How not to host a hacker’s high-rolling heist… and other stories

Gareth Kershaw

Friday 15 February 2019

How can cybersecurity evolve to battle the unknown? To safeguard the future you must learn from the past, or so the mantra goes. But that’s a tough ask when the challenges are forever changing. The faster businesses implement security measures, the faster cybercriminals seem able to reinvent themselves and the methods they use. The casino recently scammed via an IoT-enabled thermometer for instance… In a fish tank…

Yep, that’s right. A fish tank.

That’s how cyber attackers stole an invaluable database containing the details of high-rolling punters from a prestigious casino recently. The case, reported in the Washington Post, Business Insider, and all manner of other places, became a high-profile example of the risks now facing digital corporate infrastructures.

Using the tank’s thermometer, which was connected to the venue’s network,
as the cheekiest of backdoors, the criminals hacked into heart of the casino’s operations and pulled the database out through the thermometer’s IoT sensor and away into the cloud. Simple but devastating.

As this aquatic sneakiness shows, the forces behind cybercrime are becoming not only more inventive, but more audacious, greedy, and harder to pin down. This in turn is making security a priority for all C-suite executives, not just the CIO and CTO – and an increasingly slippery one.

Accordingly, with all manner of threats emerging and evolving across the business landscape, cybersecurity is under pressure to change too.

Luckily, suggestions are that it is likely to do just that over the next few years.

How? In a number of key ways.

First, via automated responses to cyberattacks which, employing greater intelligence, big data analysis, and machine learning, look set to become standard cybersecurity practice according to many.

Blockchain – guaranteeing data integrity and identity via decentralised validation – is also widely tipped to become essential moving forward.

In terms of approach, collaboration, unification, integration, and convergence will be key too. In particular, the integration and convergence of data (from the complete spectrum of sources), and of security technologies, skills, and analysis.

The ‘knitting together’ of these resources will enable them to work together more efficiently, say commentators, giving organisations greater visibility across both their operational and threat landscapes and so spot potential threats such as ransomware – and defend successfully against them – before or as they emerge.

At least one of these resources – talent – seemingly also needs to be addressed at a more grass roots level however; employers needing to embed IT security skills more effectively and foster a culture of greater ‘learnability’ and upskilling.

This is in part thanks to shifting consumer attitudes towards cybersecurity as they develop a greater awareness that smart devices – doorbells, toasters, refrigerators and even cars – are becoming IoT-driven gateways to their personal data.

Joining the public in this increased vigilance could be the public sector; Philip Hammond’s announcement of an extra £1.9billion in cybersecurity funding signalling the government’s intent to up its security game to combat ramping threats in areas such as IoT, state-sponsored hacking, and organised cybercrime.

The result here is tipped to be a more unified, ‘national’ approach to cyber security; one based on information-sharing communities rather than a fragmented, secretive, organisation-by-organisation approach.

Regulation also seems likely to play a key role here, as data protection legislation such as GDPR and PSD2 start to bite.

It’s all just as well.

According to the 2017 Global Threat Intelligence Report (GTIR) almost 1.4 billion successful cyberattacks took place in 2016. That’s nearly 3.8 million records lost or stolen every day. Or 44 every second.

With the cybercriminals clearly raising the stakes, the rest of us must too.

Or all bets could be off.

Learn more about the ThinkShield approach and how it can protect all aspects of your business here https://www.lenovo.com/sg/en/thinkshield/

Building the next-gen data centre

Where traditional and web-scale apps co-exist