The next twelve months will bring more change to cyber security, but it’s always been that way with technology.
It’s difficult not to reflect at this time of year, over the situations, events and experiences that have punctuated your life over the last fifty weeks or so. Technology, in all its forms, continues to evolve a fact that is not exactly new, but one that sometimes just requires renewed acknowledgement.
When I received my first ever computer back in the mid 1980’s I thought that the pinnacle of technological achievement had been reached. In my mind, there was no way that it could be improved. I completed it with a range of peripherals and developed it into my teenage self’s version of ‘mission control’. Within a scant few months the unstoppable evolution of technology had progressed and I had been disappointing left behind.
This trend has not ceased and has no signs of ever changing pace, meaning that even after thirty years of chasing the leading edge of technology, I will be forever caught in its wake.
The entire technological eco system that comprises cyber security is not impervious to this trend of perpetual progress and continual change and for me there have been a few stand out developments that require acknowledgement.
Cyber crime has developed, beyond the opportunistic and become a business. Filtering away many millions from legitimate businesses and individuals into the coffers of highly organised criminal gangs. These gangs, who reside in areas of the world where their fracturing of laws can be overlooked, have developed business models that scale infecting millions with ransomware knowing that a small but profitable portion of the victims will pay as opposed to losing their data. They have offered customer support to help victims pay the ransoms and ensure that they do successfully recover their data. That way ensures that their business model is never labelled as a mere scam!
The distribution of ransomware has also developed further, with a recent report stating that a new strain entitled ‘Popcorn Time’ will allow anybody who has been effected to have their data released, but only if they pass on the virus to two other people. If those two send tier victims then pay the ransom, then the original target will be provided with the decryption key. In both these cases the criminals are starting to converse with their victims, to negotiate, to constantly evolve their business strategy and to no doubt increase their ‘earnings’.
Not satisfied with just obtaining money, some cyber criminals have diversified into offering cyber crime as a service. Allowing those with the intent, but not the skills, to take digital aim at whoever they have decided is their current adversary. The entry level costs are relatively affordable and in some cases, can be below the $100 mark.
For me the biggest development in overall cyber security over the past year is that governments are starting to discuss it more openly and take a lead in it. From the creation of the new National Cyber Security Centre in the UK, through to discussions on offensive capabilities, cyber security is now on the governments agenda.
However, this government awareness and action has a downside and that is that the entire subject is becoming politicised. The US election is a good example of this with the President Elects garbled and incoherent explanation of the cyber threat facing the US and the attacks on the Democratic Party suggest that fingers are being pointed as to who is behind this. Russian hackers are being identified as potentially having had influence over the outcome of the US election, a claim that is being both vigorously denied and corroborated with equal fervour. Cyber security can now be front page news and not because of the latest major hack, breach or data loss from a major company.
What does this all mean for cyber security in the coming year? Alongside all other technologies that have graced our lives since microprocessors were born; it will continue to evolve and develop. There will be more high profile victims and millions more will be lost. But it’s not all negative. The ‘awareness’ of cyber security risk at both the person level and the corporate and government level is now almost universal, in the same way that the ‘boom’ in home computing hit the headlines a generation ago.
We learned back then how to start following the continual progress of technology and to change and adapt to its whims, trends and technical breakthroughs. We just have to continue to apply those skill sets to cyber security, to ensure that our 2017 is as productive and safe as we can possibly make it.