The security threats we face as consumers and enterprises are growing daily. Our networks, email and data are put under constant attack. As a result, IT security is one of the fastest moving technology sectors, with experts required to innovate and protect against new and evolved threats on a daily, if not hourly, basis.
The speed at which new threats appear and the increasing capabilities of the criminals involved makes predicting the future difficult. However, a number of recent trends enable us to predict some ways the industry will develop in the near future, and the various cyber-challenges that business and consumers will face as a result.
The commercialisation of cybercrime
As the profits from cybercrime grow, there is a trend emerging where those wishing to commit cybercrime are becoming more sophisticated in their efforts to avoid detection through a Crime-as-a-Service (CaaS) industry that is developing online.
According to the 2014 iOCTA report, Europol's European Cybercrime centre has seen an increase in the commercialisation of cybercrime in recent years. Those that lack the technical skills and tools to develop cyber-attacks themselves are eliciting the services of established cybercriminals operating within the dark web to create software on their behalf. This new method of developing cyber-threats leaves little trace and poses a huge challenge to those trying to combat cybercrime, and is ultimately making the process of conducting cyber-attacks easier, especially for those with little or no experience or knowledge.
Consumers and businesses at risk
According to Gartner, there will be a thirty-fold increase in internet-connected physical devices by 2020, meaning that the vulnerable targets for cybercriminals will no longer be confined to PCs, laptops and smartphones. As we have seen with the well-publicised iCloud issue, cybercriminals are capitalising on their access to consumer's personal services. A recent study by Kaspersky Lab revealed that two-thirds of adults are unaware that cybercriminals could use malware to take over their mobile device camera to steal private images, as well as view those stored from the device.
It is not just poorly informed consumers who are at risk, as many high-profile organisations have become the target of serious security breaches in recent times. As the eBay leak shows, cybercriminals have the ability to disguise threats so successfully that attacks can go undetected for a worrying period of time – research tells us the average time spent on a network before detection is 265 days.
The developing threats are now incredibly complex; criminals can ensure that malware is hidden so successfully, that it can effectively avoid all network scanning and malware detection by residing in legitimate web traffic or emails, putting sensitive data and customer information at serious risk.
There is also a point where consumer devices and business critical data come together. A recent study by Vanson Bourne found that almost a quarter of those asked confessed to storing corporate information on their personal laptops and mobile phones, with almost one in five (19%) revealing they had lost a personal or mobile device at one point.
These devices will undoubtedly become a target for cybercriminals looking to capitalise on their newfound access to consumers and as a result, businesses. An excellent example of this particular risk is the higher than normal prices achieved for second-hand hard drives on eBay. Prices are pushed up by those blanket buying the old hardware in the hope it still contains sensitive information.
Consumer-grade cloud solutions present a corporate risk
Although there are a number of enterprise-focused cloud solutions, research conducted by analyst firm Ovum found that 89% of employees are still using consumer-grade cloud solutions to both store and share corporate documents, often against corporate policy or in the absence of a sanctioned alternative.
The study of 5,000 employees found that the UK workforce is choosing to use unsanctioned consumer cloud offerings to share corporate information. As employees become tech-savvy and cloud services become easier to use in an enterprise IT context, there is the concern that they will use devices and programs to exchange files that are increasingly beyond the control of IT management, and therefore unprotected from serious cyber-threats.
While it is impossible to predict exactly how the cybercrime industry will develop in the coming years, the above scenarios suggest that there will be a never-ending battle between cybercriminals, consumers and the IT industry. A constant game of cat-and-mouse is already underway. IT security experts must continuously create new methods of detection in order to stay ahead of the increasingly skilled and diverse cybercriminals operating on the web.
- Orlando Scott-Cowley is a Security Expert at Mimecast