IN SEPTEMBER 2018, Facebook’s profile data was breached, and 50 million users’ personal information were reportedly stolen. Under Armour overlooking flaws in their cyber-system also incurred a situation in March 2018 where hackers compromised their MyFitnessPal app and purloined the passwords of 150 million members. As corporations suffer attacks from malicious sources, the damage that their consumers receive are unfortunately increasing. With a greater amount of people’s personal information placed online, companies are showing increasing concern over internet crime and managing their infrastructural integrity. However, as new internet tools are developed, corporate producers and consumers’ defenses against cyber-attacks will undergo considerable escalation.
A hacker’s arsenal: threats against cybersecurity
What makes prevention hard is the plethora of attacks that exist and threaten security in the internet. The most common concern for online users is identity theft, where sensitive data like one’s social security number is discovered and used to steal finances or frame crimes. According to LifeLock, an identity theft protection service, a total of 1,579 data breaches in 2018 exposed approximately 179 million records, a 44% increase in total compared to the previous year. These breaches include frauds in credit card, loans, and most commonly, employment and tax-related scams.
Apart from the misuse of personal data, the ransoming of them is another cause for anxiety, as hackers use valuable data as leverage in monetary blackmails. Cyber-criminals use software that threatens to delete or publish information, otherwise known as ransomwares. The strain attack of a ransomware software called “Bad Rabbit” in 2017 encrypted user database from various websites as hostage and then demanded BitCoin payment. This eventually caused monetary and systematic damages across six states from Russia and Ukraine.
Companies also fear hackers using virus and corruption software to sabotage and permanently damage their servers. With the inter-connectivity of devices linked with the internet, common cyber-infrastructures are especially prone to a widespread shutdown.
Since the resources to achieve these attacks are inexpensive for hackers, the opportunities to hack are cheap and many. Thus, even small-time criminals possess the power to launch a widespread attack.
New internet trends: a game-changer
Internet technology is continuously evolving, aiding both the invaders and defenders of cyberspace. According to Symantec, a prominent American software company, with the commercial use of Artificial Intelligence (AI) technology, internet criminals will be able to utilize AI technology to reinforce their illegal activities.
The danger of AI is its ability to target individuals more efficiently, as well as its ability to create more believable materials. Hackers are already familiar with phishing, the technique of sending seemingly trustworthy messages to individuals to entice them into revealing private information. However, with AI technology hackers can use AI algorithms to identify who is most likely to fall for such an attack. If an AI creates a fake video starring a believable figure with recreated voice and appearance, the increase in credibility could be used to entice potential victims in investment scams.
Hackers could also cause a considerable amount of damage if they used AI programs to detect weaknesses within a system they are targeting. If there is a certain corporation with an AI-automated system and a hacker managed to cause corruption, the major components of the company infrastructure would simultaneously suffer the same attack.
However, while AI poses a problem, it contributes to the solution as well. Similar to how hackers run AI systems to search for weaknesses, defenders can run simulated attack sessions to discover their own vulnerabilities and address them before they are taken advantage of. AI technology can also aid security strategies; if they are embedded in common software, they can algorithmically advise a user on what actions they should take to avoid being hacked. Through learning techniques, these systems can even suggest the best course for action in internet transactions when sensitive or personal data are at stake.
Responses to attacks & efforts to be taken
The number of cyber-attacks has been in the increase for the past years, with approximately 758 million attacks transpiring worldwide in 2016; harms in cyber-attacks would more than likely continue.* With this rise, the need for both governments and corporations to allocate more resources and be more well-equipped in terms of cyber-defensive measures is becoming more urgent. Not only do companies have a corporate responsibility to provide cybersecurity for their user’s information, but companies also care about their reputation. Professor Daryl Bockett (Prof., UIC, International Studies) pointed out in an interview with The Yonsei Annals that since hacking a company could expose the data of the consumers, rendering them vulnerable to identity theft, companies have more incentive to invest more on cybersecurity to avoid the reputational risk.
While companies are slowly adapting to change, they currently face a myriad of challenges. Firstly, companies are unsure of how much is enough cybersecurity. Professor Bockett points out that “a business has to face cost-benefit challenges – they know how much the investment in cybersecurity costs, but there is no way to know how effective it will be.” Simultaneously, the growing number of threats are increasing faster than the development of defense mechanisms to solve them, rendering the exact estimation for investment resources challenging.
Additionally, unlike mass conglomerates, small and medium-sized companies lack the resources necessary to cope with cyber-attacks since they cannot afford to invest in cybersecurity measures. Businesses need to invest 9 to 14% of their budget on IT in order to be equipped with a healthy system, according to cybersecurity service firm KasperskyLab, but the majority of corporations are not devoting enough. By the organization’s standards, KasperskyLab’s survey shows that less than 10% of small and medium-sized companies worldwide are investing enough resources for an effective team despite 54% of them believing their security will be compromised in the near future. The lack of personnel with the technically skills to implement cybersecurity is also a major challenge, as 48% of companies are experiencing talent shortages and 46% claim that they need more specialists.**
With the hefty price tag on cyber infrastructure, corporations in developing nations especially have problems meeting the standards for effective defense. Especially with citizens within developing countries having a low cyber literacy, commonly engaging in risky internet behavior, such individuals are left vulnerable to attacks. Among the top 10 states to suffer the most ransomware attacks in 2018, six states were developing nations.***
* * *
With the threat of cyber-attacks and the stakes for security ever increasing on the internet, anticipating the changes and recognizing effective strategies for the future are clear and rudimentary steps. Going beyond corporation-level solutions, the European Union’s General Data Protection Regulation (GDPR) and individual states’ domestic legislations on information privacy are just part of the bigger picture of a safe internet for all. Above all, the reinforcement of private cybersecurity is a task as well as a burden that the trinity of the government, corporations, and consumers share.
**Cyber Security for Business – Counting the Costs, Finding the Value