Cybersecurity is vital. As technology develops, from mobile to cloud to the IoT, the level of complexity needed for organisations to maintain a cyber-aware stance also increases. Delivering a secure environment for a variety of mobile devices accessing corporate networks at any time is a world away from old intra-office systems. Now the default position is that systems are mobile, with significant security implications.
Listed below are the key issues and technology trends impacting the cybersecurity industry, as identified by GlobalData.
AI malware threats
AI plays a key role in defending against cyberattacks, but a growing concern is the prospect of AI being used offensively within malware. Non-AI malware such as WannaCry and NotPetya created havoc well beyond their original targets, and an AI-based malware attack on critical national infrastructure could be catastrophic. Hackers have already started using AI to accelerate malware. Future AI techniques could allow hackers to bypass facial security and spam filters, promote fake voice commands, and bypass anomaly detection engines. Criminals mask their activities from security tools by blending in and posing as real users in the targeted organisation’s network, using stolen credentials, and running legitimate tools to dig through victim’s systems and data.
The manufacturing industry and power plants are being threatened by the convergence of operational technology (OT) and information technology (IT). Both were once separate networks, and the security risk was lower. Now, the facilitation of data exchange between the two networks offers greater business benefits but introduces significant risk. Many IT and OT-related networks handle critical national infrastructure and the impact of a breach, resulting from immature IoT technology, would be significant.
The cost of data breaches
The cost of data breaches continues to rise, and many affected organisations are unaware of the ultimate cost. Canadian financial services group Desjardins said the cost to it of a data breach in 2019 was $108m. Also in 2019, British Airways was fined £183m ($236m) by the UK Information Commissioner’s Office (ICO) over a General Data Protection Regulation (GDPR) breach, which saw details of about 500,000 customers harvested by attackers. In May 2020, EasyJet admitted a cyberattack had affected approximately nine million customers.
Cross-site scripting (XSS) was a prime cyberattack method in 2019. XSS, in which an attacker aims to execute malicious scripts in a victim’s web browser, made up nearly 40% of all attacks logged by security researchers, with 75% of large companies across Europe and North America targeted during the year. There are three main ways to protect against XSS: sanitising user input such as Get requests and cookies, validating user input, and utilisation of a content security policy that helps define rules to block malicious content by only allowing particular kinds of content from safe sources.
The end of passwords?
Apple’s decision to join the Fast Identity Online (FIDO) Alliance in February 2020 may help reduce the use of passwords. The addition of Apple means that all the main platform providers (including Amazon, Facebook, Google, and Microsoft) are now members of the alliance. FIDO hopes to address the problems associated with passwords by providing a set of standards for simple, yet strong, authentication.
Supply chain breaches
A 2019 report from VMware Carbon Black claimed that 50% of attacks adopt a technique called island hopping, in which they target not only the main organisation but also the networks of any other organisation in that company’s supply chain. Supply chain attacks are increasing, with the hacking group collective Magecart increasingly involved. Online shopping cart systems, notably the Magento platform, have been targeted by groups stealing customer payment card information.
CISOs must know their business better
Cyberattacks by activists are helping drive a sea change in CISOs’ relations with their companies’ senior executives. The increase in activist attacks has direct implications for CISOs because they are regarded internally as being too reactive and compliance-driven, and not sufficiently involved in developing their businesses’ growth objectives. According to EY’s Global Board Risk Survey, only 20% of boards are confident that the cybersecurity team is effective. The CISO and the cybersecurity team must have a deeper understanding of the business environment and be better business-aligned, both to win the confidence of boards and to secure the resources needed to protect their company.
Zero trust cybersecurity
Many chief information officers (CIOs) accept that old-style perimeter-based security architectures are insufficient to defend against attacks in which cybercriminals exploit security gaps to gain the access rights of an administrator or privileged user. Adopting a zero trust environment can be a critical defence against such targeted attacks. Google took six years to migrate its staff to a zero trust framework. For the time being, firms will continue to use VPNs, especially with many employees working from home in response to COVID-19.
Malware authors are starting to pack and build their attack payloads in such a way as to evade AI defences. Attackers have begun packing larger samples with a significant amount of commodity libraries and benign code, accompanied by a tiny percentage – sometimes less than 1% – of malicious payload, or code with malicious intent. The intention is to bias the package by including so much benign code or common software that an ML algorithm will let it through.
This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.