Most organisations are putting their faith in artificial intelligence (AI) to improve threat intelligence, prediction, and protection. It is also providing cover for the continuing cybersecurity skills gap. Despite AI’s potential for good, future AI-driven attacks are likely. The Covid-19 pandemic has highlighted why cyber-naïve remote-workers need security awareness training to thwart hacker attacks. Attackers will target immature technologies, meaning 5G communications, smart cities, and the Internet of Things (IoT) are all at risk.

Technology Trends

Listed below are the key technology trends impacting the cybersecurity in defence theme, as identified by GlobalData.

AI malware threats

AI plays a key role in defending against cyberattacks, but a growing concern is the that AI is being used offensively within malware. Hackers have already started using AI to accelerate malware, causing code to constantly change and thus making it more difficult to detect.

Future AI techniques could allow hackers to bypass facial security and spam filters, promote fake voice commands, and bypass anomaly detection engines. A linked trend is the growing use of non-malware threats. Criminals mask their activities from security tools by blending in and posing as real users in the targeted organisation’s network, using stolen credentials, and running legitimate tools to dig through victim’s systems and data.

Converged risk

The manufacturing industry and power plants are being threatened by the convergence of operational technology (OT) and information technology (IT). Both were once separate networks, and the security risk was lower. Now, the facilitation of data exchange between the two networks offers greater business benefits but introduces significant risk.

The cost of data breaches

The cost of data breaches continues to rise, and many affected organisations are unaware of the ultimate cost. Canadian financial services group Desjardins said the cost to it of a data breach in 2019 was $108m. Sometimes it seems there is one impact for the rich and one for the poor, with large companies having the legal resource to fight fines and smaller companies having to pay up.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Army Technology.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In May 2020, easyJet admitted a cyberattack had affected approximately nine million customers. It is only the deterrent of reputational damage to, and heavy fines for, large companies over General Data Protection Regulation (GDPR) breaches that will force organisations to better protect their customers’ data.

Cross-site scripting (XSS) attacks

XSS was a prime cyberattack method in 2019, according to a research by PreciseSecurity.com. XSS, in which an attacker aims to execute malicious scripts in a victim’s web browser, made up nearly 40% of all attacks logged by security researchers, with 75% of large companies across Europe and North America targeted during the year. Websites fall prey to XSS attacks because most need to be interactive, both accepting and returning data from users.

Attackers interact directly with an application’s processes, passing data designed to masquerade as legitimate application requests or commands through normal request channels such as scripts, uniform resource locator (URLs), and form data.

The end of passwords?

Apple’s decision to join the Fast Identity Online (FIDO) Alliance in February 2020 may help reduce the use of passwords. The addition of Apple means that all the main platform providers (including Amazon, Facebook, Google, and Microsoft) are now members of the alliance.

FIDO hopes to address the problems associated with passwords. Despite today’s sophisticated cyberattacks, safety mechanisms, notably passwords, remain stuck in the past, meaning attacks are easy to launch.

Supply chain breaches

Large organisations are at constant risk of cyberattacks, which are increasingly being launched through the supply chain. A 2019 report from VMware Carbon Black claimed that 50% of attacks adopt a technique called island hopping, in which they target not only the main organisation but also the networks of any other organisation in that company’s supply chain. Supply chain attacks are increasing, with the hacking group collective Magecart increasingly involved.

Online shopping cart systems, notably the Magento platform, have been targeted by groups stealing customer payment card information. They are attractive targets for cybercriminals because they collect payment information from customers.

Chief information security officer’s (CISO) must know their business better

Cyberattacks by activists are helping drive a sea change in CISOs’ relations with their companies’ senior executives. According to EY’s Global Information Security Survey, about a fifth of attacks (21%) come from so-called hacktivists or tech-enabled political and social activists, which is second only to attacks from organised crime groups (23%).

According to EY’s Global Board Risk Survey, only 20% of boards are confident that the cybersecurity team is effective. Business-aware CISOs would recognise that it is the organisation’s business environment that is behind a growing number of activist attacks on the organisation and take appropriate defensive action.

Zero trust

Many chief information officers (CIOs) accept that old-style perimeter-based security architectures are insufficient to fight attacks in which cybercriminals exploit security gaps to gain the access rights of an administrator or privileged user. Adopting a zero trust environment can be critical against such targeted attacks, but it is not easy.

Google took six years to migrate its staff to a zero trust framework, weaning employees off virtual private networks (VPNs). For the time being, firms will continue to use VPNs, especially with many employees working from home in response to the Covid-19 crisis.

Staged payloads

Malware authors are starting to pack and build their attack payloads in such a way as to evade AI defences. Attackers have begun packing larger samples with a significant amount of commodity libraries and benign code, accompanied by a tiny percentage of malicious payload, or code with malicious intent. The intention is to bias the package by including so much benign code or common software that a machine learning (ML) algorithm will let it through.

This is an edited extract from the Cybersecurity in Defense – Thematic Research report produced by GlobalData Thematic Research.