In one of the episodes of Sherlock Holmes, Jim Moriarty orchestrated a simultaneous heist on the Tower of London, Bank of England, and Pentonville Prison with a single tap on his phone. Sherlock, in turn, tried to find the ‘master code’ that could open any locker anywhere in the whole wide world – a unique combination of ones and zeroes that bears the power to penetrate into layers and layers of security. This was a fictional scenario, it did raise a question and a very important one at that – Is our security system this fragile? Well, apparently so. The real-life case does not differ a lot from the reel-life.
Hackers stole data of over 5 million tax-paying Bulgarians from country’s tax revenue office. For a country like Bulgaria, this number makes up for its entire adult working population. The stolen information included names, addresses, incomes, and social security numbers of the affected individuals.
Government databases are treasure troves for hackers. With data becoming the new currency, such hacks are cyber versions of the good old money heists. 5 million may seem like a very small number against the 150 million customers whose privacy was compromised in a 2017 data breach of Equifax. While the organization was later fined with the amount of $700 million, the damage had already been done.
In what is described as the largest data leak in the history of Russian intelligence services, the Federal Security Services of Russia became the target of the cybercriminals who stole 7.5 terabytes of data from them. The hacker group, by the name of 0v1ru$, breached one of the third-party contractors – SyTech, and got access to critical intelligence information. The government is dependent on the third-party contractors and service providers for their network and server needs. These contractors often become easy target for hackers and expose sensitive data.
Even the NASA was hacked!
All of these incidents ascertain one thing – whatever we have been doing to build the cyber resilience, it ain’t working. We need to identify our cybersecurity mistakes of the past, apply the learnings from those mistakes to upgrade our cybersecurity plan, while keeping the upcoming trends and potential threats in mind.
As per a prediction by Gartner, “By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, up from 40% today.” From end users to the businesses and service providers, cybersecurity is on the top of everyone’s mind. Let us sneak a peek at what are the threats that will majorly impact cybersecurity this year:
The prime targets of cyberattacks in 2020
As per a prediction given by Kaspersky, FinTech, mobile banking applications, and e-commerce platforms could be the prime target for hackers in 2020. The financial motivation of the cyber threat actors plays the key role here.
Additionally, CNBC reported that 43% of the online attacks are primarily targeted at the small businesses because of lower security resilience and ease of hacking. This implies that all organizations, irrespective of their size, must focus on building strong cyber walls to prevent any unexpected breaches.
A multipolar world of technology
Reports have suggested a possible balkanization of technology and the internet. In fact, amidst the China-US trade war, this divide will extend further to software and hardware, privacy norms and regulations. Eric Schmidt had predicted the bifurcation of global internet by 2028, causing a break between the Chinese-led internet and the non-Chinese led internet. The lack of censorship and regulation over the Internet’s ‘global reach’ has always been threatening, which would be mitigated by this balkanization. However, on the other side, a controlled reach will take away the privilege of ‘free access’.
As we move toward a world of segmented internet, businesses should ensure that they comply to the varied laws and regulations governing the regional technologies, privacy, and connectivity. To minimize the exposure of vulnerable hardware or software to the segment networks, special caution would be required during their integration.
A false sense of security
From two-factor authentication method, we will be moving on to a multi-factor authentication system with biometrics taking the lead. Fingerprints, facial data, retinal scans are rising in popularity as they are comparatively more secure than the typical key-based authentication methods. Biometric authentication might be stronger than its traditional counterparts, it does create a false sense of security. It is not completely impenetrable. In fact, it is highly possible that threat actors replace the biometric template with an imposter’s template, or worse, steal the biometric system database and simply replay it.
The biggest advantage as well as drawback of biometric is its uniqueness. Once stolen, it cannot be replaced or renewed. In such a scenario, encryption becomes the life and blood. Organizations that implement a biometric verification method must encrypt not only the biometrics data itself, but the assets secured by the data as well.
The lack of sufficient cyber guards
The cybersecurity skills gap has been and remain one of the biggest cyberthreats of all time. The cyber attackers are getting more advanced and strengthening their weapons, while businesses are struggling to build their cyber-army with capable and skilled people. Last year also, ESG reported that about 53% of the surveyed companies were facing a severe shortage of cybersecurity skills within their organization.
In-house training becomes the only way to improve this ongoing problem. Organizations should build a proactive cybersecurity plan, hire people with relevant skills, and provide them training for the required skill levels.
The cyber armors for 2020
To make their cyber walls truly robust and resilient, organizations would need to leverage both people and tools. The right mix of skilled human resources and effective tools will help fortify the cyber realm. There are several cybersecurity tools available in the market today. While deciding which tool to implement, it is necessary to consider the organizational structure, existing security system, cybersecurity budget, as well as risk tolerance.
The digitally-driven businesses must integrate security practices within their application/software development lifecycles and CI/CD pipelines. Security testing is the ultimate protector against the unwanted and malicious attacks.
In this digitally-inclined landscape, we communicate, interact, and transact through data. Data has become the asset, the new currency that we all need to protect and secure – maybe lock away in a safe and gulp down the key?
It would be an understatement to say that the scope and rate at which cybercrimes are increasing is concerning. Irrespective of the data security budgets and sophisticated security systems, the hackers always find one tiny vulnerability and exploit it to cause a deadly blow to organizations.
You can never be fully secure. We build a false sense of ‘impenetrability’ around us by deploying multiple layers of security systems. It is still very possible that the data thieves will find a way around. Just like a bacterium develops resistance to an antibiotic over a period of time, hackers discover an immunity potion that helps them permeate through these thick security walls.
But this should not stop us from locking our doors. We cannot provide an open opportunity for the hackers to loot us. If not impenetrable, we can definitely make our data extremely difficult to extract. For doing so, there are two critical things to keep in mind – data hygiene and privacy regulations. Stop checking the ‘I’ve read and agree to the privacy terms and conditions’ without actually reading them.
Possesses rich expertise in Security Testing of enterprise applications, catering to diversified business needs. We have immense experience in serving clients across different industry verticals and organization sizes and adopt the latest industry standards and testing methodologies. Connect with us.