Most organisations are putting their faith in artificial intelligence (AI) to improve threat intelligence, prediction, and protection. It is also providing cover for the continuing cybersecurity skills gap. Despite AI’s potential for good, future AI-driven attacks are likely. The Covid-19 pandemic has highlighted why cyber-naïve remote-workers need security awareness training to thwart hacker attacks. Attackers will target immature technologies, meaning 5G communications, smart cities, and the Internet of Things (IoT) are all at risk.
Listed below are the key technology trends impacting the cybersecurity in defence theme, as identified by GlobalData.
AI malware threats
AI plays a key role in defending against cyberattacks, but a growing concern is the that AI is being used offensively within malware. Hackers have already started using AI to accelerate malware, causing code to constantly change and thus making it more difficult to detect.
Future AI techniques could allow hackers to bypass facial security and spam filters, promote fake voice commands, and bypass anomaly detection engines. A linked trend is the growing use of non-malware threats. Criminals mask their activities from security tools by blending in and posing as real users in the targeted organisation’s network, using stolen credentials, and running legitimate tools to dig through victim’s systems and data.
The manufacturing industry and power plants are being threatened by the convergence of operational technology (OT) and information technology (IT). Both were once separate networks, and the security risk was lower. Now, the facilitation of data exchange between the two networks offers greater business benefits but introduces significant risk.
The cost of data breaches
The cost of data breaches continues to rise, and many affected organisations are unaware of the ultimate cost. Canadian financial services group Desjardins said the cost to it of a data breach in 2019 was $108m. Sometimes it seems there is one impact for the rich and one for the poor, with large companies having the legal resource to fight fines and smaller companies having to pay up.
In May 2020, EasyJet admitted a cyberattack had affected approximately nine million customers. It is only the deterrent of reputational damage to, and heavy fines for, large companies over General Data Protection Regulation (GDPR) breaches that will force organisations to better protect their customers’ data.
Cross-site scripting (XSS) attacks
XSS was a prime cyberattack method in 2019, according to a research by PreciseSecurity.com. XSS, in which an attacker aims to execute malicious scripts in a victim’s web browser, made up nearly 40% of all attacks logged by security researchers, with 75% of large companies across Europe and North America targeted during the year. Websites fall prey to XSS attacks because most need to be interactive, both accepting and returning data from users.
Attackers interact directly with an application’s processes, passing data designed to masquerade as legitimate application requests or commands through normal request channels such as scripts, uniform resource locator (URLs), and form data.
The end of passwords?
Apple’s decision to join the Fast Identity Online (FIDO) Alliance in February 2020 may help reduce the use of passwords. The addition of Apple means that all the main platform providers (including Amazon, Facebook, Google, and Microsoft) are now members of the alliance.
FIDO hopes to address the problems associated with passwords. Despite today’s sophisticated cyberattacks, safety mechanisms, notably passwords, remain stuck in the past, meaning attacks are easy to launch.
Supply chain breaches
Large organisations are at constant risk of cyberattacks, which are increasingly being launched through the supply chain. A 2019 report from VMware Carbon Black claimed that 50% of attacks adopt a technique called island hopping, in which they target not only the main organisation but also the networks of any other organisation in that company’s supply chain. Supply chain attacks are increasing, with the hacking group collective Magecart increasingly involved.
Online shopping cart systems, notably the Magento platform, have been targeted by groups stealing customer payment card information. They are attractive targets for cybercriminals because they collect payment information from customers.
Chief information security officer’s (CISO) must know their business better
Cyberattacks by activists are helping drive a sea change in CISOs’ relations with their companies’ senior executives. According to EY’s Global Information Security Survey, about a fifth of attacks (21%) come from so-called hacktivists or tech-enabled political and social activists, which is second only to attacks from organised crime groups (23%).
According to EY’s Global Board Risk Survey, only 20% of boards are confident that the cybersecurity team is effective. Business-aware CISOs would recognise that it is the organisation’s business environment that is behind a growing number of activist attacks on the organisation and take appropriate defensive action.
Many chief information officers (CIOs) accept that old-style perimeter-based security architectures are insufficient to fight attacks in which cybercriminals exploit security gaps to gain the access rights of an administrator or privileged user. Adopting a zero trust environment can be critical against such targeted attacks, but it is not easy.
Google took six years to migrate its staff to a zero trust framework, weaning employees off virtual private networks (VPNs). For the time being, firms will continue to use VPNs, especially with many employees working from home in response to the Covid-19 crisis.
Malware authors are starting to pack and build their attack payloads in such a way as to evade AI defences. Attackers have begun packing larger samples with a significant amount of commodity libraries and benign code, accompanied by a tiny percentage of malicious payload, or code with malicious intent. The intention is to bias the package by including so much benign code or common software that a machine learning (ML) algorithm will let it through.
This is an edited extract from the Cybersecurity in Defense – Thematic Research report produced by GlobalData Thematic Research.