Throughout the pandemic hackers have pivoted their attacks to capitalise on coronavirus chaos and the mass shift to remote working. Organisations must now prioritise building cyber immunity into their strategy.
The National Cyber Security Centre (NCSC) handled 723 incidents between 1st September 2019 and 31st August 2020, up from an average of 602 incidents over the last three years. What’s more, over a quarter of all cyber incidents detected by UK intelligence analysts in the past year involved criminals and hostile states exploiting the pandemic. Nation states have even targeted Covid-19 vaccine research organisations, with Russian hacking group ‘Cozy Bear’ found to be targeting companies across the UK, US and Canada.
With organisations set to continue remote working for much of 2021, and geopolitical tensions continuing to bubble, what do the next 12 months have in store for the cyber security industry?
Here, Richard Starnes, chief security strategist at Capgemini, provides his view on what lies ahead and how organisation’s can build cyber immunity into their strategy.
Many companies previously had AI on their roadmap for 5-10 years down the line; however, Covid-19 has compressed this timeframe. That’s because the spike in incidents has left IT teams unable to cope. Even before Covid struck, Capgemini research revealed that over half of senior executives admitted that their cybersecurity analysts are overwhelmed by the unparalleled volume of data points they need to monitor to detect and prevent cyber attacks. This has only escalated under Covid’s reign.
The problem lies in speed. Every step it takes a business to secure its digital future has cyber criminals innovating at a greater pace. In fact, hackers are already adept at using AI to launch clever attacks — AI algorithms can send phishing tweets six times faster than a human — and with a far higher success rate.
In 2021, in order to turn the tide, cyber analysts will no longer be able to avoid AI adoption. Adopting SOAR (security orchestration, automation and response) processes to allow their organisations to collect security data and alerts from different sources, in turn enables quicker and more effective incident analysis and triage to be performed. Such processes help define, prioritise and drive standardised incident response activities according to a standard workflow through connections to data sources and platforms. Through deploying intelligent, predictive systems, cyber analysts will be better positioned to anticipate the exponentially growing number of threats.
The comprehensive IT security guide for CIOs and CTOs
This year, deep fake video and audio technologies are likely to pose an increasing threat to businesses, as criminals continue to become adept at creating fakes using AI and machine learning. Triggered by a shift towards remote working and the subsequent reliance on video and audio-based methods of communication, advancements in this field have ramped up rapidly during the pandemic.
This includes building photo-realistic copies of people and applying mouth mapping technology, which enables the movement of the human mouth during speech to be mimicked with high accuracy. Harder to detect, such methods stand to put organisations at risk of severe financial loss. In 2020, criminals used AI-based software to mimic a CEO’s voice to demand the transfer of $243,000.
Throughout the course of the pandemic social engineering techniques have also become increasingly more sophisticated. This includes gathering information available online or from stolen physical records to create a fake identity for a particular target, a practice known as social profiling. Methods such as this will become increasingly easier for cyber-villains because of the greater use of online platforms, in addition to the blurring of domestic and business IT systems during the pandemic.
Over the next 12 months CISOs will have to grapple with the consequences of the decisions they were pushed to make in 2020. One of their first challenges will be to “un-cut” the corners they took last March to respond to remote working demands that cropped up practically overnight.
Many are likely to adopt zero trust policies — a mindset that treats everything as hostile, including the network, host, applications, and services. In fact, recent research has shown that even by November 60% of organisations reported that they were accelerating zero trust projects. This demonstrates how CISOs are taking a more deliberate approach towards operational security. This year, successful zero trust journeys will incorporate strong multifactor authentication, comprehensive identity governance and lifecycle, and effective threat detection and response fueled through comprehensive visibility across all key digital assets.
Throughout 2020, attackers and cybercriminals exploited the chaotic year by attempting to breach a record number of enterprise systems in e-commerce, financial services, healthcare and many other industries.
In 2021, businesses must accelerate AI to combine human and machine insights so they can out-innovate attackers intent on escalating an AI-based arms race. Adopting emerging technologies such as AI themselves will also help to address the rising threat of sophisticated deep fakes. Finally, any technology deployment must be underscored by a concrete security strategy such as a zero trust approach. No business is immune to the threat of cyber-attack, but addressing these three areas will strengthen its defences as the pandemic continues