Often, I get asked by client and prospects when did
Cybersecurity actually start? This is
actually a hard question to answer, because nobody really nobody knows the
answer to it. Technically, you could say
when the first mainframes came out in the 1960s, and the first Internet was
born, which was called the APRANET.
This allowed computers to be connected together, which posed
the possibilities of them getting hacked.
But I can say for sure that the first documented Phishing attack
actually occurred in the late 1990s, when a threat variant was launched against
AOL.
So since then, obviously technology has advanced greatly,
and has come to the point where we can literally say to Siri or Cortana, “Please
start the coffee maker”, and it will start.
But of course, things are going to advance further much more than this
as the years pass.
Then another question I guessed asked from time to time is
how did we get so bad at Cybersecurity, and how is it that the Cyberattacker
has the upper hand now? Well, there are
many different reasons, and I will give the big one at the end of this
blog. But here are some of the reasons
that have been cited so far:
1)
The Cyberattacker is very organized:
Honestly, one does not need to be wearing
a hoodie, be sitting in a dark room with a laptop in front of them, with an IQ
of an exponential amount. In other words,
you really do not have to be that intelligent in order to launch a true
Cyberattack. The reason I say this is
that now, anybody could go onto the Dark Web and hire a Cyberattacker agency to
do the work for you. Why they are so successful
these days is that they are organized, and they plan well ahead of time as to
how they will attack. In fact, this is
why the Solar Winds hack was so successful.
It took months of planning ahead of time, and the Cyberattacker took all
the time that they needed to carefully study their victim, and find their weakest
spot. This has become now known as the “Corporatization
of Cyberattacks.”
2)
Payloads are much more intelligent:
With the advent of Artificial
Intelligence (AI) and Machine Learning (ML) tools now become widely available, the
malicious payloads, also called the “Malware” has become much more sophisticated
in nature, and even more “intelligent”.
For example, most payloads can now sit in a dormant state in the IT/Network
Infrastructure of the victim, going undetected for long periods of time
(average is 90 days). But they are not
just simply sitting there. They are
actually collecting bits of information and data that it can use to leverage
itself when it comes time for them to literally “explode on the scene”. Of course by then, the damage has already been
done, and the best anybody can do is try to mitigate any further damage as much
as possible.
3)
Supply Chain Attacks:
By this, I don’t mean attacking the
direct logistics and shipping lines that exist (but this is also a key target). Rather, this is the instance where the
Cyberattacker will use one weak spot to deploy the malicious payload, and from
there, it can further spread itself in zombie like fashion, affecting thousands
of other devices. This is now
technically known as a “Supply Chain Attack”.
Once again, the Solar winds example is the best one to use here. Long story short, the company had a software
package called Orion, which thousands of other customer used. All the Cyberattacker group had to do was
merely insert the malware in just one weak spot of Orion, and from there, it
spread itself to hundreds of other victims, which included branches of the US Federal
Government, businesses in Corporate America, and even the nonprofit sector as
well. Watch for this trend to continue in
2022, but with the Critical Infrastructure being the primary target in this regard. In fact, 97% of the businesses in the United
Kingdom were victims of this kind of attack in 2021.
4)
The Remote Workforce:
Now that this has taken firm root
for the long haul now, this has opened a whole host of vulnerabilities for the
Cyberattacker to penetrate into, thought things are a lot better now than when
everybody first started to work from home almost two years ago. For example, there is the intermeshing of the
corporate and home networks, employees using personal devices to do work
related functions, Zoombombing, employees using public WIFI’s in order to
access the corporate network, etc. But probably
one of the biggest problems is that with such dispersed workforce, the threat
of Insider Attacks and Social Engineering has become very real now. Thus, businesses now have to examine closely
any external threats along with any suspicious behavior that could be
precipitating from within.
My Thoughts On This:
As mentioned, Cyberattacks are only going to grow, they will
never stop. Just consider some of these
stats for 2021:
*The total number of PII dataset breaches increased by 17%;
*Over 40 million healthcare records were stolen;
*The payouts for Ransomware was pegged at $590 million.
These numbers are only expected to get worse as time goes on. So what is the big reason why Cybersecurity
is so bad today? Well, it’s just the
matter of the fact that we live in a reactive society. We simply don’t think that we will ever become
a victim, and we will only take steps to protect the business, customers, and
employees after we have been hit with a security breach.
IMHO, this is how 9/11 happened. The Presidential Administration at the time
had the intelligence information and data to merit that something was going to
happen, but they did not act on it in enough time. Heck, even the hijackers that took control of
the airplanes displayed very erratic behavior as they were taking flying lessons,
but nobody reported them.
Unfortunately, this is the way our society works, and will
do so for the long haul. Humans are
simply creatures of habit, and don’t want to change until something bad really
does happen.
No comments:
Post a Comment