Cybersecurity in a Nutshell
Cybercrime and Its History
Modern technology connects governments, financial institutions, businesses, and people. Digital technology offers the platform for this connectivity and provides numerous significant benefits. Yet, it also offers a way for unscrupulous individuals to perpetrate criminal activities, from vandalism to classified information theft.
Hacking can alter a procedure or product to either solve a problem or change the way it works. Coined in the 1960s, it describes the various activities performed by some MIT enthusiasts who altered model trains’ operations. These people found ways to alter some functions without the need to re-engineer the whole device.
The curiosity and resourcefulness of these individuals led them to learn the computer code of the early computer systems. Keith Thompson and Dennis Ritchie hacked the original system and developed the UNIX operating system. Most people know the term “hack” as an ingenious way to improve a function or fix a problem with a device or product.
In the 1970s, hacking became malicious. Phreakers or tech-savvy people found out the correct tones and codes of the early computerized phone systems that allowed free long-distance calls. They imitated operators, performed different experiments, and went through Bell Telephone Company’s rubbish to search for secret information. They hacked the software and hardware to take advantage of free long-distance calls.
Law enforcement found it difficult to deal with hacking because there was no law for prosecuting hackers. Furthermore, the investigators had no technological skills. As communications and computer systems became more complex, cybercriminals also had more opportunities.
Lawrence Berkeley National Laboratory systems administrator Clifford Stoll noticed some accounting irregularities in 1986. He invented the first digital forensic techniques to detect if an unauthorized user was accessing his computer network. His honeypot tactic attracted hackers to return to the network until Stoll could gather enough data to find the source of the intrusion. Eventually, his strategy led to the arrest of Markus Hess and his associates, who sold stolen military data to the KGB.
In 1990, 150 FBI agents confiscated at least 20,000 floppy disks and 42 computers, that criminals had used for illegal telephone and credit card transactions. Yet, law enforcers could also make mistakes with their investigations. For instance, Steve Jackson Games publishing company was accused of having an illegally copied document in its possession. The Secret Service confiscated the company’s computers. The seizure of computers forced the publishing company to miss deadlines and lay off employees. The Secret Service returned the computers but deleted computer data and accessed company emails. However, it did not press charges against the company.
In 1990, because of threats to civil liberties brought about by the mistakes and impulsive activities by law enforcement, lawyers, technologists, and other professionals formed the Electronic Frontier Foundation (EFF) to protect consumers from illegal prosecution.
Viruses like the ILOVEYOU and the Melissa infected millions of personal computers and caused the failure of email systems worldwide. They prompted the development of antivirus technology to recognize and prevent viruses. Furthermore, people became aware of the risks of opening emails and attachments from untrusted sources.
In the late 2000s, credit cards became the focus of attacks. Albert Gonzalez headed a group of unscrupulous individuals who stole credit card information from customer transactions of the UK outlet TK Maxx and US retailer TJX. According to reports, the breach of security lost the company about $256 million.
In 2006, Sunshine Press in Iceland launched the website WikiLeaks, a non-profit organization that leaks secret news, information, and classified media from undisclosed sources. According to its website, the group had about 1.2 million documents it planned to publish. Julian Assange is touted as the group’s founder, director, and editor-in-chief. Other publicly known associates of Assange include Sarah Harrison, Joseph Farrell, and Kristinn Hrafnsson.
Many of the documents released by WikiLeaks became front-page news. Some released documents were about the wars in Iraq and Afghanistan, and, more recently, released documents were email leaks that damaged the US Democratic Party and Hillary Clinton.
The Cybersecurity Sector
Cybersecurity is one of the fastest growing sectors in the tech world. Worldwide, it had an estimated size of $152 billion in 2018. Its market size could grow to $250 billion by 2023.
In the past 10 years, the US Federal government has spent close to $100 billion on cybersecurity alone. This is clearly important if we reflect on the fact that the 2016 US presidential election was certainly affected by cybercriminals. In 2016, the government allocated a budget of $14 billion. On average, cyberattacks cost businesses up to $500 billion per year, not including unreported cybercrimes.
In 2014, Heartbleed, a security bug that caused catastrophic damage to the corporate IT community, resulted in monetary damages costing billions of dollars. It is difficult to determine the possible cost-per-breach because a company has to compute the direct damage and the post-attack interruptions to business operations. Research companies and industry analysts, as well as suppliers, offer different formulas and estimates. As such, companies decide to calculate the damage on their own.
In the US, the cyber insurance market grew to $2.5 billion in 2015. This may grow significantly and may even expand worldwide in the next five years. Financial and banking services are also expanding into the cybersecurity market. The growth of the internet of things will also increase security spending.
In the global arena, Israel is the second-largest cyber products exporter, behind the US. The Asia Pacific market is also developing cybersecurity plans due to denial-of-service attacks, and the adoption of mobile devices and cloud computing. In the Latin American region, cybersecurity and cybercrime spending are also growing. Yet, there is a labor shortage when it comes to global cybersecurity. In the US alone, there are at least 200,000 unfilled positions. By 2019, the shortage in the cybersecurity workforce could reach 1.5 million.
There are different types of cybercrime. In this section, we provide a brief description of the main ones.
Backdoor
A backdoor is a secret way of circumventing security controls or normal authentication in an algorithm, a cryptosystem, or a computer system. It may occur due to poor configuration or original design. Authorized personnel may add a backdoor to provide others with unauthorized access. An unscrupulous person may add it for malicious intentions. Whatever the reason, a backdoor creates vulnerability.
Distributed Denial of Service Attack (DDOS)
A denial-of-service attack can bring down a network or machine. It denies service to intended users by overloading the capabilities of a network or machine. It can also enter the wrong password deliberately to lock the victim’s account. Adding a new firewall rule can block a network attack caused by an IP address. Yet it is difficult to defend a network from numerous Distributed Denial-of-Service attacks, which can come from a botnet and other techniques like amplification and reflection attacks. The cost of a DDOS attack averages half a million dollars.
Phishing
Phishing instructs users to give out details to a fake site that is identical to the original site. It acquires user information like credit card details, passwords, and usernames. According to research undertaken by Ponemon Institute, the annual cost to a business in the event of a successful phishing attack is around $3.7 million.
Clickjacking
Known as User Interface redress attack or UI redress attack, clickjacking allows an attacker to trick a user into clicking a link or button on a different web page. In other words, the attacker is hijacking the clicks of the user.
Spoofing
As a malicious or fraudulent activity, spoofing is when an attacker is disguised as a known source to the receiver and communicates with them. This is common to devices with low-level security.
Social Engineering
Social engineering is a type of fraud that convinces a user to disclose sensitive information. For instance, an attacker sends a fake CEO email to finance and accounting departments. According to the FBI, this scheme costs US enterprises at least $2 billion every two years.
Direct Access Attacks
An authorized user, who gains computer access, can copy data, modify the operating system, use wireless mice, or install covert listening devices, keyloggers, or software worms. Standard security measures may protect the system, but using a tool or booting another operating system can bypass such measures. It is possible to prevent direct access attacks through Trusted Platform Module and Disk encryption.
Eavesdropping
Eavesdropping is the unauthorized real-time interception of private communications. The programs NarusInsight and Carnivore, for example, eavesdrop on internet service providers’ systems. It is also possible to eavesdrop on closed systems when there is a lack of encryption or when they are weak.
Cybersecurity Categories and Players
Cybersecurity is quite fragmented, and there is a profusion of start-ups. These fall under 11 categories. We can definitely expect consolidation in the future.
Network and Endpoint Security
Network and endpoint security includes methods used to protect corporate networks from remote devices. Every remote device connecting to the corporate network can be a potential security threat. Thus, there is a need to secure both the corporate network and the endpoint.
Red Canary is a leading start-up in this category. It specializes in protecting the computer networks of companies against vulnerabilities caused by remote connections of tablets, laptops, and other electronic devices of a companies’ employees. Cylance, on the other hand, uses AI algorithms to identify and prevent malware and extreme threats in endpoints.
IoT/IIot Security
IoT security refers to the protection of connected networks and devices in the internet of things, which includes entities and objects that can initiate data transfer automatically and with unique identifiers. The main issue is that product design often does not include security. Most products in the internet of things have unpatched and old embedded software and operating systems. Thus, these devices are primary targets of security breaches.
Securing the internet of things will become of paramount importance, as we have already seen the devastating consequences that hacking cars and other vehicles can have. Argus Cyber Security is a cybersecurity start-up that focuses on protecting connected vehicles. On the other hand, Indegy offers security for Industrial Control Systems in critical infrastructures like water utilities, manufacturing facilities, energy, petrochemical plants, and the like.
Threat Intelligence
Threat intelligence is refined, analyzed, and organized information about current or potential attacks against an organization. It aims to help corporations understand the risks of external threats. It provides in-depth information so that companies can protect themselves against damaging attacks. A good threat intelligence provider is Flashpoint, which targets malicious activities on the web to expose and prevent threats and attacks.
Mobile Security
Mobile security involves securing business and personal information stored on mobile phones. Since smartphones compile sensitive information, it is necessary to protect the corporation’s intellectual property and the smartphone user’s privacy. Today, mobile phones have become preferred targets. As such, everyone must take part in securing information, from the developers to the end users. Zimperium provides mobile threat protection for iOS and Android devices.
Behavioral Detection
Behavioral detection tracks the executable events of malicious software to prevent criminal actions from happening. Examples of prohibited operations include modifying system settings and deleting files. Cloud security consists of control-based policies and technologies that protect infrastructure, data applications, and information related to the use of cloud computing. Furthermore, the policies and technologies comply with the rules of regulators. Darktrace is a firm that identifies cyber attack threats and mitigates risks by detecting the organization’s abnormal behavior.
Cloud Security
Cloud Security focuses on technologies and mechanisms that can secure data and applications that are held in the cloud. Tigera is a cybersecurity start-up focusing on securing the delivery of workload and applications across private, public, and hybrid clouds.
Deception Security
Deception technology is a collection of techniques and tools to prevent an attacker within a network from damaging the system. It misdirects the attacker by using decoys. Furthermore, it prevents them from reaching their target and going deeper into the network. Its products mimic real IT assets and run either on emulated or real operating systems. These services dupe the attacker into thinking that they have already found their target. It does not take over the roles of the other security products but enhances them. Illusive Networks can identify, deceive, and disrupt attackers before they can wreak any havoc to companies.
Continuous Network Visibility
Continuous network visibility allows the cloud to handle network security to detect enterprise threats, make them visible, and accelerate incident response. It uses the cloud to build a retention window with advanced visualization, automated retrospection, and full-fidelity forensics. With continuous network visibility, it becomes easier for security professionals to deal with threats in real-time. Protectwise visualizes and responds to network activity to thwart cyberattacks immediately.
Risk Remediation
Risk remediation is a technique that allows the application of countermeasures to lessen the susceptibility of cyber assets to various attack techniques, tactics, and procedures related to advanced persistent threats. Web security can be public and internal. It is good if the network setup has tight permissions, the web applications and web server often receives updates and patches, and the website code is of high quality.
AttackIQ focuses on identifying vulnerabilities in the processes, people, and technologies, and then offers solutions to solve the problem.
Website Security
Websites are unfortunately prone to many security risks, and so are any networks to which web servers are connected. Web servers and the sites hosted present the most serious sources of security risk for many companies, especially SMEs. This category consists of software installed on websites to prevent account takeover, content scraping, as well as other intrusions in websites. Shape Security and Distil Networks identify malicious website traffic.
Quantum Encryption
Quantum cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries. Post-Quantum provides technology for the encryption of data and wireless communications using quantum mechanics.
