lolloj - Fotolia
We not only live in an age where our daily operations are increasingly digitized, but also in a time where the newer generations are native to many technologies and embrace it as a natural part of their lives. And as we increasingly bring our lives online, we are exposed to cybersecurity threats, as hostile governments and malicious actors see more potential for damage and profit with minimal effort, and sometimes, without trace.
Early hackers cracked systems to show protests, or simply to gain bragging rights. But, as data has become the new gold, hackers are financially motivated to steal data or hold it hostage. CIOs should pay special attention to cybersecurity threats, as in 2019, criminals have shifted focus away from consumers and instead are targeting businesses, hospitals, state and local governments and industrial control systems. These are entities that cannot tolerate downtime, have much higher stakes and certainly have the money to pay the ransom. Compared to households, criminals expect more return for less effort, as they can do more high-value damage once they manage to break in.
We are currently in the age of ransomware, where slight cracks in our security can cost millions and that is not only due to ransom payments -- the cost of downtime and replacement of compromised devices can be even higher. For instance, the ransomware attack against Baltimore government systems was estimated to cost over $18.2 million despite the fact that the attackers only demanded roughly $76,280.
Here, we look at cybersecurity threats and a number of the potential infiltration points, as well as what we can do about them.
Email and phishing
"The primary cybersecurity threat for organizations today is through their inbox," warned Eyal Benishti, CEO of Ironscales, a company that uses AI to protect mailboxes. "According to the 2019 Data Breach Investigations Report, more than 90% of all attacks start with an email," he said. Last year, more than 70% of businesses reported being victims of phishing attacks.
Why does email pose such a significant threat? One reason is its widespread usage. "Email is the most common method of business communication. It is used by 3.7 billion users globally and 269 billion messages are sent on average every day," Benishti explained. "Email is a tool that people with various degrees of cybersecurity knowledge use every day, thus the attack vector is significantly big."
Aaron Higbee, co-founder and CTO of Cofense, a phishing threat management provider, raised a similar concern. "Organizations often neglect to train their employees to identify malicious emails," he said. "They mistakenly believe that more expensive, 'we-promise-to-stop-it-all' technologies will thwart every attack. The reality is that the circle of trust at some organizations is so large that their employees are really the first and last line of defense against an attack."
On the other hand, email attacks are much easier to pull off compared to zero-day hacks, which makes them approachable to hackers with various degrees of skills -- all that is needed is some clever social engineering.
Unfortunately, this cybersecurity threat is continuing to be neglected. Many U.S. presidential candidate domains fail to implement DMARC, an email authentication protocol, despite the 2016 scandals. Stats by Ironscales are even more worrying. "Studies show it takes between 6 to 250 days for Microsoft to create a signature for a phishing email and make it available to enterprise technical staff, while it takes only 82 seconds on average for an employee to click on a malicious email after receiving it," Eyal said. "We must implement measures that effectively combats hacks in real-time. By using a combination of AI and human resources, we can enable an ever-present moderator that goes beyond rule-based tools and can adapt even to sophisticated phishing scenarios."
Next to email, we have another cybersecurity threat in the form of malicious websites and mobile apps. Just like malicious emails, these attacks target platforms used by millions of people. However, they cannot be as targeted as emails, as the receiving party at the other end could be anyone. While this random targeting could reach more people and suffice to qualify malicious websites and mobile apps as a more sinister pattern, what truly makes them dangerous is the level of government resources involved in developing such tools.
Recently, U.S. officials banned an "increasingly popular app" by the name of ToTok for allegedly being governmental spyware. The app, which bears resemblance to the massively popular app TikTok, was subsequently removed from the Google Play Store and Apple App Store. As of this writing, Google has reinstated the app after the developers added a dialog that asked for authorization before accessing and syncing contacts.
"Throughout 2019, mobile devices have proven key avenues for cyberespionage campaigns," said Alex Guirakhoo, a strategy and research analyst at Digital Shadows, which focuses on protecting against external threats and minimizing digital risk. "By compromising or impersonating one popular app, they can reach a broad victim audience with minimal additional effort."
This is a pattern we witnessed with some Chinese websites. In August 2019, Google security researchers announced they had detected a number of malicious websites, which exploited several zero-day hacks, that would infiltrate the mobile phones -- and as discovered later, desktop PCs -- of any visitor. The websites, which had been active for a while, could break into iPhones and steal personal information, which was considered extremely rare.
Another significant event involving cybersecurity threats in 2019 was the Pegasus spyware exploiting a WhatsApp vulnerability, where hackers could infect a target by calling their victims, and the victim did not even need to pick up the call. "As new vulnerabilities in mobile devices and software are identified in 2020, spyware operators are almost certainly going to be among the first to exploit them to their advantage," Guirakhoo warned.
Pulling off these kinds of hacks requires governmental efforts and unfortunately, there are those that are willing to pay that price. In the case of ToTok, even the popularity of the app could be an engineered effort -- something single hackers are incapable of pulling off.
Most of the time, infiltrations are the result of trading security for convenience or adopting the latest tech with security as an afterthought. Outdated platforms and insufficient employee training are other culprits on the list. With technological advancements, CIOs must be extremely wary to learn and adopt the latest security developments too. In the next post, we will talk about how advancements in technology have opened new doors for cybersecurity threats, and what we can do about them.