Last week, the east coast underwent a major internet outage that knocked out service to many high-traffic and high-profile websites including Amazon and Twitter. Preliminary reports indicate that the outage had all the earmarks of a Distributed Denial of Service (DDoS) attack by hackers as yet unidentified. This attack, close on the heels of the September Yahoo breach where approximately 500 million records were stolen, points out the ongoing problem that cyberattacks are not going away in the near future. In fact, they may be growing in their sophistication and intensity as hackers grow their trade.
What, then, are the immediate issues that we should be concerned with? What trends are we seeing take shape for the future?
Today, many of those concerns are human led: Social Engineering, Ransomware and Bring Your Own Device (BYOD). And they are shaping the very future of cybersecurity as we know it.
Ninety-five percent of all breaches are caused by or involve interaction and involvement of people within the system — often the employees of an organization. Simply put, people make mistakes as they are, after all, just human. Social Engineers, or hackers with refined skills at getting people to do what they know they shouldn't do, are extremely talented in their skill set. They are essentially con artists wrapped in technology who make personal contact with the members of an organization and get them to divulge information that opens the doors to a cyberattack.
Another problem that takes advantage of basic human behavior is the continuing issue with fraudulent emails that contain malware. Despite years of warnings, people persist in opening email from sources they are not familiar with. In the end, their digital system pays the inevitable price. Ransomware is a prime example of that price. Members of an organization open an email containing the malware, the payload encrypts all the files in a system and then a message appears on the screen indicating that the files are being held for ransom and the victim needs to pay for the decryption key or the files will be destroyed. Last year, American organizations paid out over three hundred million dollars due to ransomware attacks.
There is a growing trend for employees to bring their mobile devices to the workplace and far too often they are infected due to downloads from dubious websites. Organizations may spend a great deal of resources defending the perimeter of their systems. Only, as the BYOD trend continues to grow, have it all undone from the inside when an employee connects an infected mobile device to the company system.
While these are current concerns, two events on the horizon are very disquieting to those of us with a vested interest in cybersecurity: using 'Big Data' for enhanced cybersleuthing and the Internet of Things (IoT). Hackers love to collect data and they constantly troll social media sites and anywhere else they can to collect and archive information only to leverage it for future attacks. The advance of 'Big Data' is a gold mine for hackers allowing them to collect vast warehouses of information on just about anything. Even more concerning is the advance of the IoT. This escalating trend of connectivity whereby all chip-enabled devices can interact with one another has benefits, but also vastly broadens the attack surface and increases vulnerabilities exponentially with each new unsecured device that is connected to the internet.
These trends in cybersecurity are disturbing to the security community. Attacks by clever hackers are predicted to escalate in both sophistication and numbers in the near future and, on the horizon, a new generation of threats await. Advancing technology will play its part in defending our digital systems, but it is the people that operate our systems who are the main assets in the defense against those with malicious intent. The members of an organization must be thoroughly trained and educated to meet these current threats and whatever the future brings. The economic well-being of our organizations and, indeed, our national security and well-being depend on it.
Ready to get started? Learn how a Bachelor of Science in Cybersecurity degree can help you develop the skills and knowledge needed to launch your cybersecurity career.