It isn’t always easy to look ahead. Not only can the future be logistically hard to envision, especially for those who prefer their facts and figures to be definite rather than projected, but the future can often be, well, bleak.
This holds true when it comes to the state of cybersecurity, which may be better termed the state of cyberinsecurity. As a highly connected society we are potentially staring down the barrel of a reality in which data breaches are the new normal, self-driving cars can be hacked and artificial intelligence begins its transformation into the type of troubling technology sci-fi movies have been cheesily predicting for decades.
Unto the Breach
For people who do any kind of business over the internet or input any information online (which is very nearly anyone using the internet), one of the biggest security issues is without a doubt data breaches. For good reason.
In 2016 a total of 4.2 billion records were compromised in data breaches. So far, this ranks as a record-setting year. Unfortunately for 2016, and unfortunately for internet users, that record isn’t set to stand for long. The half-year mark in 2017 showed a 29% increase in the number of compromised records compared to the same period in 2016. If that 29% increase holds throughout 2017, there will be a total of over 5.4 billion records compromised this year.
For reference, there are currently 7.45 billion people on earth.
The Internet of (awful) Things
For most people, the Internet of Things represents unparalleled innovation, opportunity and just plain fun. From smart appliances like thermostats and refrigerators that make every day easier and more comfortable to medical devices like advanced cochlear implants and pacemakers that are both life-changing and life-saving to the innumerable and undeniably awesome toys made possible by connectivity, the IoT is something almost everyone is excited about.
Almost everyone except for cybersecurity professionals, that is. IoT devices have been designed for optimal functionality, which would be fine if security weren’t little more than an afterthought on most devices. The integrated security on these devices is weak almost across the board, and end users don’t think to protect them the way they would a laptop or desktop computer. Thus there are currently billions of unsecured or undersecured internet-connected devices available to cybercriminals, and boy are they using them.
IoT devices are being hijacked for inclusion in botnets. The cybersecurity experts at Incapsula define what a botnet is as a network of internet-connected devices that have been injected with malware that allows them to be controlled remotely, often without the device’s owner having any idea their device has been hijacked.
For a long time, botnets were largely comprised of computers, which can be hard to hijack due to security measures taken by the owners. So while botnets have always been powerful, it was difficult to put together botnets of a truly impressive size. Not anymore. Thanks to the IoT, there are now botnets comprised of hundreds of thousands of devices unleashing DDoS attacks of unprecedented sizes. The Mirai botnet is probably the most famous, having launched a record-breaking DDoS attack on the Dyn DNS server that rendered Twitter, Spotify, Reddit and the New York Times (among many other sites and services) entirely unusable. Cybersecurity experts suggest there is another IoT botnet called Persirai that is even bigger and poised to do even more damage.
Held for Ransom
Ransomware hit the news in a big way earlier in the year when a seemingly-global ransomware epidemic began. Dubbed the WannaCry attack, this ransomware infected over 300,000 computers worldwide, locking up files and demanding between $300 and $600 in payment for the return of the files. Though attention grabbing, this ransomware attack was hardly unique. In 2016 there were thousands of daily ransomware attacks, and in 2017 ransomware is expected to cause billions of dollars worth of damage. WannaCry, indeed.
Future’s so Blight
The current state of cybersecurity is, in three words, not so good. However, the online world does not have to go careening uncontrollably into a future even further marred by cyberattacks and the resultant damages.
Website owners, organizations and even the average internet user can all take steps to better secure the online world. Organizations and website owners have a variety of excellent managed security services to choose from, including professional DDoS mitigation and professional intrusion prevention and detection. Meanwhile, internet users can contribute to a safer online environment by taking the time to secure IoT devices. (It’s worth noting that if a cybercriminal can hijack a device to use it for a botnet, then he or she can also hijack a device to spy on you, steal your data, or horrifyingly talk to your baby in its crib over a smart baby monitor.)
Defending the world against killer robots and autonomous and possibly rude talking vehicles will remain the purview of Tom Cruise and Mark Wahlberg, but when it comes to curtailing data breaches, DDoS attacks and ransomware attacks, the average person and nearly every website and organization can do their part.