Recent years have seen a boom in tech innovation.
From newly connected cities and organisations built on the backbone of the Internet of Things (IoT) and artificially-intelligent chatbots that tackle customer service issues to cloud storage and computing that allows companies to avoid data access delays and puts information directly into the hands of employees that need it, the benefits of such innovations are being reaped everyday.
However, as technology enables the world to become more open and connected, the embracing of global digital transformation has created new cybersecurity risks and expanding cyber-attack surfaces.
In January 2019, a database containing over 773 million unique email addresses and 21 million unique passwords resulting in more than 2 billion email/password pairs was discovered on the dark web.
Cyber security experts reviewing the database claim that this collection, dubbed Collection #1, is the largest data breach on the internet. As the moniker may reveal, Collection #1 was only the beginning for 2019’s cybersecurity woes.
In the weeks after its discovery, cybersecurity journalists discovered seven additional collections totalling 500GB of data for sale.
Experts say that the depth and breadth of data leaks will continue to increase as businesses and individuals continue to leverage next-gen technology.
“The explosion of companies deploying IoT solutions, for example, is creating vulnerabilities,” explained Kevin Mitnick, one of the world’s most infamous white-hat hackers who will be taking to the Dark Stage at a cyber security event in Dubai next month. “While IoT enabled devices can make businesses more efficient, each device is also a new endpoint ripe for hacking.
“And it isn’t limited to the device itself, or even the network. There are botnets that use hordes of compromised IoT devices to overwhelm targets in DDoS attacks.”
Brick-and-mortar establishments are leveraging digitalisation to streamline their sales, creating point-of-service pages and other customer-facing forms online. Where the end-user sees a new wave of retail convenience, cybercriminals simply see a refreshed revenue stream.
“Formjacking” preys on e-commerce sites and forms that require financial information to be entered. Malicious code injected into the site by a cybercriminal collects any information entered into the form, including card details, email addresses and names.
While it is not a new form of cybercrime, security outfit Symantec reported 4,818 unique websites were compromised with formjacking code every month in 2018, totalling 3.7 million attacks. A full third of those attacks were blocked in November and December.
Social engineering — manipulating human behaviour — is still key in the cybercriminal’s toolkit. However, the advent of Artificial Intelligence is making deceiving consumers just a little bit easier. AI-driven chatbots are already used to streamline customer service instances, answering frequently asked questions and directing customers to readily available information.
According to research firm Gartner, 85 per cent of customer interactions will be handled without a human agent by 2020. With the latest innovations in machine learning, however, chatbots can now be exploited by hackers to trick customers into giving away sensitive information or clicking on malicious links.
Cybercriminals only need to make a chatbot look like it is from a reputable organisation to fool users who are not on their guard.
As companies move their data and, increasingly, their services to the cloud, it is clear that data access has removed barriers for employees. No longer do employees have to track down information they need to complete a task, and the risk of that data becoming lost has decreased significantly.
However, as cloud computing has reduced barriers for employees, it has done the same for cybercriminals. Cloud resources are increasingly easy targets for cybercriminals, with more than 70 million records stolen or leaked from poorly configured S3 public cloud storage buckets in 2018 alone.
Attackers are continuously evolving. Protecting your business and data is no longer a case of simply installing solutions and making the required updates.
Michael Champion is Event Director at GISEC, which will be held April 1-3 at Dubai World Trade Centre.