Buckle your seatbelts, it’s going to be a turbulent year as businesses face cyberattacks from state actors, crime syndicates and even from within
“Everybody should be expecting an eventful year,” says Eddie Lamb, Director of Cyber Education and Advisory at the Hiscox Cyber Clear Centre. These words are not to be taken lightly given his background.
Lamb spent the first ten years of his career hacking for British Intelligence, working on state-sponsored operations all over the world before moving into the private sector. When the WannaCry attack paralysed computers in hospitals across the UK in 2017, Lamb was called up as part of the national response team. So he knows better than most how cyberattacks unfold.
The state we’re in
Number one on Lamb’s list of concerns for 2020 is state-sponsored attacks. “It is relevant to consider the current geopolitical situation, particularly foreign policy problems existing between the US and the Middle East. We’ve also got a presidential election in the States and tensions mounting within the Brexit negotiations,” he explains.
But why should this concern businesses? With global unrest increasing the chances of state sponsored cyberattacks, Lamb thinks commercial interests could be a direct target in some countries. In addition, these incidents are often the genesis of new modes of attack that are then deployed by a wider community of cybercriminals.
“Cyber threats ordinarily originate from state-sponsored actions. It’s usually politically inclined at first and then we see the technology filtering down into the mainstream,” explains Lamb, pointing to EternalBlue, a cyberattack tool designed by the National Security Agency. “It found its way into the mainstream where it was used by every man and his dog. There’s every possibility that we’re likely to see more of that this year.”
One potential target is artificial intelligence (AI) platforms, which are relatively new ground for hackers. Lamb says that our understanding of how you hack AI is quite limited, but that makes the technology particularly vulnerable. We could also see AI being weaponised by cyber attackers in 2020, with machine learning tools used to better mimic humans in mass phishing emails devised to con people into money transfers.
However, it is tried and tested ransomware that Lamb thinks will be the mainstay of criminals this year. “Ransomware has been a big player in the last couple of years as the preferred modus operandi for organised crime and state alike and I don’t see there being any significant change in that,” he says. “Those types of attack are proving profitable so in 2020 I expect to see steady-state incline in ransomware incidents.”
Big, bad business
The rise of ransomware is being fuelled by the commoditisation of malware. Lamb explains: “You can go onto the dark market and readily buy your own copy of a ransomware package. Even if you don’t want to buy it, or don’t have quite enough technical knowledge to run the campaign yourself, you can have someone else do it on your behalf as a service. Ten years ago, you had to be a code ninja to run a ransomware attack, today the barrier to entry is to be a good shopper.”
Lamb is concerned about where the evolution of the ransomware market will take us. “Given how easy it is to get your hands on some very virulent ransomware anonymously on the dark market these days, it’s entirely plausible that you could ransom your own organisation.”
The best step a business can take to protect against threats is to build up their responsiveness. “I think we spend too much time predicting the future and not enough time preparing for uncertainty,” says Lamb. “You can’t prepare for every eventuality, but having robust, resilient measures in place and having them exercised and proven is hugely valuable.”
Lamb advises companies to improve their resilience, particularly their ability to spot changes in their threat – detecting whether they are being targeted, for example. “Most hacks don’t happen overnight, there is usually some pre-cursor activity, some net probing and scanning, which are indicators that you might be being targeted. If you can work out what people are targeting you can start to remediate that in real time, disrupting their progress or preventing it from happening.”
Good resilience comes down to people. “Having the right people with the right skills in your team, who are collaborating and working well together is more valuable than 50 firewalls,” says Lamb, adding that when it comes to building up the right systems and support networks, insurance plays a vital part.
Hiscox policies blend cover for business interruption and losses with incident response and digital forensics, which is where Lamb’s team comes in. The Cyber Clear Centre provides hands-on expertise, with an instant response team parachuted in after an incident to get a business back up and running, aided by a digital forensics team to work out what happened.
As Lamb says, it is impossible to prepare for every eventuality. With more cyber vulnerabilities likely to be revealed in 2020 and plenty more ransomware headlines to come, there is a bumpy ride ahead. But with a resilient cyber defence strategy and the right team in place, companies need not crash and burn.