How to outwit cyber criminals in a rapidly changing world

The world has come a long way since the first computer viruses – Creeper, Wabbit and Elk Cloner – were unleashed on the ARPANET (forming the technical base of today’s internet) close to half a century ago. Initially self-replicating and somewhat harmless programs, these viruses and worms gradually turned complex, vicious and persistent. The internet is a goldmine for cybercriminals and they can easily release malware for a price, bringing businesses as well as nations to a crashing halt.

Millions of systems have been compromised worldwide over the years as cybercriminals stole money, credentials and information, or just caused intense turmoil. Most recently for instance, the “Cookie Miner” malware was discovered that could potentially steal user information (credit card, passwords etc.) from the browser’s cookies linked to crypto currency exchanges and wallets. In Australia, cybercriminals hacked the systems of a health care and an auto enterprise, holding the data for ransom.

The last two years have seen a massive rise in cybercrime. Cisco’s 2018 Asia-Pacific Security Capabilities Benchmark Report highlighted that India recorded the second highest number of real cyber threats, followed by Australia in the Asia Pacific region. 2019 will continue to see incidents at a global scale with cybercriminals attempting to exploit vulnerabilities, breaching confidential data and hacking security systems. As we talk about cyber security becoming an integral part of the boardroom agenda, organizations can take note of some areas as they strive to protect their critical assets in 2019.

The artificial intelligence (AI) “opportunity” will be big in 2019. However, the rapid advancement and adoption of AI can turn out to be a double edged sword. On one side, AI can help organizations ramp up their technology systems to new levels of sophistication, predict attacks and correspondingly take quick corrective action; while on the other, it can also be misused by cybercriminals in avoiding detection and evading security.

Recently, there was an uptick in “Deepfake” videos that were created using deep learning AI and involved creation of fake videos showing real personalities. In 2019, cybercriminals are likely to exploit the power of AI to a significant extent for nefarious purposes, circulate fake news and spread malware through phishing attacks. With security solutions yet to be developed as a counter, the only remedy available is to raise awareness and set up trainings for the stakeholders.

Smart contracts, which use Ethereum blockchain to maintain a decentralized ledger and subsequent contract between parties, have been implemented by some of the leading financial institutions. Increased usage is expected in financial transactions including money transfers and protection of intellectual property rights. However, there have been flaws associated with this AI that may be exploited by cybercriminals. One of them is the “re-entrancy attack” that may see hackers accessing user’s funds and extracting them without complying with the contract requirements or without the knowledge and/or approval of the respective users.

Cloud computing, used extensively to store company data on servers is another area at risk. In 2019, hackers will focus their effort to breach organizations’ systems, resulting in a radical shift from malware stored on the desktop to being stored within the data, making the same redundant. Investments in enhancing cybersecurity and incident response capabilities and hiring talent will be crucial.

Voice controlled digital assistants is expected to be another area that would be targeted by cybercriminals as they are used frequently by individuals as well as businesses. Hackers will further develop malicious codes and commands to target the Internet of Things (IoT) devices and their voice assistants. These assistants are also likely to be used in digital/ financial payment applications, which will further augment risks.

While the threats continue to escalate, governments across the globe are launching initiatives and enhancing greater cross border collaboration to fortify cybersecurity measures. The year 2019 will see India taking rapid strides to counter growing cyber threats by institutionalizing a Defence Cyber Agency, under the supervision of the Integrated Defence Staff, inauguration of a national cyber forensic lab (NCFL) and Delhi Police’s cyber-crime unit, ‘CyPAD’. A National Centre for Artificial Intelligence is also on the anvil under the aegis of the Ministry of Electronics and Information Technology.

EY Global Information Security Survey (GISS) 2018-19 highlights cybersecurity gaining prominence among the board. However, it also notes that more than three-quarters (87%) of organizations do not yet have sufficient budgets to provide the levels of cybersecurity and resilience they want. Protection is patchy, relatively few organizations are prioritizing advanced capabilities, and cybersecurity too often remains siloed or isolated. The cyber threat that stands before us is as real as it can get. In 2019, organizations will have to buckle up their cyber seatbelts for the bumpy ride ahead.

The above article first appeared in Business Standard and can be accessed here