As the publisher Arnold H. Glasow put it, “The trouble with the future is that it usually arrives before we’re ready for it.” We were certainly taken by surprise during 2017 when the WannaCry and Petya ransomware outbreaks hit businesses globally, causing unprecedented disruption, and serious new vulnerabilities such as BlueBorne were discovered in almost every connected device that we use.
While these large-scale attacks and vulnerabilities dominated news headlines, there were other significant cybersecurity trends developing behind the scenes which also have the potential to disrupt peoples’ daily lives.
These trends are the result of our increasing reliance on digital technologies, and of Government and private-sector organisations collecting and using more and more sensitive personal data, which increases potential for personal loss, when information is stolen or manipulated for criminal or political purposes. So what are these emerging cyber-trends, and how can we ensure that we are prepared to deal with, and nullify their impact?
F is for fake news
‘Fake news’ was recently named one of the words of 2017 by dictionary publisher, Collins. In recent years, breaching data and posting it publicly has become a common force for (supposed) truth about the activities of individuals, businesses or even countries, exploiting social media to help stories spread rapidly.
But of course, this same technique is also being used as a weapon to damage reputations and spread propaganda by leaking false information, under the cover story of “we hacked them and got hold of their secret data.”
Research following the 2016 U.S. Presidential election showed that the most widely-shared news stories during the election were fake. What’s more, a Stanford University study showed how difficult it is for individuals to distinguish between real news and fake or paid-for content online. Spreading fake news has been proven to work in influencing and driving public opinion – and we can expect to see this technique increasingly used in 2018.
To help limit its spread, businesses and Government bodies need to better protect and safeguard the data they hold, and we all need to get better at identifying fake news online.
Legitimate organisations caught hacking
Linked to the growing tide of fake news is the use of hacking by legitimate organisations, including businesses and Governments, to steal information from or about rivals, or to influence public opinion. A key example was the hacking attack on the election campaign of French President, Emmanuel Macron, just hours before the polling booths opened.
We can expect to see more and more ‘trusted’ government and private entities use activities that are normally associated with cybercriminals to gain an advantage over a real or perceived adversary – simply because the reward is considered to be greater than the risks of being found out. This again highlights the need for all organisations to better protect the data and intellectual property they hold, to stop attackers exploiting it for their own ends.
Will cryptocurrencies be regulated?
With the use of cryptocurrencies increasingly associated with criminal and illicit online activity, will we see more stringent regulation start to be applied to them? They’ve become the payment method of choice for the criminals behind ransomware outbreaks and for funding other illegal activities.
The significant resource needed to create cryptocurrencies – it’s estimated that one single bitcoin transaction uses as much energy as the average American household consumes in a week – has also driven the emergence of Crypto miners, new quasi-malware tools which are being used to generate revenue by hi-jacking the CPU power of unsuspecting computer users to generate currency, often without the users’ knowledge or consent.
As the value of Bitcoin has hit an all-time high of $8,000, the systems surrounding these currencies are also likely to be targeted by criminals looking to exploit vulnerabilities either in the user credentials of cryptocurrency exchanges, or in systems using blockchain technologies. A combination of these factors could well cause international government and law enforcement agencies to take action over the abuse of cryptocurrencies, which will in turn adversely affect the value of the currency itself.
Governments deploying cyber-armies to defend their citizens and borders
We will start to see national governments deploying cyber-armies to protect their interests, and those of their citizens. These state cyberdefence forces will patrol national Internet infrastructures to protect citizens and critical infrastructures such as power and water utilities, banking networks and more, in much the same way that conventional armies and police forces are used to protect national borders, and keep citizens safe against conventional crime.
Such defenses against cyberattacks do not need to be elaborate: 80 to 90 percent of attacks can be prevented with basic security controls, such as firewalling, intrusion prevention, careful network segmentation and regular patching of vulnerabilities. These measures go a long way to actually preventing attackers from being able to penetrate systems and cause damage.
During 2018, we will become even more reliant on and immersed in our hyperconnected world. Every network we use could be targeted wherever we’re connected, and the information we digest manipulated without us being aware of it happening. Now more than ever, we need to better secure networks and data so that we can trust the services we use, and ensure the integrity of the data we produce and consume. The future is coming, and we can see what it holds for us – so this time, we need to be ready.
By Doros Hadjizenonos, country manager, Check Point South Africa