The prize for malicious hackers is generally to take control of your accounts and to breach your data for plenty of nefarious reasons. These include releasing your data onto the dark web for other bad players to misuse, to steal money directly, to extort a ransom, or for reasons of disruption, sometimes by hackers sponsored by foreign governments, if newspaper reports are anything to go by.
Cyber security training can help you master the basics and adopt best practice. But one of the challenges is staying ahead of ruthless, determined and sophisticated criminals in a landscape that’s changing all the time. Martin Blower, head of technical strategy at boutique UK software development firm Black Pepper, highlights six areas that he predicts will loom large in the “cat-and-mouse game” between cyber security professionals and “cyber terrorists”. Here we’ll take a look at the first three.
- “Weaponising” artificial intelligence (AI)
Coming your way soon – Blower cites internet security firm Webroot, which states that 86% of cyber security professionals believe that AI-based attacks will soon become a reality.
And 87% of cyber security professionals in the US say that their organisations are already using AI to protect against the criminals, says Blower, “with the top three most commonly used applications with AI augmentation being malware detection, malicious IP blocking and website classification”.
As hackers turn to AI to automate attacks upon companies, the security professionals will look to AI-based countermeasures, says Blower, leading to what he calls an “AI arms race between the good and bad guys”.
One scenario he envisages is the use of AI to mimic closely the message-writing style of victims, to produce greater rates of success with “phishing” and “spearfishing” attacks (“spearfishing” is a more targeted and personalised type of phishing that purports to be from a friend or contact) since the “phishing” messages will appear more believable.
- Data manipulation – not theft
It’s not easy to make money from simple data theft (unless it’s inherently valuable data like credit cards harvested in bulk): backing up data and a full system restore following any breach means that criminals often have little leverage when it comes to ransomware and data theft.
Data manipulation is set to become more of a problem, Blower predicts, especially if conducted over weeks and months – inflating bank balances, exaggerating company data to worsen or improve share prices, or to inflict reputation damage.
Again, cyber security training to prevent such breaches is crucial, and an automated system to monitor for unusual data flows, together with rigorous network segmentation, are your and your organisation’s strongest allies.
- Risks from the Internet of Things (IoT)
By the end of the year, there will be 8 billion IoT devices globally, one for every man, woman and child on the planet, says leading global business research specialists Gartner. Your organisation’s IoT-enabled devices, from security cameras to smart screens, offer multiple entry points for cyber criminals who can then move freely around your corporate network if it is not segmented securely, says Blower.
Securing devices effectively should at least include replacing the manufacturer’s pre-set password, he says, but with so many such devices it is essential that your organisation maintains a rigorous password regime for all company inventory. Hackers will generally look for the low-hanging fruit. Make sure your network is higher up the branches with simple but effective basic security measures.
Check out our cyber security training courses here.