The cyberattacks we’ve seen to date have been child’s play relative to what’s possible, according to a government expert. We could soon see how bad it can get – and our best defense may be highly capable cyber warriors.
Organizations are scrambling to react in the wake of high-profile attacks, such as a devastating ransomware attack on the UK’s National Health Service in May. Recently Equifax’s interim CEO took to The Wall Street Journal as a sort of mea culpa for a massive data breach of the American consumer credit reporting agency this summer, and the U.S. Securities and Exchange Commission announced a new cyber unit. “Sometime in the next few years, we’re going to have our first category one cyber-incident,” Ian Levy, technical director at the UK’s National Cybersecurity Centre, said at an information security event in September, referring to an attack so severe it would require a national government response.
“Cyber-related threats to trading platforms and other critical market infrastructure” are among the unit’s jurisdiction. And that’s good because plenty of threats exist.
There’s a vulnerable app for that
Stock trading is among your smartphone’s myriad capabilities. But many of the most popular trading apps are susceptible to cyberattack, according to Seattle-based security adviser IOActive.
“Cybersecurity has not been on the radar of [the people within] the fintech space in charge of developing trading apps,” said Alejandro Hernández, an IOActive cybersecurity consultant. “Security researchers have disregarded these apps as well, probably because of a lack of understanding of money markets.”
These apps enable users to monitor market performance, as well as conduct bank transfers, make purchase orders, and more. But the 21 apps that Hernández evaluated – available via the Apple Store and Google Play – included four that sent passwords in cleartext and others that did not sufficiently encrypt data, among other issues. But the good news is that some people are learning their lesson.
“Innovate to stay ahead of the hackers,” a recent cybersecurity study recommends. “The app developed by a brokerage firm who suffered a data breach many years ago was shown to be the most secure one,” Hernández stated.
Think like a cyber criminal
Cyber-weaknesses are still prevalent where banks, payment systems, and messaging networks meet, according to a Committee on Payments and Market Infrastructures study. And the financial burdens of cyberattacks on businesses around the world seem to be growing, research from Accenture and the Ponemon Institute indicates.
This year’s average cost of cybercrime globally jumped by 22.7% over last year to $11.7 million per organization – or a whopping 62% increase from five years ago, according to the research. Financial services bore the brunt of cyberattacks, averaging annual costs of $18.28 million.
“Innovate to stay ahead of the hackers,” the study recommends. “Invest in the ‘brilliant basics,’ such as security intelligence and advanced access management … [and] spend on new technologies, specifically analytics and artificial intelligence.”
Staving off a “category one cyber-incident” will require organizations to focus on risk management – and putting faith in their people, according to the NCC’s Levy. “People create the value at these organizations … [so] build technical systems for normal people.”
That’s important because your organization may not be up against a simple hacker – or an unscrupulous competitor. The complexity, duration, and skill sets necessary for the cyberattacks against the SEC, Equifax, and others hint at the possibility of state sponsorship, said Joshua Douglas, Raytheon’s chief strategy officer of cyber services, on Fox Business.
Thwarting tomorrow’s cyberattacks will require Renaissance men and women, highly capable cyber workers who are well versed in ethics and technology, as well as contextual thinking and clear communications, according to a cybersecurity expert.
“I think most companies are focused on the outside very heavily, which is good,” Douglas said. “But I think that we fail to realize that once an outsider makes it in, that you don’t have that second tier or third tier of support and security to protect the most important assets.”
Renaissance to the rescue
Massive cyberattacks – category one or otherwise – should inspire us to a higher level of innovation, akin to the 20th Century space race, according to national security news website Defense One. Echoing Levy’s call for faith in people, cybersecurity will demand highly capable cyber workers who are well versed in ethics and technology, as well as contextual thinking and clear communications.
“As we expose cyber operators to ever-more vast amounts of sensitive information – and entrust them with some of the most destructive digital tools imaginable – we must continue to ensure that their technical skills are matched by character traits such as integrity and loyalty,” Defense One said. “Only such digital-age Renaissance men and women will be able to rise to the cyber challenges of our time.”