Exclusive comment: Cybersecurity in the modern world
Peter Groucutt, Managing Director of Databarracks comments exclusively for Security News Desk UK on cybersecurity in the new normal
Cyber security is an arms-race between legitimate businesses and the cyber criminals. As the attacker’s techniques and skills improve, so do defences.
In a 2012 TED talk, the FBI futurologist Marc Goodman drew parallels between the growing prevalence of cyber-crime and earlier criminal innovations – the transition from the single-victim model of highway robbery to a captive audience of 200 targets during a stagecoach hold-up was fundamentally an exercise in risk reduction and scalability. Marc argues that incidents like the 2011 Sony PlayStation hack, in which personally identifiable information was stolen from over 77 million user accounts from a single location, are a part of the same continuum.
Since then, Facebook, Twitter, Myspace, LinkedIn, eBay, Yahoo and Microsoft have all been breached, each exposing hundreds of millions of user details. David McCandless & Tom Evans have been cataloguing the world’s largest breaches:
Even if there is not any value in the user accounts directly, hackers can take advantage of email addresses and passwords being reused across multiple services. It is these credentials that provide access into other, higher value accounts.
I’d argue that the spike in ransomware attacks (on individuals as opposed to organisations) are also part of this continuum, as criminals realise that data doesn’t have to be useful to be worth stealing, but simply emotionally valued. Personal data such as documents, photos and videos can be just as valuable (if not more so) than credit card information.
These ransomware attacks are low-level extortion at scale. The necessary tools are cheap and easy to use and the data they target requires no refinement in order to extract value. They’re also incredibly hard to trace thanks to the rise of crypto-currencies, like Bitcoin, which enables the anonymous collection and movement of large amounts of money.
There’s a confluence of factors drawing big investment from criminal organisations as this method still represents a repeatable, consistent, low-risk/ high-reward revenue stream.
Rebecca Morpeth Spayne,
Editor, Security Portfolio