Security software: the future of risk

A recent report by the UK government on cybercrime reveals 46 per cent of businesses that identified breaches or attacks in 2020, experienced them at least on a weekly basis. 

The number of attacks has risen considerably since 2017 – and the nature of breaches continues to evolve. This forces security experts to continually play cat and mouse in a swiftly expanding digital environment where vulnerabilities increase with the amount of technology connected to it.

Security software: the future of risk

The bigger they are, the harder they fall, or so it seems following the devastating breach recently suffered by Microsoft and the mid-December outage experienced by Google, the cause of which is yet to be officially confirmed. 

While details are still emerging, the SolarWinds attack is the most critical of its kind in recent times. According to Microsoft, the hackers infiltrated a server used to build updates for the SolarWinds Orion Platform, a product used for IT infrastructure management. 

The hackers inserted a backdoor malware into the compromised server product. This resulted in any customers who downloaded the updates also getting infected with the malware. 

Though not all infected customers suffered attacks, the malware was used for large network strikes against several critical and sensitive organisations.

Speaking to Technology, Joe Shenouda, CEO of the Netherlands-based Cyber Consult, says corporations must prioritise their security. “Data breaches and leaking databases are still a huge reality. Microsoft lost its source code to Russia and Nissan's whole Git code repository. Many trade secrets were compromised already this year and it's only January. In short,” he says, “secure your data.”

Remote access security

According to the Bureau of Labor Statistics, only 29 per cent of the US workforce was able to work from home before the COVID-19 era. By June 2020, the number had risen to 42 per cent, and the latest poll in the third quarter of 2020 showed 62 per cent of staff were, or had, operated remotely during the lockdown. 

The work from home mandate has saved many businesses from oblivion, but it has also opened the floodgates to new hacking vulnerabilities as companies rushed to implement new remote systems and provide their workforce with off-site access to networks. 

The more devices are linked externally to a network, the greater the chances of a breach. The rise of personal devices used for work purposes has also altered the security landscape in 2020, with some companies paying a stiff price for the attacks it has caused them.

Nikhil Chodankar, a senior security analyst at Prudential Services Asia, describes the cyberthreat situation as critical. He says, “It is projected that by 2025, there will be around 21 billion IoT devices. This means more devices will be interconnected bringing in more complexities and huge data to manage and analyse. This will create challenges for security professionals to understand the underlying technologies, how to secure IoT devices and the data it transmits. We have already seen POC where cars/airplanes systems have been hacked. IoT security will be a trend in the future.”

Companies need to observe strict protocols when considering work-from-home implications to security, remarks Shenouda. “There is a huge gap between having no security and going ‘directly’ on the internet from home, to being fully protected by VPN and other security tools that a multi-million-dollar company infrastructure can offer users,” he says. 

Cyber secure, future safe?

According to statistics released by the US cybersecurity firm Purplesec, the complexity and ferocity of cyberattacks are on a swift, upwards trajectory. For example, in 2009, the total number of malware infections reported by US companies was 12.4 million. Fast-forward a decade to 2018 and that figure jumped to 812.67 million.

A recent report by security experts Acronis has also dubbed 2021 as the “year of extortion” because ransomware continues to be the most prominent cyberthreat. One strain called Maze ransomware was widely used in 2020, accounting for almost 50 per cent of all ransomware cases.

Awareness and vigilance are critical, say, experts, as statistics show that more than 1,000 US companies had their data leaked after not giving in to ransomware demands during 2020, and this trend looks set to accelerate into 2021.

Are we likely to see fewer, but more serious, security breaches in the future if companies close their vulnerabilities? Unfortunately, not, says Shenouda. “There will definitely be more [breaches] and as the attack surface grows for many organisations, the scale and variation will be ever-increasing. This is a fact – not a prediction.”

He says that a worrying number of companies are poorly equipped for the inevitable onslaught, with huge variations in cybersecurity preparedness. “There is a lot of variation in cybersecurity maturity and the state of company infrastructures, for example on-prem versus cloud-based systems.”

Chodankar agrees. "We will not see fewer [attacks], but more complex and bigger security breaches in future,” he says. “With the tools and exploits being readily available on the internet and even in the darknet, enterprises are always vulnerable to attacks.”

However, solutions are available, he points out – and many companies are ahead of the game. “We are seeing the trend of AI/machine learning, introducing more complex bots in the picture. A good bot protection solution is what companies should look towards. We have seen the rise of DDOS attacks lately which affects the availability of the resources. Enterprises have now started taking security into consideration and have deployed a good DDOS prevention solution in their perimeter.”

Shenouda adds, “One thing is for sure, cybercrime is ever evolving and thus cybersecurity systems within companies should move at a faster pace to keep up. Standing still in this field means almost certainly that you will face issues in the near future.”