Cybersecurity trends: fewer and fewer safe heavens

Nikodemas Martinėnas, Senior IT Security Specialist, Danske Bank IT Center

Nikodemas


Who could have predicted that we would be the generation of people statistically significantly more likely to suffer from cybercrime as opposed to physical ones. More and more criminals migrate into the virtual world, where bigger heists can be carried out with smaller resources and lesser risks. Today I will look at some of the most important trends, which might help with safeguarding our money, business or personal data.

 

Virtual globalization

 

As things stand nowadays, since most of everything has transitioned over the internet, it would be easier to name spheres of life or business sectors which are not the target of cybercrime. We are still struggling to grasp it, but everything we turn into cyber-information, directly or indirectly, becomes a part of the World Wide Web. Everything reachable through the internet can in turn be attacked. Anytime. Anywhere.

 

Recently, the staff of Danske attended the Horizon conference and had the chance to hear international IT security expert Mikko Hypponen’s insights on modern IT security. According to Mikko, every company has transformed itself into a software company. Whether a company sells hand-made scarfs or financial bonds, its success is based on how effective is in digitizing its activities. However, with great success comes great responsibility, and the more a company becomes digitized, the greater is the risk of a cyber-breach.

 

Financial companies and their clients are in the cobwebs of the most professional cyber-criminals and their organizations. After all, this sector specifically deals with money. On the other hand, let’s say, the medical sector might not be as directly linked to large financial transactions, but equally at risk in the event of clients personal data theft.

 

Delicate Iron

 

Nowadays, we have the understanding that any computer or smartphone connected to the internet represents a security-breach risk. However, it would seem that soon enough the risks will start to follow us into our private households as we are about to embrace the dawn of the internet of things (IoT).

 

We understand that smart-TVs and modern cars can become targets for cyber-break ins, nevertheless Mikko stresses that the real IoT revolution will start when ordinary every day tools are connected to the internet too.

 

Naturally, we shouldn’t start assuming that we are about to start having conversations with our washing machine or toaster; however, future models will have more and more sensors, cameras and even mini-processors – and these will in turn connect to the internet. Perhaps it will be done openly so that we would know exactly when to turn on/off appliances to save electricity, or maybe it will be done in a concealed way to gather personal information about its users.

This is how a teddy-bear could become a screeching monster, or perhaps a hub for secretly filming a child playing with it. One of the most realistic dangers that come with the age of IoT are cameras installed in an increasing number of appliances, and their vulnerability of being hacked. The only way we can counteract them now is by covering them up during the times they are not being used.

 

We can’t say that the ongoing war between cyber-criminals and cyber-security experts is a fruitless one, and the relevance of IT security is increasingly becoming of paramount importance.

 

A decade or so ago it would have been impossible to imagine a safe computer running a Windows operating system without a good anti-virus program. Nowadays, these programs are no longer mandatory as Windows has an effective built-in security system; these threats have moved towards social engineering, where criminals are attempting to hack the users’ behavioural patterns, as opposed to the iron itself.

 

Think globally, act locally!

 

This slogan perfectly sums up the main principle required to sustain at least a sense of security in the world of IT. With global trends being as they are, it is extremely difficult to offer effective recommendations that would guarantee safety. However, some safeguarding effects can be achieved without having to invest large amounts of energy and/or money.

 

My main suggestion is for businesses to invest in cybersecurity experts. Nowadays, there are so many different attack vectors and these have become so complex themselves that it is virtually impossible for any amateur to keep up with the latest hacking methods and break-ins technology. Ideally, a security expert or security firm should set up work processes and tech in a way that an unexperienced employee wouldn’t really have a chance to make mistakes.  

 

Sadly, in reality the budget assigned to security is always limited and each business sets up spending priorities according to their needs. However, it would be fitting to draw the parallel between vaccines and diseases - the more effective the vaccine is, the more likely it is to trigger herd immunity.

 

Mikko put forth his theory that perhaps it will be possible in the future to defeat the dark side of the web completely. Internet sites, programs and apps are all created by people who are forgetful, and unable to predict every single possible outcome, thus unwillingly exposing security breaches that are preyed upon by cyber-criminals. In the future, programs will create programs and because of artificial intelligence algorithms, doing so without mistakes or backdoors. Yet, it can be very alarming thinking about the possibility of these algorithms getting into the wrong hands. 

 

Security vaccine

 

If you’re not an enterprise worth millions, but still want to feel safe navigating the web, here are a few simple tips to thwart cyber criminals.

 

  • Always update all software and operating systems on your computer and smart-devices.
  • Oversee your password hygiene. Use password managers like LastPass, KeePass or 1Password. These tools help to create safe passwords for every site or program you use, and automatically enters them when you log onto the internet. All you have to do is to remember one secure and strong password.
  •  Use a two-step authentication process when possible, especially when operating cloud-servers, email and social media networks. After digiting your password, you will receive an SMS or an email with a temporary code; this needs to be entered in order to allow a complete log-in. It is a slightly longer process but the security is increased tenfold.