After 2017’s Wannacry attack, it’s not surprising that cybersecurity has become the growth industry of the decade, with more than a trillion dollars expected to be spent globally over the next few years.
But the real question remains – how will this impact individuals, business and governments?
Hacking and cyberattacks have existed since the early days of the internet, but they’ve become more sophisticated and widespread over time. Initially, the primary motivation behind hacking was learning, tweaking, making tech things work in unexpected ways, or even earning recognition as a computer nerd.
These days, however, hacking is more institutionalised and profit-oriented, says La Trobe Senior Lecturer Dr Mahmood Abdun Naser.
Now there are skilled computer programmers, criminals, investors and even nation states working in groups to create highly sophisticated cyber attacks aimed at making illegal money, destabilising economies and building cyber warfare capabilities.
‘Hacking has evolved from an individual experience to a large and collaborative scale.’
Chaos takes different forms In 2016, Australians reported almost three million dollars lost in ransomware, malware or hacking scams. At a global level, it is estimated that 689 million people across 21 countries encountered incidents of cybercrime in the same year. The most common types of cyber attacks include:
Hacking: generally tends to exploit security vulnerabilities such as commonly-used or weak passwords, unsecured connections or out-of-date virus software. Cybercrime can take a variety of forms, depending largely on the size of the target and the motivation behind the attack:
Malware: installs malicious software on a computer, giving scammers access to files or allowing them to “watch” what the user does online, specifically to steal identities, access emails and harvest logins.
Ransomware: can be installed onto a computer when the user clicks a fraudulent link, such as in a phishing email or adware. The software then blocks access to files, demanding payment of a “ransom” for their release.
Distributed denial of service (DDoS): designed to overwhelm targeted web sites with traffic, rendering them inaccessible. As with the shutdown of the Australian Census site in 2016, these attacks are often politically or activist motivated and aimed at corporate or government networks and services.
Botnets: comprise a network of “bots”, or malware which “hide” within affected computers until instructed to carry out a task. In 2010, hacktivist group Anonymous used a botnet to create a DDoS attack on MasterCard and Visa in support of WikiLeaks.
‘Due to the diverse interests of cyber criminals, both individuals and corporations are at risk, although businesses and governments would be more affected by the attacks,’ Mahmood says.
‘Yet while corporations might spend millions of dollars to protect their networking infrastructure, that seemingly impenetrable defence can be easily compromised through simple USB devices used by their employees.’
What protection do we have against cyberattacks?
The most effective way to prevent cyberattacks is through education and awareness, together with the adoption of standard defence practices. It is well known that security is only as strong as the weakest link. This is why companies are training their employees to detect phishing emails or spam that serve as an entry point for malware to penetrate the corporate defences. Some preventive steps to take include:
Install reliable, reputable security and anti-virus software.
Set devices to update automatically. Microsoft had already issued a patch in March 2017 that would have protected users from the Wannacry attack if they had applied the latest security updates.
Never click on email attachments unless you know the source. Likewise, delete any social media invitations or messages from people you don’t recognise.
Buy software only from reputable sources, such as the official website for that product; never download or install apps from free sites or ads.
Change passwords regularly, using a unique combination of numbers, letters and case types.
Install new-generation browsers like Mozilla, Edge, Chrome or Safari, as some older browsers are ‘leaky’ or no longer supported, and are therefore more vulnerable to attack.
At the corporate or government level, there are managed DNS services such as Cloudflare, which can stand between the organisation and potential attackers.
Where is cybercrime headed?
Just as technology is ever-evolving, so too is the ability of hackers to create mayhem. Wannacry was unprecedented in that it was able to spread itself across a network, without human intervention, simply by exploiting vulnerabilities in the Windows operating system.
Cyber criminals are increasingly focusing their attention on banks and large corporations where the profitable outcome is significant, according to Mahmood.
‘An example of this is the Bangladesh Central Bank hacking last year, when external cyber criminals faked central bank instructions to divert $101 million dollars to overseas locations,’ he says, adding that the trend is expected to continue.
The ubiquitous Internet of Things (IoT), despite its benefits, brings increased susceptibility through manufacturers’ lack of understanding of the need to install secure devices rather than cheaper, mass-produced ones.
This might not always be unintentional, either. Wikileaks recently exposed that over the last decade, the CIA has had the Cherry Blossom implant built into popular home routers such as Belkin, Linksys and DLink, allowing the spy agency to monitor and impact linked devices.
The future of cybercrime prevention
On the prevention side, stocks in cybersecurity firms have jumped following Wannacry. In Australia, the industry employs around 19,000 people, with total expenditure amounting to approximately AUD $4.3 billion. There is a critical shortage of skilled professionals in the field and global demand is expected to grow six-fold by 2019, from one million in 2016.
Mahmood says cyber education at the university level is essential to meet the demands of specialised cybersecurity jobs in corporations and government.
This is partly because of increased legislation designed to ensure greater responsibility among companies to protect customer data from cyber breaches, and the new requirement for companies to report such breaches.
It’s easy to see why there are predictions of a zero percent cybersecurity unemployment rate. With businesses, corporations and government bodies recognising the need to safeguard and build resilience against cybercrime, there is a growing demand for engineers, programmers and analysts with the skills and knowledge to provide security now and into the future.