The Cyber Security Threats For 2020

Cyber Security Threats

Cyber Security threats are evolving all the time making it extremely difficult for business to combat this and it is now even more important to have in place the appropriate protections to keep them safe from hackers.

The same core cyber security threats still exist but these are becoming more sophisticated and difficult to trace and prevent.

Ransomware   

Ransomware is now not just used as a scatter gun approach but is now being more targeted at businesses where ransom demands are now much larger than before. The decision now becomes to pay the ransom in order to obtain the decryption key to mitigate the interruption to the everyday operation of the organisation or to hold out and rely on the back-ups in place that hopefully would not be corrupted. New strains of ransomware are also appearing and becoming increasingly difficult to repel.

Phishing Attacks

These types of threats remain prominent and despite an increase in training by companies to help employees spot such attacks, commonly sent via e-mails, success is high for hackers still reaping rewards.

Internet of Things

The interconnection of devices is increasing at an alarming rate with all aspects of life now being connected from the office to the home . The concern is that people are more reliant on this and this provides greater opportunity for hackers to access a network and cause disruption.

The Supply Chain

The supply chain of any business is in many cases fundamental to its operation where this be the supply of technology or the provision of non IT services. The cyber security of such entities is in a number of cases not as robust as the principal business and should their IT be compromised this can lead to a hacker gaining access up the line.

The Insider Threat

This remains a prominent threat and is to an extent still hard to predict as this is determined by human nature. Even with the most sophisticated firewalls in place if an employee is determined enough to steal data they will succeed. It will be interesting to see how the Morrisons case develops which laid down that businesses are vicariously liable for the actions of employees in the event of a data breach of their employees personal data.

Artificial Intelligence  ( AI)  

AI as it is know is perhaps the newest of the cyber threat vectors that now exist and is the most unknown but potentially the one that could cause the most disruption. It is also the most difficult to defend against. Deep Fake videos are a fast developing area where a believable video conference call from what is thought to be the CEO could have been created by AI , this could lead to misinformation being relayed within the company and impact business decisions.

Image : Shutterstock

What is the CCPA ?

CCPA

The California California Consumer Privacy Act (CCPA ) is a new consumer protection law which comes in effect from 1st January 2020 and is yet another sign that data protection is now taken very seriously. This follows closely in the steps of the General Data Protection Regulations ( GDPR) which were launch in May 2018.

Who does this apply to ?

  • This law is applicable in the state of California where organisations carry our business that involves collecting and processing the personal information of individuals.
  • Where an organisation has gross revenues of over $25,000,000
  • If an organisation buys / sells at least 50,000 consumers personal records for commercial gain
  • If an organisation earns more than 50% of their revenue from the selling of a consumers personal records.

If all any of this criteria is met then the CCPA will be applicable and the business will have to adhere to these regulations.

What are the consequences of non- compliance?

Should this be the case it is possible that the business could face the following penalties :-

  • Civil Penalty up to $7,500 for each intentional violation and $2,500 for other violations
  • In addition to this  the victims of a data breach may obtain $100 to $750 per consumer, per incident.

The importance of how a business manages its data is therefore of the utmost importance in order that these regulations are complied with and to avoid any penalties that stem from a breach of these regulations.

Some guidelines to the management of data 

  • Ensure that all employees are updated with this legislation and carry out training as applicable.
  • Ensure that all processes and procedures are aligned to comply with the new legislation and if not introduce new ones to cater for this.
  • Carry out a review of cyber security within the organisation and implement upgrades and improvements where necessary in order to mitigate a possible data breach.
  • Where necessary bring into line privacy notices and policies on websites and other public facing forums.

The protection of data is becoming a core value within businesses as in the event of a data breach the costs to manage this and the impact on their reputation can be severe.

Image : Shutterstock

Agriculture – The Cyber Threats

Agriculture

Agriculture is perhaps not recognized as a sector that could be the target of hackers however this sector is now relying on increased connectivity and communication on-line and with this comes the threat of possible cyber attacks.

The Farming community has varied experience in protecting its IT and limited experience in the management of these types of risks.

Cyber Threats

  •  Increased reliance on digitization and conversion from older computer systems
  •  Working with a broad number of suppliers increases supply chain threats
  •  Farm database being subject to a data breach from a hacker
  •  Loss of productivity as a result of a cyber attack impacting on yields
  •  Loss of storage facilities
  •  Compromise of farm management and logistics software  
  • Agricultural vehicle attacks

The Smart Factor

Agriculture is becoming more reliant on smart technology as this is cost effective and works effectively in this sector where movement of goods and animals dominants.

For example this involves some of the following :-

1.Livestock tracking wearables

2 Food tracking

3.Smart agriculture sensors for soil moisture and weather stations

Cyber Risk Management 

Agriculture is linked to the food industry and any compromise in technology is going to have a very significant impact of the food supply chain , protection of this is vital. The food sector is classified as part of the 13 sectors that fall under Critical National Infrastructure (CNI), the prominence of this therefore is at the highest level. The  management of risks in this sector should be a priority.

We have not seen many cyber attacks in this sector and it is maybe the case that few have been reported or they have been in significant to be reported.

Cyber Insurance 

This is relatively new form of insurance and is now being purchased by many businesses in many different sectors and it is conceivable that the farming sector will also consider this with cyber risk becoming more relevant .

 

Image : Shutterstock

Manufacturing – Cyber A Real Threat

Manufacturing

The manufacturing industry is becoming a prime target for hackers where their technology is being compromised resulting in significant disruption within this sector.

Make UK , the Manufacturers Organisation recently carried out a cyber security resilience survey in the UK which demonstrated varying degrees of preparedness by manufacturers.

https://www.makeuk.org/insights/publications/2019/09/06/cyber-security-and-manufacturing

The highlights of the report were as follows:-

  • 60% of manufacturers indicated that they had been subject to some form of cyber security incident
  • 41% of their customers had requested evidence of the robustness of their cyber security processes and procedures
  • 31% of manufacturers were also asked this question within the supply chain

IBM’s 2019 Global Threat Intelligence Index showed that 10% of all attacks are aimed at the manufacturing sector.

Cyber Risk 

As with most business digital transformation is underway but with this brings new vulnerabilities and threats which need to be managed. For the manufacturing sector achieving the optimum production rates is vitally important and one of the ways in achieving this is through digitisation and a greater reliance on connectivity throughout the organisation.

What are some of the main Cyber Threats in this sector?

  • The theft of intellectual property by a hacker
  • Ransomware attacks from malware
  • Phishing attacks through as a result of access via the industrial control system
  • Spam messages which when deployed on mass will impact on productivity and communications within the organisation.
  • The compromise of the firms website that may impact on their reputation should defamatory of controversial commentary be posted by a hacker.
  • Employees or customers being subject to identity theft where they have had their personal details accessed by a cyber attack. This could include bank and credit card information details that are then used to commit fraud or are sold on the dark web.

How can the sector help protect itself ? 

Cyber risk management plays an important role in combating the evolving and unpredictable cyber threats that exist and should be pro-active rather than reactive.

In tandem with this businesses in this sector would benefit from purchasing cyber insurance which provides coverage for financial loss caused as a result of unauthorized access of their computer systems. More important it also provides incident response services from an established vendor panel drawn up by insurers.

Irrespective as to how cyber threats are managed it important that this given the correct level of priority at board level so that the right attention and appropriate resources are utilized to protect the well being of the organization.

Image : Shutterstock

Deep Fake – Do You Believe ?

Deep Fake

Deep Fake is emerging as a prominent new cyber threat which businesses are now facing and need to implement measures to counteract.

What is Deep Fake?

Deep Fake is a method that combines and superimposes existing images and videos onto source images onto source images and videos using artificial intelligence. It uses a machine learning  technique known as generative adversarial network (GANS)and first emerged towards the end of 2017.

Video content has historically been very difficult to change but with the use of artificial intelligence this has helped make the process easier.

What are the typical threats?

  • Creating an emergency situation that is not real and causing panic.
  • Disruption to an election by false statements
  • The making of a false announcement to directors and shareholders
  • An image of a director requesting the fraudulent transfer of funds.
  • Posing falsely as a partner that may affect a relationship
  • False video of a celebrity in compromising situations.

How are Deep Fakes detected?

Sophisticated deep fakes are difficult to detect where as the more amateurish ones can be spotted quite easily such by a lack of blinking or shadows of individuals that do not seem to be in the correct position.

It is also possible for them to also be trained to avoid detection and is therefore a cyber threat that is hard to combat.

Last week Google released a database of 3,000 deep fakes to alter faces and to make people say things they never said. These were of course actors the purpose of this was to help researchers build tools required to take down harmful fake videos that could cause distress to individuals and harm to businesses.  https://nakedsecurity.sophos.com/2019/09/27/google-made-thousands-of-deepfakes-to-aid-detection-efforts/

Well Known Deep Fakes

Deep fakes have been carried out on many famous individuals from Donald Trump to Tom Cruise and Theresa May.

Here are some examples

https://www.creativebloq.com/features/deepfake-examples

The Future of Deep Fakes

The world of Deep Fakes will no doubt develop beyond a level which makes them impossible to differentiate between what is real and what is not – this is one race that hackers seem to be so far ahead that it will be difficult catch them.

Image : Shutterstock

Artificial Intelligence – Helping Cyber Security

Artificial Intelligence

Artificial Intelligence (AI)  is now playing a significant role in helping to managing cyber risk. This was recently evident in the aftermath of the Nordsk Hydro ransomware attack where AI was utilised to identify further vulnerabilities.

This form of automative technology would seem to be a good match for managing the constant threats posed by hackers where new cyber attacks relentlessly attack computer systems and constant monitoring is required. Despite the automation basis there however still needs to be human involvement in this process.

How Does AI Work ?

Billions amounts of data is consumed by AI via machine learning and deep learning techniques. This makes it possible to improve and develop its cyber security bank of knowledge which ultimately provides a better understanding of existing and developing cyber risks.

AI utilizes reasoning in order to identify relationships cyber threats malware threats and dubious IP threats . This is then analysed in a very short period of time thus enabling users to respond and act on imminent cyber threats.

Where can Artificial Intelligence be used ?

  • Monitoring of computer systems
  • Predictive tool for new threats
  • Analysis of threats based on current activity
  • Monitor Human activity
  • Post data breach tool
  • Detection of viruses and malware

The Future 

Capgemini released a report last month “Reinventing Cybersecurity with Artificial intelligence”

https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf

The report revealed that 69% of organisations felt that AI will be necessary to respond to cyber attacks in the coming years. Telecoms in particularly were of the view that this would help mitigate the sizable losses already experienced in this sector. Many organisations are gearing up for testing the viability of AI and how it can help their cyber risk management processes. Budget provisions for this are being made as long term there are many  costs benefits in AI.

Artificial Intelligence is developing at a rapid rate and it is important that its application remains relevant to the cyber security sector as other industries also show an interest in this technology.

Image : Shutterstock