By John Nugent
LONDON – Cyber breaches dominated headlines last year, with corporations and governments frequently reporting incursions and new vulnerabilities creating global security risks. But 2014 was not really an outlier, 2013 was also a bumper year for cyber attacks. It is a pretty good bet that 2015 will be too.
But not all cyber attacks are created equally. Understanding who is behind them—their motives and methods—can provide a more nuanced understanding of cybersecurity trends. Attackers generally fall into three categories. Cyber spies, often with nation state affiliations, who steal sensitive information in order to give a government or commercial enterprise (or both) a competitive advantage. Cybercriminals who seek financial gain, most commonly by targeting credit card data or personal information that can be re-sold or used for fraud. And lastly, cyber activists who seek to disrupt or embarrass their targets, and whose motives range from personal amusement to political viewpoints to religious convictions.
As explained in a recent Control Risks’ report on global business risk, advanced capabilities are likely to proliferate among these groups. Criminal networks have reaped tremendous profits and are investing some of that into researching and developing more sophisticated methods. As a result, criminals have now developed expertise that was once the preserve of nation states. More and more, those skills are being made available for purchase in online forums where anyone can buy them.
As cyber skills become more democratic, the targets of cyber attacks will increasingly map to geopolitical tensions. This was certainly true last year, cyber attackers targeted entities on both sides of the Russia-Ukraine conflict, and other attacks coincided with protests in Hong Kong, territorial disputes in the South China Sea and Israeli military operations in Gaza. This kind of parallel action is only going to increase, as nation states cultivate new, ostensibly independent cyber activist groups to pursue their foreign policy objectives. As this threat grows, the vulnerability of industrial control systems underpinning national infrastructure becomes a particular concern.
Beyond any geopolitical tensions, socio-economic trends influence the path of cyber activity—particularly that of criminals. Criminality thrives in environments with large IT-literate populations and relatively lax law enforcement around cybercrimes. Examples include Russia, Brazil, India and South Africa. It is difficult to predict where these criminals will strike, but they are likely to choose targets in places with a high concentration of wealth and relatively porous cyber defenses. Credit card data stored by US retailers has been a popular target for cybercriminals looking to create clones of these cards for ‘cash out’ in that country, but as an increasing number of businesses in the US transition to more secure chip cards, criminals may seek to use these duplicates in areas where enhanced card security is not in place, such as Latin America. Moreover, a shift in attackers’ focus in the US to ‘card not present’ fraud, as followed the introduction of ‘chip and pin’ standards in the UK, is likely. Finally, the seemingly inexorable proliferation of ransomware – including virus-like variants – will continue, and as Western networks clamp down, oil-rich Middle Eastern nations could see greater threat activity.
While understanding attackers offers some insight, understanding their potential targets can also provide clues into emerging trends in cybersecurity. For instance, multinational companies have developed longer and longer supply chains as they leverage the global economy to increase their margins. But longer supply chains offer more potential points of attack for someone wishing to access a company’s network or disrupt its operations. As companies harden defenses closest to home, expect to see more attacks on and via their suppliers.
A more positive trend likely to play out in the coming year is that of ‘cyber savvy’ companies gradually adopting a more holistic approach to addressing cyber risk. For these organizations, cybersecurity is addressed as a business issue, not a technology challenge. They are demanding more information about the specific threats that they face, they are evaluating their own resources and bolstering protection for the most critical assets, and they are preparing for incursions by advanced threat actors. Above all, these companies are coming to grips with the fact that some breaches are inevitable, and they are preparing themselves to respond in a considered, proportionate way. 2015 is likely to see those firms that follow such an approach greatly increase their chances of emerging from a successful intrusion relatively unscathed.
John Nugent is a senior cybersecurity analyst at Control Risks, the global risk consultancy. For more information about cyber threats, request a demo of our cyber threat intelligence service.
This article was written by Control Risks from Forbes and was legally licensed through the NewsCred publisher network.