Cyber breach — a new normal?
WikiLeaks has once again caught the world by surprise with the releaseof a large set of files it calls “year zero”
WikiLeaks has once again caught the world by surprise with the release the other day of a large set of files that it calls “year zero” and which mark the biggest exposure of CIA spying secrets ever. The massive set of documents includes a host of hacking secrets.
Here are some of the biggest secrets and pieces of information yet to emerge from the huge dump: The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. Apps like Signal, Telegram and WhatsApp are rendered entirely insecure. The CIA could also use smart TVs to listen in on conversations that happened around them. The agency is said to have explored hacking into cars and crashing them, allowing 'nearly undetectable assassinations'. And it is said to have hid vulnerabilities that could be used by hackers from other countries or governments.
Something on these lines but lot less sensational was already being anticipated. When global leaders met recently for the World Economic Forum’s annual summit in Davos, Switzerland, there was much talk regarding threats to our everyday lives and businesses from cyber-attacks. Experts aired their concerns at the summit and here are some of their observations:
• Worries about increased hacking of political systems as well as enterprises and organisations.
• Issues of privacy, bullying and trolling as well as the need for a global internet charter.
• Agreement that the Fourth Industrial Revolution, the theme of Davos 2016, is disrupting everything from computing to medicine to manufacturing at a speed that was inconceivable until a few years back.
• Huge opportunities for businesses today in which Internet of Things (IoT) and internet services have created a hyper-connected world that will have a huge impact on every aspect of our lives. This will be a boon for productivity, but it will come with a big price if we can’t build effective cyber-security.
It’s time for corporate directors, government entities and industry groups to band together in a multistakeholder dialogue to collectively fight the ever-growing threat of cyber breaches. The threats posed by hackers, weaponised IoT devices and other forms of cyber-attack are not science fiction – they’re happening now. We need to come together, share our experiences and best practices and ensure the internet remains the incredibly transformative resource that it is today.
During ‘Insiders on cyber-security’ session at Davos (February 8, 2017) it was pointed out that new technology is making things a lot easier for hackers – ‘witness the recent weaponisation of webcams and other IoT devices used to bring down portions of the internet.’
Meanwhile, the economics of cyber-attacks are said to be skewing favorably to attackers. Exploit kits and other tools are easily acquired and can be reused against multiple targets while the likelihood of detection and punishment is low. All this means governments and businesses have to be more nimble than ever in dealing with threats.
In a cyber-context, it was advised that we should be managing - and preventing - threats before they can do damage. Individuals and organisations have to do what they can to manage risk. It’s important to implement a comprehensive strategy for threat reduction that covers people, process and technology.
This means everything from practicing good online and digital hygiene, to updating operating system software and outdated antivirus programmes, to ensuring that security should be, it was further advised, made part of the design of hardware such as IoT devices.
Organisations and governments also have been told to consider proactively finding weaknesses in their systems by hiring experts - including hackers. From bug bounty programmes, penetration testing and phishing exercises, it’s critical to understand areas that are vulnerable to attack both on a technical and human level.
More than 70% of breaches are said to exploit non-technical vulnerabilities – for example, attacks that trick users into revealing legitimate credentials. Thus, users must devote considerable effort to increase their knowledge and learn to ask the right questions.
Users have been advised to understand, assess, and quantify cyber risks that they face today or in the future. They need to know how technology changes cyber risk exposure.
Finally, while prevention is what should be strived for in today’s world, an organisation and a government have to accept that it will be breached. That’s unfortunately the new normal.
Published in The Express Tribune, March 11th, 2017.
Here are some of the biggest secrets and pieces of information yet to emerge from the huge dump: The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. Apps like Signal, Telegram and WhatsApp are rendered entirely insecure. The CIA could also use smart TVs to listen in on conversations that happened around them. The agency is said to have explored hacking into cars and crashing them, allowing 'nearly undetectable assassinations'. And it is said to have hid vulnerabilities that could be used by hackers from other countries or governments.
Something on these lines but lot less sensational was already being anticipated. When global leaders met recently for the World Economic Forum’s annual summit in Davos, Switzerland, there was much talk regarding threats to our everyday lives and businesses from cyber-attacks. Experts aired their concerns at the summit and here are some of their observations:
• Worries about increased hacking of political systems as well as enterprises and organisations.
• Issues of privacy, bullying and trolling as well as the need for a global internet charter.
• Agreement that the Fourth Industrial Revolution, the theme of Davos 2016, is disrupting everything from computing to medicine to manufacturing at a speed that was inconceivable until a few years back.
• Huge opportunities for businesses today in which Internet of Things (IoT) and internet services have created a hyper-connected world that will have a huge impact on every aspect of our lives. This will be a boon for productivity, but it will come with a big price if we can’t build effective cyber-security.
It’s time for corporate directors, government entities and industry groups to band together in a multistakeholder dialogue to collectively fight the ever-growing threat of cyber breaches. The threats posed by hackers, weaponised IoT devices and other forms of cyber-attack are not science fiction – they’re happening now. We need to come together, share our experiences and best practices and ensure the internet remains the incredibly transformative resource that it is today.
During ‘Insiders on cyber-security’ session at Davos (February 8, 2017) it was pointed out that new technology is making things a lot easier for hackers – ‘witness the recent weaponisation of webcams and other IoT devices used to bring down portions of the internet.’
Meanwhile, the economics of cyber-attacks are said to be skewing favorably to attackers. Exploit kits and other tools are easily acquired and can be reused against multiple targets while the likelihood of detection and punishment is low. All this means governments and businesses have to be more nimble than ever in dealing with threats.
In a cyber-context, it was advised that we should be managing - and preventing - threats before they can do damage. Individuals and organisations have to do what they can to manage risk. It’s important to implement a comprehensive strategy for threat reduction that covers people, process and technology.
This means everything from practicing good online and digital hygiene, to updating operating system software and outdated antivirus programmes, to ensuring that security should be, it was further advised, made part of the design of hardware such as IoT devices.
Organisations and governments also have been told to consider proactively finding weaknesses in their systems by hiring experts - including hackers. From bug bounty programmes, penetration testing and phishing exercises, it’s critical to understand areas that are vulnerable to attack both on a technical and human level.
More than 70% of breaches are said to exploit non-technical vulnerabilities – for example, attacks that trick users into revealing legitimate credentials. Thus, users must devote considerable effort to increase their knowledge and learn to ask the right questions.
Users have been advised to understand, assess, and quantify cyber risks that they face today or in the future. They need to know how technology changes cyber risk exposure.
Finally, while prevention is what should be strived for in today’s world, an organisation and a government have to accept that it will be breached. That’s unfortunately the new normal.
Published in The Express Tribune, March 11th, 2017.