The threat of cybercrime, which is a danger not only to individuals and businesses but also to nations, remains a hot topic. Due to the nature of cybercrime and its ability to constantly evolve and outpace the vast majority of cyber security measures, the range and scale of cyberattacks have been consistently growing, with recent attacks such as the Yahoo Data Breach affecting personal data relating to more than three billion people. With such high-profile attacks, however, comes an increased awareness in the general public and a similarly increased ability for cyber defense to learn from them in an effort to diminish future cybercrime. Yet the question still remains: will cybersecurity ever be able to fully contain the threat of cybercrime? Cyber criminals are moving faster than businesses can deal with them. In a time of accelerated digital disruption where businesses and individuals alike are moving towards increasing usage of technology in all forms, cybercrime is not only becoming more common, but in some ways easier to commit due to the proliferation of these new technologies. Indeed, with BT Group reporting an increase by 57% in cyberattacks since last year alone—with nearly 4,000 reported cyberattacks a day—it’s easy to see that cyber defense will be an absolute necessity for all businesses moving forward. Companies are not prepared to defend against cyberattacks. While an estimated 97% of companies have been the victim of a digital attack, BT Group estimates that only 22% are fully prepared to deal with future incidents. Similarly, they have found that while 71% have procedures in place to review the tools and strategies used by cyber criminals, only 30% understand them—and even more concerning, over 45% of companies lack the skills and people needed to defend themselves at all. Conversely, companies are increasing their digital footprint—and their vulnerability to digital attacks. Around 93% of businesses see digital technologies as a means of creating opportunity, with 19% of organizations having moved all apps and infrastructure to a cloud-based system and a further 46% having moved over half of their apps and infrastructure to a similar system. With increased reliance on digital technologies throughout virtually every business, cyber criminals now have multiple touch points through which they can infiltrate a business’s data and systems. Cyberattacks are often straightforward—and easier to prevent than you think. The majority of cyberattacks begin with the attacker running scripts to find vulnerability in host systems and IP addresses and exploiting any weak points with malicious software. Once vulnerability is found—such as script finding the correct password to a known username—the attacker will then exploit that foothold and move laterally across the network, picking up data from data repositories as it moves along. Luckily, attacks such as these are common and can be tracked using sophisticated artificial intelligence tools. Visual analytics tools can help users visualize data. Using machine learning to create different charts and graphs based on vast quantities of data, human analysts can see patterns in cybercriminal behavior more easily, such as physical locations, traffic, access points and even the timeline leading up to the attack. By looking for spikes of unusual activity in a graph, for example, analysts can focus on certain time frames and use other forms of data visualization to show which port an attacker is attacking from and which host they are attacking. This way, analysts can isolate the host device straight away rather than performing a costly system-wide shut down. The visual analytics tool can also track data back in time. By focusing on the range of suspicious IP addresses identified earlier, analysts can also figure out if an attacker was interested in other hosts sometime in the past—a tool that can help analysts narrow down the source of the attack even more. Using this visual analytics tool, many organizations are now able to accomplish what used to take days in mere minutes. Cyber risk is a challenge for the insurance industry. While cybersecurity remains a constantly evolving issue, it is the job of the insurance industry to help organizations, governments and individuals manage this risk—and while cyber risk will remain a major challenge for some time, the exploration of digital crimes will continue to shape future risk mitigation strategies. Mitigating risk in general is a complex process. First, insurers must understand what they are covering—in the case of insuring a building, for example, information such as physical location of the building and what the building is made up of needs to be known. Second, insurers must figure out what risks the building will face—such as potential weather conditions. Third, insurers need to model the risk using the previous two pieces of information. Fourth, the insurers must make sure the risk is managed and mitigated—such as enforcing building codes. And last, insurers must make sure the risk is transferred. In cyber-related insurance, it is important to create partnerships. Because cyber risk is still relatively new and unknown, the traditional route of mitigating risk remains a challenge. It is important, therefore, that partnerships be created and data shared in order to gain more knowledge in the area of cyber risk and create more models of real risks. Recent trends in cybersecurity are bringing us on the right track. With new digital security technologies being developed at rapid rates, many more outdated forms of cyberattacks are being put to rest. A new multi-disciplinary approach to cyber security. In addition to technology, studies in areas such as economics and behavioral science are being conducted in an effort to not only prevent cyberattacks but to also understand the human element behind the attacks. More focus on fundamental market flaws. Spoofing, which is the practice of creating misleading emails that appear to be from a legitimate source but actually originate from somewhere else, is one such example of a persistent problem found in cybersecurity throughout markets. In order to combat this, the UK government has enacted a system in which if a person is on a public-sector network and wants to connect to a website, there are programs in place to prevent them from accessing websites that may contain potential spoofing and other threats. Through this program, over a billion website attempts are scanned a week, blocking around half a million trips to infected websites. Focus on organization-based defense rather than individual-based defense. While traditional rhetoric often places the burden of cyber defense on employees—such as requiring them to change their passwords often or advising them to not click on risky email links—it is much more effective for the organization to contain the risk before it spreads to a multitude of employees of varying levels of technology defense knowledge. In fact, findings show that current password advice involves the mathematical equivalent of remembering a new 600-digit number every month, an impossible task for any individual. It is a multi-layered defense, therefore, that is needed to make sure no risky links can get to an employee in the first place.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.