How to outwit cyber criminals in a rapidly changing world

The world has come a long way since the first computer viruses — Creeper, Wabbit and Elk Cloner — were unleashed on the ARPANET (forming the technical base of today’s internet) close to half a century ago. Initially self-replicating and somewhat harmless programmes, these viruses and worms gradually turned complex, vicious and persistent. The internet is a goldmine for cybercriminals and they can easily release malware for a price, bringing businesses as well as nations to a crashing halt.

Millions of systems have been compromised worldwide over the years as cybercriminals stole money, credentials and information, or just caused intense turmoil. Most recently, for instance, the “Cookie Miner” malware was discovered that could potentially steal user information (credit card, passwords, etc.) from the browser’s cookies linked to crypto currency exchanges and wallets. In Australia, cybercriminals hacked the systems of a health care company and an auto enterprise, holding the data for ransom.

The last two years have seen a massive rise in cybercrime. Cisco’s 2018 Asia-Pacific Security Capabilities Benchmark Report highlighted the fact that India recorded the second highest number of real cyber threats, followed by Australia, in the Asia Pacific region. The year 2019 will continue to see incidents on a global scale, with cybercriminals attempting to exploit vulnerabilities, breaching confidential data and hacking security systems. As we talk about cyber security becoming an integral part of the boardroom agenda, organisations can take note of some areas as they strive to protect their critical assets in 2019. 

The artificial intelligence (AI) “opportunity” will be big in 2019. However, the rapid advancement and adoption of AI can turn out to be a double-edged sword. On the one hand, AI can help organisations ramp up their technology systems to new levels of sophistication, predict attacks and correspondingly take quick corrective action; on the other, it can also be misused by cybercriminals in avoiding detection and evading security. 

Recently, there was an uptick in “Deepfake” videos that were created using deep-learning AI and involved creation of fake videos showing real personalities. In 2019, cybercriminals are likely to exploit the power of AI to a significant extent for nefarious purposes, circulate fake news and spread malware through phishing attacks. With security solutions yet to be developed as a counter, the only remedy available is to raise awareness and set up training for all stakeholders. 

Smart contracts, which use Ethereum blockchain to maintain a decentralised ledger and subsequent contract between parties, have been implemented by some of the leading financial institutions. Increased usage is expected in financial transactions, including money transfers and protection of intellectual property rights. However, there have been flaws associated with this AI that may be exploited by cybercriminals. One of them is the “re-entrancy attack” that may see hackers accessing user's funds and extracting them without complying with contract requirements or without the knowledge and/or approval of the respective users. 

Cloud computing, used extensively to store company data on servers, is another area at risk. In 2019, hackers will focus their effort to breach organisations’ systems, resulting in a radical shift from malware stored on the desktop to being stored within the data, making the same redundant. Investments in enhancing cyber security and incident response capabilities and hiring talent will be crucial.  

Voice-controlled digital assistants are expected to be another area that will be targeted by cybercriminals, as they are used frequently by individuals as well as businesses. Hackers will further develop malicious codes and commands to target the Internet of Things (IoT) devices and their voice assistants. These assistants are also likely to be used in digital/financial payment applications, which will further augment risks. 

While the threats continue to escalate, governments across the globe are launching initiatives and enhancing greater cross-border collaboration to fortify cyber security measures. The year 2019 will see India taking rapid strides to counter growing cyber threats by institutionalising a Defence Cyber Agency, under the supervision of the Integrated Defence Staff, inauguration of a national cyber forensic lab (NCFL) and Delhi Police’s cyber-crime unit, ‘CyPAD’. A National Centre for Artificial Intelligence is also on the anvil under the aegis of the ministry of electronics and information technology. 

The EY Global Information Security Survey (GISS) 2018-19 highlights cyber security gaining prominence among the board. However, it also notes that more than three-quarters (87 per cent) of organisations do not yet have sufficient budgets to provide the levels of cyber security and resilience they want. Protection is patchy, relatively few organisations are prioritising advanced capabilities, and cyber security too often remains siloed or isolated. The cyber threat that stands before us is as real as it can get. In 2019, organisations will have to buckle up their cyber seatbelts for the bumpy ride ahead.   

The writer is Partner, Forensic & Integrity Services, EY