What are the main problems that we ought to see in the upcoming months on the cyber security front? Well, the four horsemen analogy is actually pretty useful to understand what we are facing right now.
Even though hacking computers seems to be something easy, it really isn’t. Yes, sometimes hacks are really simple, like changing a digit in a browser address bar, but most of the time they are really intricate actions that involve highly technical skills. It requires times, knowledge, and lots of patience to be able to write some malware that is going to be useful for a criminal.
But cyber security isn’t something that is fully dependent on computers. A big piece of your cyber security involves human activities and compliance to policies. This is one of the major problems in security because humans are the ones controlling information systems since artificial intelligence doesn’t rule the world (yet).
Thus, an inventive hacker will probably target humans, because they are way easier to hack than computers. Unfortunately, social engineering, which is the art of human hacking if you will, tends to be way easier than computer hacking. So, in the future, social engineering will definitely remain a big a problem for organizations. This horseman isn’t about to die, and fighting it will remain a complex task.
Internet of Things
On the surface, the Internet of things is actually a great idea. Combining the strength of the Internet with the different tools that we use on a daily basis to enhance their capabilities is really a good thing. I don’t know about you, but for me having my house temperature monitored by a system based on machine learning that can be controlled remotely through the Internet is quite useful.
The fundamental problem with those systems is that they are true computers. They have memory, Wi-Fi Internet access, computing powers, and software that can be manipulated by a hacker. This last part is especially true since the software support offered for many objects that qualify as Internet of Things tools is alarmingly lacking.
This leads to situations where thousands of objects like that are vulnerable to cyber-attacks and can even be eventually used to conduct other cybercrimes. This has recently been the case when we learned that thousands of surveillance cameras were hacked and used for distributed denial of service (DDOS) attacks.
Wi-Fi and Remote Access
Sure, Wi-Fi, Bluetooth, and cellular connections are all great. They offer many possibilities, like the ability to fetch new data on the fly without the intervention of the user. They also provide the comfort of not having to search for a cable to access the Internet, which is quite useful for many connected devices, like security systems for instance.
The trend to be connected everywhere and anytime has one major drawback though: it means that there are a lot of devices that can be detected, scanned, and attacked remotely without the user’s knowledge. Since Wi-Fi connections are invisible to the human eye, it is extremely difficult to detect someone trying to penetrate those networks. Also, there is always the possibility that a criminal will try to mimic an existing Wi-Fi connection, like a Man in the Middle attack, for example.
Right now, this horseman is working hand in hand with the Internet of things horseman. Having every new device that can be connected to the Internet communicating through Wi-Fi is just widening the vulnerability surface, thus creating new security holes and potential breaches that could endanger data.
Last but not least, the infamous crypto ransomware. This type of malware is quite simple in its function. It locks a user out of his data, hides the key, and asks a lot of money to give the key back. Since we live in a world where information and data are central to our lives, aiming at this to force users to pay ransoms is actually a good idea. It is highly unethical, but it is a good idea.
The fact is that crypto ransomware attacks are here to stay, especially now that we are diving into the world of the Internet of Things. Right now crypto ransomware attacks are pretty annoying but in a near future, when we are going to see the first crypto ransomware attacking your car, asking you for a ransom to be able to start it in the morning, we will probably say that it is way more than annoying. So watch out for this horseman: it is dreadful.
We Won’t Stop Them
In the end, we must consider that security specialists won’t be able to completely stop these four horsemen. They are here to stay, and they will surely evolve in the upcoming years. We must thus live with them and try to limit the problems that they might bring to our security architecture.