Cyber crime takes a quantum leap
Accenture’s Global Quantum and Space Cyber Security Lead Tom Patterson believes that “progress in quantum computing is bringing adversaries ever closer to a cryptographically relevant quantum computer that is able to crack all of the public key encryptions that protect most everything in government, industry and the internet.”
Patterson argues that with quantum hacks, threat actors can steal a much greater quantity of information as they can simply decrypt the data later. Due to the speed of quantum computing, more data can be scraped in a shorter amount of time.
However, Patterson also reveals that with quantum attacks, comes quantum encrypted algorithms which will, hopefully, keep data encrypted even as cybercrime takes a quantum leap.
Identify theft over malware
Cyber security has been around for decades now. As a result, many organisations will have found and put in place strong endpoint security such as firewalls, antivirus and detect and report systems to deal with cyber threats. Due to this, cyber criminals will be moving away from malware and easy-to-detect cyber risks and towards social engineering tactics to steal identities and login credentials.
As an organisation, you need to ensure professional accounts are password protected well, 2FA locked, and identities are authenticated before access is granted. If not, then a threat actor could use a legitimate corporate account on your professional network to cause financial and reputational damage.
Small businesses targeted as budgets fall
A Typetec survey reveals the average cyber security budget for small businesses is set to halve this year even though 79% of SMEs experienced a cyber attack in the past 12 months. Unfortunately for these SMEs, a pandemic followed by a global recession is not good for the books and cyber security priorities will be paired back to just the fundamentals for organisations of this size.
This will prove to be a costly decision for many SMEs as they have not considered how much more veracious threat actors will be this year.
Not all SMEs are taking their eye off the ball however with the same survey also noting that 37% of SMEs have increased cyber security awareness training for staff. But do we know why many SMEs will be lowering their budgets other than budget cuts? Typetec’s survey has further answers for this with survey responders stating they believe SMEs should receive funding and support from the state to help against a rising global cybercrime level.
Typetec’s CTO, Trevor Coyle, said “We understand that many smaller businesses are dealing with inflationary pressures at this time and have to make difficult investment decisions. However, it is important that they make smart choices and do not leave their data and systems more vulnerable and easier to attach, which will ultimately be so much more costly if it happens.”
Increased board buy-in
At TSC (The Security Company), we have always championed the notion of security behaviour change from the top down. When we work with our clients, we recommend getting the board members and management to buy into the same cyber security ideals we teach and communicate out to employees at every level of their business. The sentiment being that if those at the top follow and respect the rules, those below them have no excuse but to do the same.
As the rate of cyber attacks increase and the financial/reputational damage becomes clear and a present danger, we will see those at the top get far more hands-on with cyber security awareness. As cyber threats can now affect the standing and international reputation of a whole company, CISOs and DPOs should expect and want their board to ask for monthly/quarterly cyber security awareness updates and refreshers.
C-suite cyber security awareness has always been a priority for TSC, and it seems, executives are waking up to the importance of employee security awareness at the very top of an organisation.
Geopolitically motivated attacks
The Mail on Sunday reported that former UK PM Liz Truss’s phone was hacked while she was foreign secretary, leading to private messages between Truss and foreign individuals to be accessed by nefarious individuals.
Attacks such as this not only work on a political espionage level but are instigated not for financial reasons but reputational damage instead. The rate of these attacks is expected to exponentially increase as proxy wars not only continue to be fought on the ground but in the digital cloud as well.
Accenture data reveals a significant increase in hacktivist activity against Ukraine’s Western allies. Microsoft have also tracked 250 unique nation-state attacks (cyber attacks backed by a country’s official authorities), 35 organised ransomware gangs and are processing more than 1,200 password attacks a second.
Interestingly, Accenture analysts also argue that increased geopolitical attacks will, in the long term, help improve cross-country security and internal government security for these nations – something that they have left unrefreshed for a while.
Key infrastructure attacks
Tangentially to the geopolitically motivated attacks mentioned above, cyber criminals understand that governmental organisations that monitor and run key infrastructure projects will be lacking in a cyber security budget and may therefore have vulnerabilities to exploit.
In these instances, cyber criminals will not only be after finances to cripple said infrastructure, but they will also be after the massive amounts of data these organisations hold. For instance, last year, we saw a 62% increase in cyber-attacks against higher education providers. This year, we will see further attacks against the education sector, civil service, energy providers and the medicinal community.
Bespoke/tailored cyber security learning
Organisations are waking up to the reality that one size does not fit all. TSC have been shouting from the top of the mountain about the many benefits of bespoke, tailored cyber security awareness and training for employees – and now people are listening!
The way to build a healthy security culture in an organisation is to make sure every single cog and gear is well maintained and oiled. When we tailor our security learning to your employees – whether this considers age, language, or generational differences – we increase the chances of knowledge retention and recall, which is only good news for CISOs and their security culture.
When you analyse your own security culture (using a tool like TSC’s SABR (Security Awareness and Behaviour Research)), you can pinpoint where your security is strong and where it is porous. You can then avoid any friction and time-wasting in areas of your organisation that appreciate security awareness and instead focus on tailoring your programme to more pertinent cyber risks.
IoT (Internet of Things) device security focus
As more devices are connected on mutual networks and the line between personal and professional devices becomes blurred, the attack surface and potential for cyber criminals will increase. Threat actors can use IoT devices, which do not necessarily hold the data they are after, as a gateway to access other devices and networks that might.
The White House National Security Council sees this as a massive issue and has gathered representatives from consumer product associations, tech-specific think tanks and manufacturers to produce cyber security standards for IoT devices, to minimise user risk.
The goal of the joint project is to come up with labelling standards for devices that can warn consumers, of any cyber security knowledge level, of the threats they face. Think of the ‘Smoking Kills’ label we have now mandated on cigarette boxes – similar labels will be attached to IoT devices to ensure consumers are aware of how the device will alter their online security.
AI (Artificial Intelligence) support for cyber breach detection and reporting
Artificial intelligence and machine learning is being deployed by organisations to monitor network activity in real time. Cyber Security Hub research reveals that 19% of cyber security professionals are investing in cyber security through AI and automation.
It just is not realistic or even possible to have humans monitor every single request and action on a given network. An AI can do all of this in real time and flag actions/patterns it has identified as a threat through machine learning. IBM data revealed that companies that already use AI in their automation process have saved an average of $3 million a year compared to those who do not.
Considering the savings here, more organisations are expected to invest in AI detection and reporting tools to fortify their constant security.
Cyber security awareness with TSC!
There is only one place to be for cyber security news and awareness tips and that is with TSC and The Insider.
