From merely being used as terms such as ‘computer security’, ‘digital security’; evolving into the term cybersecurity, there has been a phenomenal progress in these past few years. With predictions like a cyberattack is occurring every 5 seconds somewhere across the world, its becoming paramount to implement cybersecurity as a part of the critical infrastructure for any organization dealing with digital information. For one thing, Robert Morris became the first person successfully charged under the Computer Fraud and Abuse Act (although this ended happily for him—he’s currently a tenured professor at MIT). More importantly, this act also led to the formation of the Computer Emergency Response Team (the precursor to US-CERT), which functions as a nonprofit research center for systemic issues that might affect the internet as a whole.
Cyberattacks have been ranked as the fifth most dangerous risk in 2020, and have become the new norm in both the public and private sectors. This risky industry is expected to grow further in 2021, with IoT cyberattacks alone expected to more than double by 2025. Furthermore, the World Economic Forum’s 2020 Global Risk Report states that the rate of detection (or prosecution) is as low as 0.05 percent in the U.S. [Reference]
Forbes has quoted 3 key trends to expect this year:
Expanding Cyber-Attack Surface (Remote Work, IoT, Supply Chain)
Ransomware as a Cyber Weapon of Choice
Threats Against Critical Infrastructure; ICS, OT/IT Cyber-Threat Convergence
Statistically, we have definitely witnessed a surge in the cyber attack arena this year in comparison to the last year and the year before. According to cybersecurity ventures, the world will store 200 zettabytes of data by 2025, according to Cybersecurity Ventures. This includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, on personal computing devices. There are numerous elements which have brought about the Malthusian enlargement of the worldwide cyber-attack surface. These impacts consist of digital transformation and the economic version of more individuals doing business over the internet. We are heading towards the fourth industrial revolution which is being highlighted by the digital interactions between devices and devices and humans and devices. With more connectedness amongst information, there is potentially going to be an increase in the threat surface for data to be exfiltrated With an estimated 50 billion connected devices and trillions of sensors working among those devices, hackers have a multitude of options to breach cyber-defense and exfiltrate data. According to The McKinsey Global Institute, 127 new devices connect to the internet every second.
Ransomware has been around for nearly two decades and has grown in popularity because it makes it easier for hackers to get financial offerings. There are now an estimated 124 different ransomware families, and hackers are very adept at hiding malicious code. it does not always depend on the use of the latest and most sophisticated malware. It’s relatively easy for a hacker to do. For the most part, they rely on the most appropriate vulnerability target, especially given the ease with which attacks can be made online. Last year, ransomware made up nearly a quarter of the incident-response engagements for IBM Security’s X-Force threat intelligence group. Fifty-nine percent of the ransomware incidents involved cybercriminals exfiltrating, before encrypting, the data — so-called “double-extortion” attacks. Ransomware, Phishing Will Remain Primary Risks in 2021 [Dark Reading]
The estimated cost of an attack as predicted in 2020
Some other trends that have been forecasted are as follows:
- Workers return and get into a hybrid work environment
- The return of Shadow IT
- Zero trust in cybersecurity
- Diversification of threat actors
Furthermore, this year, more of Blockchain security, the application of AI and deep learning in cybersecurity has also been predicted. As they say – The show must go on. Learning lessons from these cyber-attacks is not only pivotal for the affected organizations but also for other organizations to defend better and have effective mitigation techniques in place. Cybersecurity professionals need to up their game and also have a combination of offensive approach coupled with efficient defensive approach.
Article by Kaushik Sundararajan
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective.