- Are companies more aware of online fraud?
- What caused the recent Facebook glitch?
- Cyber deception uses decoys to trick hackers
- AI and machine learning can detect inconsistencies in network traffic
- Blockchain technology can stop cyberattacks
- Quantum computing – a new era in cybersecurity?
- The role of employees
Cybercrime has evolved over the decades, and is now increasingly carried out by organised criminal groups as well as individual hackers. In addition, the expansion of the technology sector is creating new vulnerabilities. The FBI recorded an increase of over 200 per cent in cybercrime reports between 2008 and 2021. Cybercriminals are developing increasingly advanced methods and technologies to gain unauthorised access to data, funds, and other valuable resources. A report from HP Wolf Security describes how emerging technologies such as blockchain, AI, and quantum computing could be used by threat actors. The good news, however, is that these technological advances can also be used to tighten security controls. When implemented in conjunction with secure operational processes and strong data protection policies, new technologies can increase cybersecurity for organisations.
Are companies more aware of online fraud?
As remote and hybrid work models become more prevalent, online fraud is also on the rise. Cybercriminals are increasingly targeting large organisations and public institutions rather than individuals, as the rewards can be significantly higher. Organisations are becoming increasingly aware of this risk, and are making investments in fraud prevention and cybersecurity measures. A 2020 study by Learn Bonds found that almost 7 out of 10 major organisations surveyed planned to increase cybersecurity spending. The rise in home working has also created a larger, more distributed attack surface for threat actors, as employees are logging into critical systems from their own devices and using their own networks. This means that many organisations must implement more secure IAM (identity and access management) tools and procedures.
What caused the recent Facebook glitch?
In August 2022, a strange glitch caused millions of Facebook accounts to post comments on the pages of public figures. Although the glitch was resolved, it raised security concerns and questions about a potential hack that could have compromised users’ data. The company claimed that the glitch was a result of an error made during “routine maintenance”. Steve Scheeler, the former CEO of Facebook in Australia, theorised “it looks like they were doing a configuration change and changing the software somehow… and there was a glitch that allowed posts that are coming from a fan’s page or celebrity page, to turn up in your feed… usually for a change like this it would make that change in a test environment… somehow this got past the test environment and out into the real world.”
Cyber deception uses decoys to trick hackers
One way in which threat actors can be prevented from accessing resources is by the implementation of ‘cyber deception’ tools. Cyber deception is a technique where attackers are deceived with false information or services, known as ‘honeypots’. Honeypots can imitate software applications, networks, servers, and services like SSH and FTP. They act as decoys to lure attackers away from the real targets, and enable organisations to see exactly what methods attackers are using. Attackers trapped by honeypots can be unaware that the system they have accessed is not the actual target. A research report by cybersecurity firms Attivo Networks and Deceptive Defence found that cyber deception can reduce the costs of data breaches by over 51 per cent. An example of a cyber deception tool is ShadowPlex, created by US-based software company Acalvio. ShadowPlex uses a scalable, flexible framework for deploying decoys on systems, and detailed analytics of how threat actors interact with those decoys. The tool continuously assesses its environment and updates its decoys in response. ShadowPlex can even be used to protect IoT (Internet of Things) devices, which are becoming an increasingly important feature of many systems.
Reverse engineering systems can uncover vulnerabilities
Identifying vulnerabilities in systems is one of the essential foundations of cybersecurity. This can be achieved by reverse engineering systems. Reverse engineering allows organisations to reveal vulnerabilities so that programmers can patch any weaknesses. Tools like Fiddler and JavaSnoop, which hackers themselves also use, can be particularly useful for analysing systems. In the words of Dennis Turpitka, CEO of software development firm Apriorit, “many people tend to think that reverse engineering is used exclusively by hackers for the illegal acquisition of intellectual property, sensitive data, money, etc. Actually, reverse engineering can also wear a ‘white hat’ and turn out to be an indispensable tool for a cybersecurity specialist.”
AI and machine learning can detect inconsistencies in network traffic
While AI and machine learning algorithms can be used by hackers to find and exploit vulnerabilities, these technologies can also be used to improve cybersecurity and protect systems and information. AI can detect inconsistencies in network traffic more quickly than a human can. Over time, machine learning and analytics can become more and more familiar with systems and predict threats ahead of time with increasing accuracy. Siemens Energy has launched a platform called Eos.ii that collects data flows from IIoT (Industrial Internet of Things) endpoints and displays it in a single interface. Security professionals can use this interface to gain insights into the use of these systems, and identify anomalous data which may signify a potential attack. Eos.ii also uses machine learning algorithms to detect threats itself.
“As new threats emerge, Eos.ii seamlessly integrates their known characteristics into automated defences, and allows for easy manual updates to its rules-based detection engine… defenders spend less time on routine tasks and more time conducting powerful investigations.”Leo Simonovich, VP and Global Head of Industrial Cyber and Digital Security, Siemens
Another AI-based threat detection platform is Vectra’s Cognito, which uses machine learning to gain insights from network metadata (data related to communication between devices) and detect attacks quickly. When a serious security incident affected agricultural commodities firm ED&F Man Holdings, the company decided to improve its cybersecurity measures. Using Cognito, the security team discovered multiple man-in-the-middle attacks (when network data is intercepted secretly and fraudulently by a third party) had occurred, malware had been installed for several years, and their systems even fell victim to an overseas cryptocurrency mining scheme – all of which had been missed by their security audits for years.
Blockchain technology can stop cyberattacks
Blockchain technology works by using an immutable single source of truth, a principle where each person has access to the same data, which cannot be altered without the unanimous agreement of everyone else. Each piece of data is stored on ‘nodes’, and if one is tampered with, the system analyses the entire network and detects the anomaly. The only way an entire blockchain can be compromised is by an attacker destroying every single node – even one node with the correct data can restore the entire system. Estonian technology firm Guardtime has developed a blockchain-based security system that removes the need for verification keys, and instantly detects when changes to data are made. Blockchain technology can also prevent DDoS (Distributed Denial-of-Service) attacks, which make websites inaccessible by visiting them with many devices at the same time in order to overwhelm the server. These are currently difficult to prevent due to the Domain Name System (DNS), which maps IP addresses to domain names. DNS has been partially decentralised, but if it were fully decentralised using blockchain technology, it could be much more secure and prevent DDoS attacks. Blockchain could distribute data across multiple nodes, reducing the chance of data being accessed or altered fraudulently.
Quantum computing – a new era in cybersecurity?
Quantum computing promises to be infinitely faster than traditional binary computing. A binary digit is either a 0 or a 1, while a qubit (the smallest bit involved in quantum computing) can be either or both simultaneously. This enables working with multiple datasets at the same time, and speeds up computations many times over. While quantum computing is still in its early stages and has not yet become widespread, this is only a matter of time – probably years rather than decades. Quantum computing can greatly enhance the efficiency of AI and other technologies used in cybersecurity applications. UK-based software firm Quantinuum has developed a quantum platform called Quantum Origin, which is already being tested by companies including VPN provider PureVPN, who have used the platform to develop a quantum-based encryption key generation process which is more secure than traditional processes. However, like other technologies, quantum computers also pose potential cybersecurity threats, as they will be more capable of breaking traditional encryption methods. In order to protect their resources from cyberattackers with quantum computers, organisations may have to use quantum-resistant algorithms. PureVPN is developing these algorithms using Quantum Origin, and they are currently being audited for approval by the National Institute of Standards and Technology.
The role of employees
Although technology is an essential tool against cyberattacks, cybersecurity cannot yet be passed entirely over to machines. The human component of any security system is vital – in fact, over 85 per cent of data breaches in 2021 occurred as a result of the ‘human element’. This involves threat actors tricking employees with methods like phishing and social engineering. In some cases, hackers have even fraudulently accessed systems and sensitive data simply by looking over people’s shoulders at their screens in public places. All employees, at every level of an organisation, should be thoroughly educated – and regularly tested – on security risks and data protection procedures. This can be carried out through internal or third-party training.
The digital ‘arms race’ between cybersecurity firms and cybercriminals continues to rage. New technologies usually pose potential threats as well as potential defences, but there is little other option for organisations than to implement these technologies if they hope to be adequately protected against threats. The role of employees is also key – workers must be educated on the threats out there, the methods used by cybercriminals, and the ways that data breaches can be prevented. For as long as crime exists, cybersecurity will be an essential component of operations for all organisations, whatever their size and sector.