The Changing Threat Landscape

The range and impact of Information Security (IS) threats has grown and changed continually over the last 40 years or more, along with the motivations and drivers for such attacks. From when the Morris Worm launched the first, apparently inadvertent, distributed denial-of-service (DDoS) attack on the internet, the realm of cybercrime has expanded from hackers often driven by little more than curiosity, to organised crime and state sponsorship.

Beyond cybercrime in the broader information security realm, the impacts of information theft, leakage, loss, and misuse have grown – driving more and more regulatory controls to protect individual and organisational data. It’s a complex and continuously evolving landscape, with new threats and vectors emerging all the time.

Here are some of the key current trends driving the need for a transformational approach to IS:

Ransomware

Using malicious software (malware) to hold an organisation’s data to ransom is believed to have become a multibillion-dollar business and is rapidly becoming one of the most common forms of cybercrime. ‘Ransomware as a service’ packages are now easily available on the dark web. The head of GCHQ stated in October 2021 that UK ransomware attacks have doubled in a year, and that “ransomware is proliferating because it is ‘largely uncontested’ and highly profitable.”

In just one example, Hackney Council are today still dealing with the effects of a ransomware attack carried out in October 2020. They estimate it will cost in the region of £10m to rectify, although no ransom was ever paid.

Social Engineering

Almost anyone with a smartphone or email account is subjected to social engineering attempts daily, through phishing emails or smishing (SMS phishing) texts. Using bogus communications to trick people into sharing valuable or confidential information is an increasingly sophisticated growth area.

The 2020 Twitter hack used social engineering to trick Twitter employees into entering their credentials into a phishing web page, with those details then being used to get into Twitter’s internal systems. This highlights an emerging cybercrime practice of using social engineering to harvest user credentials, which can be used to access sensitive data or introduce malware without detection.

Insider Threats

People remain the weakest link in any information security strategy, and cybercriminals are increasingly exploiting this. The US Department of Homeland Security defines an insider threat in cyber security as “the threat that an employee or a contractor will use his or her authorised access, wittingly or unwittingly, to do harm to the security of the United States.”

The critical element is that insider threats exploit authorised access. Most corporate IT security follows a ‘castle and moat’ approach, allowing relatively unrestricted access to authorised users once their credentials have allowed them past the ‘moat’ of perimeter IT security. Duping or coercing an employee, vendor, or contractor into sharing credentials – or stealing them by other means – can give cybercriminals free rein across the system.

An increasingly common attack vector is for malware to lie undetected in the organisation for weeks or months, harvesting data such as administrator passwords and backup schedules, to ensure the eventual attack is as devastating as possible.

The COVID Effect

COVID has created at least two new areas of opportunity for cybercriminals. Processes created to deal with the pandemic have opened new attack vectors, such as phishing emails requiring the recipient to share sensitive data to meet some bogus COVID requirement. The major shift towards flexible working has meant corporate resources being accessed from a wider range of devices and locations, creating new access vulnerabilities, and making business resilience and continuity harder to manage.

Strategic System Vulnerabilities

There is an increasing reliance on IT to deliver and maintain the strategic systems that underpin the operation of modern economies, from infrastructure to supply chains and finance.

Major high-profile data breaches, such as the 2013 Target breach, can have a crippling impact on the victim company in terms of direct financial losses, fines, and reputational damage – but they do not generally cause significant disruption to the day-today running of critical processes. The ransomware attacks on Colonial Pipeline in May 2021 and the UK’s NHS in 2017 demonstrate how this is changing, with key services increasingly becoming vulnerable to cyber-attacks and data breaches which can severely damage their ability to deliver services.

The Colonial Pipeline attack led to the shutting down of a major US East Coast fuel line and resulted in fuel shortages, while the NHS attack meant that 19,000 medical appointments were cancelled in a single week.

With global supply chains under stress and an ever-increasing reliance on digital for running our core infrastructure, the potential impacts of this kind of attack are growing ever more serious.

To learn more about changing threat landscape, download a copy of our security eBook here.