According to Shashi Jayakumar and Foo Siang-tse, 2017 may have been a watershed year for cybersecurity due to the number of hacks, leaks and data breaches. However, they also think 2018 will be worse. Here’s their explanation why as well as their view on what states and organizations should do to mitigate developing cyber threats.
First, the threat landscape will continue to be asymmetrical. Threat actors have an edge over enterprises that are hard-pressed to staff up internal cyber security teams.
State-sponsored actors and, increasingly, organised crime groups are well-funded, organised and resourced. They can afford to take their time to do research on their target, create the right malware and tailor their attacks to their targets. Even if they were to fail the first time, they can persist to try again and again at very little marginal cost.
These entities are aided by the breathtaking rate of technological advancement. But attackers have also begun to acquire an increasingly deep understanding of human nature. This has manifest itself in more nuanced attacks that make use of social engineering and behavioural insights.
What we have seen in recent years is the continued evolution of (and preference for) very complex and precise spear phishing campaigns, unlike spam or phishing e-mails which are mass attacks. A spear phishing campaign targets specific individuals, organisations or businesses, to collect sensitive information.
It may take the form of a professional-sounding, personalised e-mail that makes use of personal data collected from public posts on social media sites and blogs to target subjects to lower their guard – to entice them to click on suspicious links or open documents that may be virus- contaminated.
Source : CSS ETH