While developments and advancements in technology are usually looked upon as a good thing, sometimes this power is used for evil rather than good — particularly in relation to cyberattacks which target both individuals and businesses.
With cybercrime costing Irish businesses €9.6 billion in 2020, and likely to increase, it’s clear that preventing such attacks must be high on any company’s agenda. Ransomware attacks — and the cost of remedying them — cost more than €2 billion in 2020, which accounted for ransoms paid, as well as other indirect costs such as infrastructure, IT, and even reputational damage; let’s not forget the HSE data breach.
But when cyberattackers’ skills and technologies are advancing at such a pace, how can companies keep up? How do they know which tools to implement and what technologies will be useful both now, but also in the future?
Increasing vulnerabilities means improved technologies
Aanand Venkatramanan, head of ETF EMEA at LGIM, says, “our society is increasingly digitalised, which is constantly creating new vulnerabilities and potential attack vectors for cybercriminals. In response, the cyber security industry is constantly evolving to adapt to the threat.”
Cybercriminals are becoming more sophisticated, taking advantage of multiple entry points and any vulnerability. “Meanwhile, more and more devices are connected as digitalisation accelerates, creating new vulnerabilities as technologies develop.”
He says all industries are at risk. The financial sector and healthcare industries are the most targeted, but this is closely followed by critical infrastructure, transportation and construction sectors. “All sectors are at risk as they all use online devices and store data online.”
Protecting against attacks
In order to defend against cyberattacks, technology has to develop apace — or ideally at a far greater pace than cyberhackers’ own developments and innovations. Artificial intelligence (AI) and machine learning have been critical technologies in information security, says Jaap Meijer, chief cybersecurity & privacy officer, Huawei Western Europe, as they are able to quickly analyse millions of events and identify many different types of threats — from malware exploiting zero-day vulnerabilities to identifying risky behaviour that might lead to a phishing attack or download of malicious code.
“These technologies learn over time, drawing from the past to identify new types of attacks now. Histories of behaviour build profiles on users, assets, and networks, allowing AI to detect and respond to deviations from established norms.”
He gives the example of how, in the deployment of 5G networks these days, operators build comprehensive security situational awareness for 5G networks; use cloud, big data, AI and machine learning technologies to improve the automation and intelligence of security operations; and speed up risk discovery, identification, and closed-loop handling to improve the efficiency of security operations.
Going passwordless
One innovation everyone will be aware of in terms of making life easier day to day is using biometrics as identifiers rather than remembering to key in a password. Fingerprint recognition and facial scanning are becoming more common whether they’re used to get into a phone or a laptop, and Hannah Twomey, senior manager, Accenture in Ireland’s security practice, says that if there was “one big bet for tech innovation in the prevention of cybercrime, I would always say user access, and more recently, the move towards password-less authentication”.
She says the ever-present debate in the security industry is how to change people’s behaviours to be more secure, even when it isn’t always convenient. Password-less delivers convenience for users while increasing security through the principles of using something you are (eg fingerprint) or something you have (your mobile phone).
“Password-less as a concept makes life easier for everyone, whether customer or business users and brings a higher level of security through the use of which is a win-win for everyone.”