In the wake of several high-profile cyber attacks on major sectors of the global economy, cyber security ranks as a principal concern to businesses across a range of industries and geographies. Here are 4 trends in cyber security.
1. Criminal activity increasingly profitable
Cyber risks are becoming more sophisticated and diverse every day. While new forms of cyber crime are on the rise, traditional criminal activity seems to be the most rapidly growing in cyberspace, with phishing, economic espionage and “hacktivism” among the most common.
Fraud continues to be the one of the most prevalent and profitable cyber crimes. Indeed, in 2013, phishing alone resulted in $5.9 billion in losses to global organizations, with 75 percent of data breaches attributable to financial or fraudulent motives. Accordingly, as a recent white paper by ECM2 notes, “Cybercriminals have become more organized and adaptive.”
Evolution of cyber crime has resulted in the creation of ‘fraud-as-a-service’ models that allow relatively easy access to fraud technologies, making them available to a much wider user base. Cyber crime, as well as the tools with which to conduct it, is now available to even the novice, allowing opportunists to generate significant returns from unsophisticated hit-and-run point of sale (POS) malware attacks.
2014 has also seen several high profile cases ransom and extortion, where cyber criminals not only steal data or attack a website, but also hold these assets for ransom. While this is not new in cyber crime, this kind of activity is growing in prevalence with attacks mostly utilizing distributed denial-of-service (DDoS) or stolen data as leverage.
Cyber espionage attacks also continue to occur and it is growing in the UK. A recent report from Fireye noted that 17 percent of all advanced persistent attacks (the form of attack most commonly used in cyber espionage) detected in the EMEA area since January 2014 were directed against the UK.
2. Technology in cyber crime becoming more sophisticated
Cyber attack technology is becoming increasingly sophisticated. Criminals are finding increasingly complex ways to make botnets – a network of computers (whether personal or business) that can perform undetected automated tasks over the Internet through the infection of malicious software.
As Sophos notes, in the past 12 months botnets have become more widespread and resilient. This is partly due to owners of source code who had traditionally tightly protected their code leaking their source code and thus allowing imitators to develop technology even faster.
Cyber criminals are also using increasingly sophisticated technology to mask their detection, with many moving their infrastructure to peer-to-peer and Tor-based networks to evade detection.
Similarly, there is a shift in the methods used to mask stolen data, making it more difficult for researchers to understand the methods being used behind prominent cyber attacks. These developments in part explain the increase in the profitability and complexity of fraudulent attacks.
3. A range of industries affected by cyber crime
Cyber crime is a growing concern across all industries, though most notably, the financial sector appears to be shifting its approach to security and risk. A recent survey conducted in August 2014 by the Depository Trust & Clearing Corporation (DTCC) noted that 33 percent of financial services respondents ranked cyber attacks as the primary systemic risk to the broader economy: this is-up from 24 percent in March 2014.
The financial services sector further reported that it viewed cyber security as one of the most strategic priorities with a record 84 percent of respondents to the DTCC’s Systemic Risk Barometer identifying cyber risk as one of their top five concerns. The ICT sector faces a similar threat as it faces the largest percentage of DDoS attacks in 2014.
Within the financial sector, there is also an increasingly diverse target base for cyber threats. Most notably, crypto currencies are becoming an increasingly vulnerable target. Bitcoin and related currencies were six of the top 10 most discussed industry targets – and 10 of the top 25 according to a report published by Surfwatch Labs.
Some of the highest impact attacks have affected the retail sector. Media headlines for the first half of 201 4 were dominated by security breaches that affected large proportions of the population. During the first half of 2014, consumer goods had 374 distinct industry targets.
This should raise concern given that just one attack on a US based company, Target, is estimated to have impacted a third of all U.S. adults in less than one month. The retailer lost the details of approximately 40 million credit and debit card numbers and 70 million customer details. These large-scale attacks are not uncommon, with both the NSA and Adobe also falling victim to similar attacks within the last year.
4. Governments and the private sector shift their response
To face these threats, businesses are rapidly increasing cyber security spending. A 2013 report projected a $30 billion rise in the global IT security spending by 2017, equating to an annual compounded increase of 6.6 percent. Similarly, a survey of senior IT officials in companies from different sectors noted that senior IT staff expect their cyber security budget to increase as a direct results of recent high-profile attacks (as documented by 60 percent of U.S. respondents, 40 percent of UK respondents, and 54 percent of Canadian respondents).
However, it is not just companies that are shifting their focus to cyber activity – governments are too, and this provides a rather unexpected shift in the cyber space landscape.
Recently, Federal Bureau of Investigation Director James Comey spoke out against Apple and Google for enabling full encryption in their respective mobile operating systems, without providing the capability for law enforcement to gain access.
On the other side of the pond, Robert Hannigan, the newly appointed head of Government Communications Headquarters, highlighted the importance of a close relationship and partnership between tech companies and National Security Services It is thus likely that there will be a growing trend of a closer dialogue between technology of companies, the private sector and governments to address security threats.
