This blog post was written by Ann, one of our Cyber Security Consultants

What the Past Decade Has Delivered

2010 seems but a heartbeat ago, yet some of the technologies it delivered are such a big part of our everyday lives that it’s hard to remember life before them. Technologies like our trusty tablets, the GPS chips in our mobile phones, Google Chrome, Mobile Video and Mobile Transactions were all launched and adopted by most of us a decade ago.

In 2020, almost every aspect of our lives is stored in the Cloud – from our recipes, health records and many aspects of our personal identities. Consequently, we are generating significantly more data than ever before; some 2.5 quintillion bytes of data are created each day! 90% of today’s data was generated in the last two years, and cyber threats are continually evolving to keep pace with this explosion of valuable information.

Evolution of Cyber Threats and Protection

Back at the start of the century, most threats and malware were merely a nuisance, designed to disrupt and frustrate users. But in 2008, the mighty ZeuS Trojan, which grabbed banking details using key-logging and form grabbing, was unleashed. This was the start of a much more “professional” era of cyber-crime, with a variant of ZeuS being used in one of the biggest hacks to date (Target in 2013, where 40 million customers’ records were stolen and a further 70 million were compromised. Target disclosed that the hack cost the company an estimated $202million).

This, and other catastrophic cyber-attacks like it, highlighted an urgent need for businesses and organisations to improve their cyber security awareness. But how? It’s not something you wake up with one morning and instinctively know how to do! In order to help companies with this, in October 2013, the ISO/IEC 27001:2013 Standard for Information Security Management was revised, and 8 months later the Cyber Essentials Scheme was launched. Obtaining certifications in either or both allows businesses to demonstrate that they are cyber aware, and as safe as possible to conduct business with.

What May Define the Next Ten Years

5G and the IoT

A new generation of 5G networks will be the single most challenging issue for the cybersecurity landscape, as it delivers speeds nearly 1000 times faster than today’s Internet. More worryingly, by 2025, 5G will enable 75 billion new devices to connect, some running critical applications and infrastructure such as automated transport systems for driverless cars, automated water and waste systems for emergency workers and services. Cyber criminals will be able to cause serious damage at with 5G’s incredible speed and our dependency on it, and the scale of the potential consequences are as yet unknown.

As our homes become increasingly ‘smart’, we are generating greater opportunities for hackers to gain access to our devices. Security usually isn’t a top priority for IoT device makers, with home routers and security cameras being top IoT targets for opportunist hackers due to the lack of built-in security. The result could be the retrieval of your personal and payment information – or your devices may be used to launch a broader attack. This happened in 2016, when hundreds of thousands of compromised connected devices were pulled into a botnet dubbed ‘Mirai’. The combined processing power was utilised to launch a large-scale cyber attack on major websites, such as Spotify, Netflix and Paypay – all of which were temporarily shut down.

Artificial Intelligence

We will see AI being used increasingly as a critical component in keeping up with the scale and pace of our digital prosperity, being deployed as a solution to real-time detection and remediation of threats. The problem is that historically, any technical progress made in AI is quickly seized upon and exploited by the criminal community, posing an entirely new challenge to cybersecurity in the global threat landscape. And what of the small-scale Cyber Criminal that doesn’t have the resources to hack an AI protected network? We must assume that we will see an increase in the relative ‘easy pickings’ of individuals through their insecure smart home devices.

Biometrics and 3FA

The use of our fingerprints, voices, retinas and behaviour traits is being increasingly utilised to combat the above emerging threats, thus the next-generation of authentication requires a high volume of individual data to be stored globally. This will inevitably drive the cyber-criminals to target this information in addition to our credit card details.

It is largely agreed that Three-Factor Authentication will be the next available option, where a user must:

1. ‘know’ – password,

2. ‘have’ – token: such as a swipe card

3. ‘are’ – biometrics

In the next decade, it is imperative that a full understanding of how to secure our shared digital lives is gleaned and urgent analysis must be based on evidence and research into the risk landscape in order to keep the cyber criminals out.

Black box penetration testing: realistic or redundant?
When the s**t hits the fan