The world is fighting back.
In Hollywood movies, when the individual underdog prevails against monolithic corporations or corrupt government entities, we celebrate their success.
When that individual underdog is actually a cyber-criminal intent on causing damage on that same scale, it is a cause for major concern. What do you think would happen if the entire IT infrastructure of all utilities or emergency services or even just government services were compromised in a single attack at a city, state or even national level?
World Economic Forum Centre For Cyber Security
Cybercriminals don’t seem to care about boundaries let alone borders with their use of malicious code to wreak havoc, extort ransom and, in general, cause measurable damage.
Recognising this, the World Economic Forum opened a Centre For Cyber Security in 2018 to leverage their convening power to mobilise the capabilities of a global network of partners from business, government, international organisations, academia and civil society to enhance and consolidate international security.
They reported the potential for global cyber harm as: “Economic loss due to cybercrime is predicted to reach $3 trillion by 2020, and 74% of the world’s businesses can expect to be hacked in the coming year. The 2017 Wannacry attack affected 150 countries and institutions such as the National Health Service in the United Kingdom – demonstrating both the grand scale of cyberattacks and the devastating consequences for their victims. Current efforts to contain cybercrime, while important, remain largely insufficient as the global impact of cyberthreats continues to grow.”
In addition to just the sheer magnitude of the cost and potential damage, it seems that even bigger targets are on the horizon.
Cyberattacks at a Country Level
Wael Fattouh, a Saudi-based PwC partner specialising in technology risk assurance, said at a recent oil industry conference: "At some point [hackers]) were after a quick buck, just wanting to make some money and steal a few identities. But now you have teams of people dedicated to coming up with creative ways of shutting down entire countries – not just companies."
This actually isn’t as far-fetched as you may believe. We have already seen this level of impact reported on the World Economic Forum website:
“In April 2018, the small independent Caribbean nation of Sint Maarten faced a total public shutdown for an entire day. The previous month, the city of Atlanta was crippled by a ransomware attack that lasted two weeks and cost nearly $3 million. In the US alone, Baltimore, Charlotte, Dallas and San Francisco have been victims of cyber attacks during the past year, following (ironically) a transition to smart city technology. Although the smart city concept has created more connected cities, the lack of cybersecurity preparedness often creates serious security vulnerabilities.”
Every agency, organisation and company in a given country will have to play their part in the war on cybercrime. Evaluating new strategies for IT security that takes a strong strand on prevention versus just protection will go a long way.
An Ounce Of Prevention
Constant vigilance is required in order to prevent cyberattacks. To be effective, your solution must evaluate every line of code, making well documented evasion techniques ineffective. It should be agnostic to file type, client-side application type, or the client operating system used within the organisation. It should provide protection regardless of operating system, CPU architecture, and function (client, server) of the targeted machine.