In a digitally interconnected world, hackers, cybercriminals, and other adversarial parties are provided with unprecedented opportunities to launch cyber-attacks and commit cyber-crime. Cutting edge technologies like broadband connectivity, Artificial Intelligence (AI), Distributed Ledger Technologies (DLT), Cryptocurrencies, and the Internet of Things (IoT) provide enterprises with a host of innovation opportunities, yet they also increase the number and type of their cybersecurity risks. This is evident in a significant number of notorious security incidents during the past decade. For instance, the WannaCry ransomware attack back in 2017 targeted Windows computers at a large scale and demanded ransom payments in Bitcoin cryptocurrency. Likewise, in 2016 the world witnessed the first large IoT-based cybersecurity attack, when the Mirai malware exploited IoT devices to launch a distributed denial of service attack. More recently, in 2020, the SolarWinds hack took place, when cybercriminals leveraged a vulnerability in SolarWinds’ Orion software to penetrate thousands of organizations worldwide, including parts of the United States federal government. The SolarWinds attack enabled the installation of additional malware in the compromised computers and resulted in a series of serious data breaches. SolarWinds customers comprise many of the US Fortune 500 enterprises, including some of the world’s top telecommunications companies and financial firms. Moreover, this cybersecurity breach affected the US Military, the Pentagon, the State Department, and 100s of research and academic institutions around the globe, which is indicative of the impact of the attack.
All these recent cyberattacks took place despite the ever-increasing investments on cybersecurity solutions and cybersecurity consulting. Cyber security solution providers are offering novel cyber-defense solutions, yet they can rarely address all the different types of cyber crimes.
Digital Infrastructure Complexity and Cybercrime Intelligence
There are various reasons why it is so difficult for cybersecurity professionals to address modern cyberattacks. First and foremost, cyber security experts are nowadays confronted with a very broad spectrum of cybersecurity threats and vulnerabilities. This is because of the expansion of the IT infrastructures in every aspect of the modern enterprise environment, as well as due to the deployment of novel and complex IT technologies. For instance, the expanded use of Machine Learning (ML) and Artificial Intelligence (AI) brings to the foreground new types of cyber-attacks, like for example data poisoning and evasion attacks. Such attacks used to be very rare before the advent of AI/ML in enterprise environments.
Another reason behind the spread of cybercrime lies in the innovation and intelligence of hackers, who are finding novel ways to launch adversarial attacks. Once upon a time, distributed denial of service attacks made it very difficult for enterprises to understand and mitigate them. Some years later, hackers invented the ransomware attacks, which yielded monetary benefits for cybercriminals, while putting enterprises in new ethical and technical dilemmas. Recently, the SolarWind hack revealed a novel type of supply chain security attack which is very hard to detect. Specifically, in the SolarWind case, hackers compromised an application monitoring platform (i.e., Orion), which was used as a Trojan horse. Given that large enterprises tend to trust interactions with their major providers, the detection of such trojan attacks across a supply chain of trusted organizations is particularly challenging. Likewise, supply chain organizations are typically unprepared to deal with attacks from trusted parties.
Supply chains tend to be complex from a security perspective. This is mainly because they are as strong as their weakest link. Therefore, hackers are seeking ways for breaking vulnerable parts of the chain, including IT systems and human factors related vulnerabilities. In this context, organizations must invest in cybersecurity solutions and cybersecurity services, while applying cybersecurity best practices from the top cybersecurity companies.
Guidelines for Cyber-Resilience
To boost their cyber-resilience in an hyperconnected and ever evolving digital environment, companies should consider the following best practices:
- Risk Assessment: The planning and implementation of cyber-defense strategies must always start from a risk assessment. The latter is used to identify the assets at are at risk, including the probability and the expected impact of each risk factor. In this way, the outcomes of the risk assessment can be used to prioritize security investments and alleviate the risks with the highest likelihood and impact on the enterprise. This is important given that most companies operate under budget limitations.
- Education: Nowadays there is a proclaimed talent and skills gap in advanced digital technologies like AI, IoT and BigData. This gap extends to their cyber-security implications. Therefore, companies must strive to improve the security knowledge of their employees based on focused upskilling and reskilling processes.
- Up to date Knowledge Bases: Risk assessment and mitigation processes can be automated and made more efficient based on the use of knowledge bases that comprise information about known threats and vulnerabilities. Instead of trying to identify attack patterns, knowledge bases provided readily available information about the characteristics of certain attacks and the measures that can be taken to mitigate them. Hence, it is important for enterprises to deploy and maintain knowledge bases with up-to-date security information.
- Advanced Tools and Automation: Companies had better resort to automation in order to monitor the ever-increasing number of IT assets like computers, devices and software programs. In this direction, technologies like AI/ML can boost automation and enable the development of advanced security monitoring tools. Advanced technology is not only the source of cybersecurity problems: In many cases it is part of effective IT security consulting solutions as well.
- Collaboration and Joint Responsibility: When it comes to securing industrial value chains, cybersecurity is all about stakeholders’ collaboration. In this direction, companies must consider sharing information with their supply chain partners, while at the same time engaging in collaborative security processes (e.g., collaborative cyber risk management) as part of their cybersecurity strategy.
- Consideration of the Human Factors: The development of cybersecurity solutions must consider the human factors as well. Security solutions need to be simple, user-friendly, and effective, in order to be accepted by their end-users. This is particularly important for solutions that address non-tech savvy audiences such as solutions for the public administration, home users and SMB (Small Medium Businesses) that do not typically possess in house security expertise.
Overall, cybersecurity remains a long standing concern for Chief Information Officers (CIOs). CIOs must invest on effective solutions that secure their most important assets against all threats that could cause essential damage to their company. The selection of such solutions requires a deep understanding of the cybersecurity infrastructure and challenges of their organization, along with good knowledge of what the cybersecurity industry has to offer.