Cyber Attacks: Patterns and Trends
07 February 2018
2017 was an eventful year in the cyber security domain, with major security incidents wrestling to grab ‘headline of day’. From the shadow-broker group release of NSA internal hacking tools, to the Equifax hack and the global spread of the wannaCry ransomware.
Among this constant flurry of activity, three interesting patterns emerged.
- Business suppliers being targeted as a way of reaching the intended target.
- Businesses collecting sensitive personal data first, and deciding its business value second. This led to data breaches being far more destructive.
- The increased usage of Internet of Things (IOT) devices, often with poor security. Smart lightbulbs, fitness trackers and voice assistants may not be considered threatening but are proving to be a weak link in the cyber security chain.
Yet, 2018 will not see this tempo decrease. Alongside the traditional cyber security risks, the following three trends seem to be forming:
- The complete automation of cyber attacks, by combining multiple existing ‘hacking’ tools. This makes seemingly comprehensive attack vectors accessible to low skilled cyber-criminals.
- A shift from cryptocurrency being used to accept proceeds of a crime, to itself being the target of crime.
- A move away from password based authentication, due to the introduction of various alternative recognition technologies.
While some of the above patterns and trends may require creative new thinking and the adaptation of existing cyber security defences, a base level of cyber security readiness needs to first be in place. This begins by plotting a threat model based on the particulars of your business or personal profile. Risk prioritisation is key when faced with time and budget constraints.
There is less value in using high end systems to detect nation state attacks, when basic email security guidelines have been neglected. Many of the large-scale cyber attacks in recent time were a result of rudimentary flaws. No amount of cutting edge tools and technologies will address this gap.
Following best practice standards when implementing common technologies or systems, along with supporting employees in improving their security education goes a long way in decreasing the chances of attack.
To establish a strong cyber security baseline, consider implementing the following three steps:
- Review your social media presence. Sharing information on your travel patterns or accidentally displaying sensitive data in a posting erodes your baseline cyber security.
- Limit devices being used to access sensitive resources. If using personal devices, ask yourself whether you would you be able to remotely wipe it were it stolen? Can it be tracked?
- Be mindful of where devices are being used. A cyber-criminal at your local coffee shop or at an airport terminal can cause severe damage by simply peering over your shoulder.
Implementation of these basic steps will help establish a strong cyber security baseline. Once in place, more complex cyber attack scenarios can be considered and cyber security defences improved accordingly.