Beyond digitalization, by far from the last decade, the biggest change has occurred – on how one provides and shares IT services. In 2010, virtualization was a dream trending technology that was occasionally used and was not necessarily even trusted. However, in 2020, most organizations have moved towards virtualization stepping into the cloud. As people are seeing a growing number of smart devices in their private households and workplaces, the opportunities for cybercriminals to attack are increasing parallelly. In short, the advent of all new capabilities will attract ever-increasing cybersecurity threats.
Privacy and the Rising Global Threat Tide
Data protection is a critical concern for all businesses in this increasingly digital world. Recent high-profile cyber-attacks have staged how vulnerable organizations are. The ransomware WannaCry infected more than 300,000 computers across multiple organizations, countries, and continents in less than 48 hours. Individual rights, Data privacy officers, Notice and consent, Restrictions on secondary users, Privacy impact assessment, and Data breach notification; are requirements forcing organizations to rethink data governance, systems architecture, documentation, and data loss prevention.
As GDPR is leading a global trend, European regulators are not alone in mandating greater accountability at the executive level. The USA, Argentina, Brazil, Switzerland, Africa, India, and China are all revising their data protection regulations. Many share similar concepts, like informed user consent and data breach notification obliging organizations to notify the relevant authority and all affected data subjects when a breach occurs; an often costly exercise.
DeepFakes Spoofing at Next Level
Originated from “deep learning” and “fake”, deepfake is an AI-based technology used to create fake videos and audio that look and sound real. Now the deepfake here plays into confirmation bias like a duck to water. Came into the public mainstream in 2017, deepfake was started with a group of Reddit users that employed the use of AI to swap faces of celebrities with other movie characters. What places it among potential cybersecurity threats is just about anybody with a computer and an internet connection can create deepfake media.
Cybercriminals love deepfake as it makes them free from grinding before targeting systems. Everything is happening on most of the regular social media platforms, including emails. In short, they don’t need to have ‘special’ hacking skills to deploy cybersecurity attacks. And, therein lies the danger. Hackers can use deepfake to spread misinformation in the market that can increase or decrease share prices. With a deepfake media, they can trick subordinates into giving access to sensitive databases. With the threat of putting fake media clips online, hackers can extort money, data, or both. It has become more crucial than ever for employee training to understand the real/fake difference and equipping the company with the best cybersecurity solutions.
The Undetected Alarms of Consumer Smart Devices
Many IoT devices are fundamentally insecure despite years of warnings about the lack of defenses in connected systems. The uncertainty leaves both product manufacturers and customers exposed to the inherent risk of cyberattacks. Manufacturers are under increasing pressure to innovate faster than the competition while protecting their margins. To save time and money, software developers use open source code libraries; rather than reinvent the wheel for basic features.
Only if manufacturers identify the threats and risks linked with their device and address suitable consequences for privacy during design, they can focus on their product innovations and improved market opportunities. – Udo Scalla, Head of Competence Center IoT Privacy, TÜV Rheinland
Ordinary consumers do not have the knowledge to protect themselves from these vulnerable IoT ecosystems. Product manufacturers who ignore cybersecurity and data privacy concerns end up delivering their customers into the hands of cybercriminals. In a world of cyber-physical things, this is a threat to not just only personal information but health and safety. For instance, in 2015, a team of researchers was able to take complete control over a Jeep SUV. The vehicle’s CAN bus was hijacked over the cellular network by exploiting a firmware update vulnerability. The researchers were able to remotely speed up, slow down, and even steer the vehicle off the road.
In-Out Designed Security for Maritime Cybersecurity Threats
There have been rumors from an American telco provider in 2016 that hackers have teamed up with pirates to track high-value cargoes, however, there has been no firm evidence. Apart from the traditional method of attacking vessels, it is entirely possible that organized criminal gangs can and will team up with hackers in order to locate high-value cargoes at container terminals. A breach of Standard Information (IT) systems can have a significant reputational and financial impact. Similarly, an attack on on-board Operations and Control (OT) systems may jeopardize the vessel’s and crew’s safety.
According to the United Nations’ International Maritime Organization, more than 90% of the world’s trade is being carried by shipping. This makes the maritime industry an attractive target for cyber attackers. Cybersecurity is increasingly important in the maritime as it brings new technology, more automation, and digitalization against potential cyber threats. Also, the introduction of regulations and laws such as IMO Guidelines on Maritime Cyber Risk Management is crucial for the zero-risk voyages.
Artificial Intelligence for Defense and Attack
Gone are those days when cyber attackers were ‘script-kiddies’, now they have graduated to well-funded organized-cybercrime. Because organizations are experiencing a digital transformation, there is a growing volume of increasingly sophisticated and persistent cyberattacks. As malware changes over time, it continues to become smarter, able to ‘intelligently’ adapt to and dodge traditional detection and eradication measures. With the global cybersecurity talent gap, industries are losing the cyber arms race as a result.
The increasing volume of security data is failing organizations’ capability to use it effectively, demanding a growing number of AI-enabled cybersecurity use cases. Such cases are: accelerating incident detection and response; providing a unified view of security status across the organization; better identifying and communicating risks to the business. Using AI security teams can quickly make sense of massive amounts of security data, putting alert information and event logs into a far greater context. This ability to prioritize and focus on the highest risk cybersecurity threats holds great promise for organizations trying to protect their critical assets with scarce cybersecurity resources.