Cyberattacks we’ve seen to date have been child’s play relative to what’s possible, according to a government expert. We could soon see how bad it can get — and our best defense may be highly capable cyber-warriors.
“Sometime in the next few years, we’re going to have our first category one cyber-incident,” Ian Levy, technical director at the U.K.’s National Cybersecurity Centre, said at an information security event last week, referring to an attack so severe it would require a national government response.
Organizations are scrambling to react in the wake of high-profile attacks, such as a devastating ransomware attack on the NHS in May. Equifax’s interim CEO took to The Wall Street Journal Wednesday as a sort of mea culpa for a massive data breach of the American consumer credit reporting agency this summer; and the U.S. Securities and Exchange Commission announced Monday a new Cyber Unit.
“Cyber-related threats to trading platforms and other critical market infrastructure” is among the unit’s jurisdiction. And that’s good because plenty of threats exist.
There’s a Vulnerable App for that
Stock trading is among your smartphone’s myriad capabilities. But many of the most popular trading apps are susceptible to cyberattack, according to Seattle-based security advisor IOActive.
“Cybersecurity has not been on the radar of [the people within] the fintech space in charge of developing trading apps,” Alejandro Hernández, an IOActive cybersecurity consultant, stated Tuesday. “Security researchers have disregarded these apps as well, probably because of a lack of understanding of money markets.”
These apps enable users to monitor market performance, as well as conduct bank transfers, make purchase orders and more. But the 21 apps that Hernández evaluated — available via the Apple Store and Google Play — included four that sent passwords in cleartext, and some that did not sufficiently encrypt data, among other issues. But the good news is that some people are learning their lesson.
“The app developed by a brokerage firm who suffered a data breach many years ago was shown to be the most secure one,” Hernández stated.
Think Like A Cyber-Criminal
Cyber-weaknesses are still prevalent where banks, payment systems and messaging networks meet, according to a Committee on Payments and Market Infrastructures study released Thursday. And the financial burdens of cyberattacks on businesses around the world seem to be growing, research from Accenture and the Ponemon Institute released Tuesday indicates.
This year’s average cost of cybercrime globally jumped by 22.7 percent over last year to $11.7 million per organization — or a whopping 62 percent increase from five years ago, according to the research. Financial services bore the brunt of cyberattacks, averaging annual costs of $18.28 million.
“Innovate to stay ahead of the hackers,” the study recommends. “Invest in the ‘brilliant basics,’ such as security intelligence and advanced access management … [and] spend on new technologies, specifically analytics and artificial intelligence.”
Staving off a “category one cyber-incident” will require organizations to focus on risk management — and putting faith in their people, according to the NCC’s Levy. “People create the value at these organizations … [so] build technical systems for normal people.”
That’s important because your organization may not be up against a simple hacker — or an unscrupulous competitor. The complexity, duration and skillsets necessary for the cyberattacks against the SEC, Equifax and others hint at the possibility of state sponsorship, a cybersecurity expert stated Wednesday on Fox Business.
“I think most companies are focused on the outside very heavily, which is good,” Raytheon Chief Strategy Officer Joshua Douglas said. “But I think that we fail to realize that once an outsider makes it in, that you don’t have that second tier or third tier of support and security to protect the most important assets.”
Renaissance to the Rescue
Massive cyberattacks — category one or otherwise — should inspire us to a higher level of innovation, akin to the 20th Century Space Race, according to Defense One. Echoing the NCC’s Levy’s call for faith in people, cybersecurity will demand highly capable cyber-workers who are well versed in ethics and technology, as well as contextual thinking and clear communications.
“As we expose cyber-operators to ever-more vast amounts of sensitive information — and entrust them with some of the most destructive digital tools imaginable — we must continue to ensure that their technical skills are matched by character traits such as integrity and loyalty,” Defense One stated Monday. “Only such digital-age Renaissance men and women will be able to rise to the cyber-challenges of our time.”