Cyberattacks are, and have been, a problem for decades; however, as the world becomes increasingly more connected and reliant on connected technology, the threat of such cyberattacks will only continue to grow. Not only will threats continue to grow, the damage inflicted by such attacks will become all the more devastating.
As a society, our love of technology has made all aspects of our lives susceptible to intrusion. No one can deny that smart technology and connectivity have increased efficiency and productivity. At the same time, we’ve also made sacrifices to reap these benefits. We’ve taken less care about what information we release and put out for the whole world to see, and by doing so we don’t even realize we’ve left ourselves wide open to attack.
As technology value goes up, the ability for somebody to use that in a bad way also goes up. A keynote speech at ISC West elaborated on this idea by addressing how the advantages of increased connectivity has also lead to a growing number of cyberattacks across all industries, including physical security, impacting every part of our lives.
Cyber Impacts Every Industry
Critical Infrastructure
Cyberattacks on critical infrastructure have the potential to cause billions of dollars in damage as well as loss of life. Take into account the recent cyberattacks on Ukraine’s electrical grid. The first attack, in December 2015, was considered the first successful cyberattack on a power grid. News outlets reported approximately 230,000 people were affected by the hack. Almost exactly a year later, the Ukrainian power grid was hacked again. These incidents further highlighted the potential damage that could be caused by such a breech in security.
Automotive
With autonomous cars gaining public interest, the need to protect them from cyberattacks is crucial for the safety of the passengers and everyone else on the roads and streets. Up to 10 million autonomous cars could be on the road in the next couple of years. With the systems of such cars controlling driving, breaking, lane shifting, parking, etc., the damage that could be caused by a cyberattack could be devastating. Cars that are otherwise “taught” to drive safely, could be made to make poor choices, endangering the lives of the passengers and onlookers.
Finance
The number of attacks against the financial industry has resulted in a very aggressive stance to being more secure in the digital world. As a result, some companies are reportedly spending over US$250 million a year on cybersecurity.
Successful cyberattacks against financial institutions are not uncommon. As one example, the February 2016 attempted hack to steal $951 million from Bangladesh Bank via the SWIFT network, a bank protocol to transfer funds. Five of the 30-some transactions were completed, amounting to $101 million in losses; the remaining transactions were blocked, worth $850 million. Approximately $38 million of the $101 million stolen has since been recovered. This attack showed the vulnerabilities of all banks connected to the SWIFT network.
Cyber’s Impact on Physical Security
In terms of the effect of cyber on physical security, the relationship appears codependent, with security needing to learn from cyber and vice versa.
In the most literal sense of physical security, if a hacker is able to physically get their hands on a device, chances are they can own it, regardless of what type of security measures have been installed. This means devices require physical protection just as much as cybersecurity.
In regard to cyberattacks on physical security equipment, such as cameras, search engines similar to Google that can identify compromised cameras around the world. These engines crawl the internet searching for vulnerable cameras and add them to their cache. For example, if one wanted to look inside a bank, typing in “bank camera” into the search engine would pull up compromised bank cameras around the world.
The Mirai botnet in 2016 targeted IP cameras and home routers, exploiting the vulnerability of IP cameras, as well as the lack of measures people take to secure their devices. All Mirai does is plug in default passwords into dozens of different makes and models of IP cameras, DVRs, home wireless routers, etc. Once it finds a device that has a default password, it logs in, installs a piece of malware, and that easy, it owns it. This botnet, while not sophisticated, has resulted in some of the most disruptive disrupted denial of service (DDoS) attacks in history.
Governments Respond to Cyberattacks
There are reportedly over 29 known countries that have active, offensive cyber operations, meaning these countries are looking for ways to hack and how to stop incoming attacks. The U.S. is among these 29 countries. Regulations are being formed for defense contractors, suppliers to governments, and government expectations are changing. Increased regulatory controls are already being seen in Europe and the U.S., with even more controls being pushed. For example, in the U.S., new regulations could possibly require any publicly traded company to disclose if they have a board member that is savvy in cybersecurity.
Future Impact
Ultimately, what we’ll see is more users connected, and using and creating more data. There will be more devices being used in new and creative ways. Even though this will create more value by empowering users, reducing business costs and creating more efficiency, it will also open up myriad opportunities for hackers. At the same time, it will also create opportunities for the security industry.
Security is becoming more about a combination of digital security, physical safety and personal privacy. And as cybersecurity becomes a forethought instead of an afterthought, it will become a stronger purchase criteria. This will in turn create more opportunities in the security industry as people will be more willing to spend the necessary money to secure assets.