Founder’s Reading List: The Biggest Trends in Cyberattacks
Cyberattacks are a fact of digital life. Within IT departments, security gets the lion’s share of spending. However, one in three IT professionals worries that their companies haven’t dedicated enough funding to cybersecurity. So what are IT professionals worried about? These are the biggest trends in cyberattacks.
AI-Powered Attack & Defence
According to Webroot, a cybersecurity firm, 87% of US security professionals say their organizations use AI as part of their cyber-defence strategy. However, 91% of the same professionals also say that they’re worried about AI being used in attacks.
The world’s first AI-powered cyberattack was discovered last year in India, where attackers used machine learning to study the regular patterns of use within a company’s network. AI can’t replace human intelligence (yet), but tasks that require a lot of volume are perfect for bots. Companies that expect to resist cyberattacks will have to spend money on AI defences and expect AI to play a role in attacks.
IoT Remains a Big Security Gap
Excuse this overused joke, but: the “s” in IoT (Internet of Things) stands for security. Wait, there’s no “s” in IoT? Exactly.
The real threat related to IoT’s poor security is the rise of massive botnets. Many IoT devices lack even the most basic security features. Granted, things like toasters and refrigerators attached to the internet aren’t likely to hold valuable data, but they can be recruited into botnets with ease. There are now more than 8.4 billion devices connected to the internet, up 30% from 2016. That’s a lot of potential botnet recruits.
There is a major shift away from using malicious .exe files to deliver malware. Many antivirus programs work by analysing executable files for problems, so file-less attacks are a way to avoid antivirus detection altogether. According to a report by the Poneman Institute, three out of four successful attacks used file-less techniques.
US soldiers, CIA operatives, and other national security professionals have accidentally revealed the locations and details of overseas bases with their fitness trackers. Fitness trackers upload data like jogging routes to interactive sites online, and now we know where the US Special Forces are operating in the Sahel.
Your company isn’t likely to be running Special Forces bases, but this major oversight illustrates the basic problem of data oversharing. Many devices and social media applications share a lot of data and may encourage an oversharing mentality. From a cybersecurity perspective, this is dangerous. Information is currency online, and everybody puts a lot of it out there for free.
Canada is hit by state-sponsored attacks about fifty times a week, and usually at least one is successful. China has been publicly identified as the culprit a number of times, but many other countries (e.g., Russia, the US , Israel, and Iran) engage in state-sponsored attacks.
For firms with government contracts, this is a major problem. The resources a state can devote to an attack are far greater than those of the average cybercriminal. Aside from asking friendly governments for help, the only thing to do is increase cybersecurity protections and recognize that there’s a new bully on the playground.
To learn more about keeping your data and information secure, visit iweb.com and contact us today.