as well as the growing availability of DDoS-for-hire services, which have enabled criminals to carry out these attacks more cheaply (a systematic attack on a company can cost less than USD 100).
State-sponsored attacks targeting key national institutions and infrastructure have intensified in recent years, reflecting the shift in the nature of conflicts between nations from the physical to cyber realm. Such attacks tend to be characterised by a high degree of sophistication and complexity, and tend to involve large scale data breaches. For instance, the 2016 USD 81 million Bangladesh central bank cybertheft is widely believed to be state-sponsored6.
While attacks by cyber criminals tend to be motivated primarily by financial gain, state-sponsored attacks tend to be motivated by both political and financial factors. Though some attacks are aimed at funding regimes with stolen funds, successful attacks of key national institutions and systems (such as healthcare and finance) also serve to demonstrate the attacker’s ability to take down such institutions.
Cybersecurity is beyond technology
While cybersecurity is often considered a technical matter, cybersecurity efforts should involve not only technological aspects, but also the human element – efforts by employees and customers to engage in sound cybersecurity practices.
Consequently, cybersecurity is not merely the domain of the IT department. It involves fostering an organisation-wide culture of security. Given the rising interconnectedness of cyber risk, there is scope for organisations to explore new forms of collaboration in enhancing cybersecurity efforts, including industry-wide partnerships.