Progress has hit us from all sides. Industries are shifting at breakneck speeds to keep up with the intensity that disruptions have forced upon them. The benefits of progress in technology has been promising for many. Start-ups and conglomerates both, are reaping the rewards. From self-driving cars, smart homes, predictive analysis, healthcare benefits and even soon, trips to the moon, the list goes on. But has the cost of this progress been fully comprehended and taken into consideration by the powers that be? If this progress has or is heading towards an end that’s less than desired, can it be reversed or at the least, halted?
A recurring but definitive threat that has emerged from becoming this progressive nation, which requires us to share every detail of our lives, where we go and with whom, how we spend our time, our connections and data, is the threat of hackers. Easily shared and scraped from numerous sources, our data and this connectivity now threatens every corner of our existence and we are not even aware of its full potential at creating chaos. A doomsday device, perhaps, that has been portrayed countless times on the big screen. And today we are quite possibly at the very precipice of our existence as we venture headlong into a future we know very little about.
Our attempt at controlling or eradicating this threat is falling terribly short of achieving that end. It has been proven many times over with many of today’s technological advancements such as what’s running our automobiles, homes and offices, can be easily hacked into and its data changed, or held for ransom. Although there are threats that are easy to address, the major threats that can render cities helpless are anything but benign.
Financial systems are heavily at risk from these attacks as web sites and apps that accept or store credit card numbers, brokerage accounts, and bank account information are prominent hacking targets. Hackers are driven by the potential for immediate financial gain from transferring money, making purchases, or selling the information on the black market. Other hacker favourites would include in-store payment systems as well as ATMs that are easily tampered to collect the customer’s account data and PINs.
The industrial segment is not spared the wrath of these criminals. Since computers control functions for utilities, such as telecommunications, power grids, nuclear power plants and even valve operation in water and gas networks, hacking into these systems would mean the ability to hold organisations and even nations at ransom. Although the Internet is a highly probable attack vector for such machines if connected, the Stuxnet worm was comprehensive in showing that even equipment controlled by computers not connected to the Internet can be vulnerable.
The aviation industry depends heavily on a series of complex systems which could be attacked to cause tremendous damage and loss. Through a simple power outage at one airport the repercussions could reverberate worldwide as much of the system relies on radio transmissions which could be disrupted. Countries in Europe are looking into ways for their air navigation service providers to have their own dedicated networks as a means to mitigate attacks.
A list of consumer devices that are at risk, ranging from desktop computers and laptops, to hand held devices are commonly targeted as a means to gather passwords or financial account information, or to construct a botnet to attack another target. These devices with activity trackers have sensors such as cameras, microphones, GPS receivers, compasses, and accelerometers which could be taken advantage of to collect personal information, including sensitive health information. Attack vectors such as Wi-Fi, Bluetooth, and cell phone networks on any of these devices can be remotely activated after being breached.
Big corporations are targeted mainly through identity theft that involves data breaches and the loss of millions of clients' credit card details such as from Home Depot or Target Corporation. Even medical records have been targeted as general identify theft to health insurance fraud or even to impersonating patients mainly to obtain prescription drugs for reselling on the black market.
As it is quite apparent, not all attacks are financially motivated. Security firm HBGary Federal suffered a slew of attacks in 2011 from hacktivist group Anonymous. This was in retaliation for the firm's CEO claiming to have infiltrated their group. The Sony Pictures attack committed in 2014 appears to have been done with the intention to embarrass the company with data leaks to cripple the company.
Our modes of transportation also seem to have been targeted and it gets worrying to think that our vehicles are highly computerized, with engine timing, cruise control, anti-lock brakes, seat belt tensioners, door locks, airbags and advanced driver-assistance systems becoming the norm and requirement standard. With many now connected through Wi-Fi and bluetooth to communicate with onboard devices and phone networks.
These systems have proven to carry some security risk where something as unassuming as a compact disc can be used as an attack vector, and the car's onboard microphones used for eavesdropping. Then if there is access gained to the car's internal controller area network, the danger is that much. There have been widely publicised reports on hackers remotely carjacking a vehicle from 10 miles away, sending the vehicle into a ditch.
“Over the air” security measures, such as those taken by Tesla are how manufacturers are attempting to mitigate these potential attacks on the machines computer systems.
These areas and many more situations look to arise with the advent of the digital economy and its eco-system in tow. There needs to be a serious approach to addressing these issues.
The ITU, the United Nations specialized agency for information and communication technology, published the Global Cybersecurity Index 2017 (GCI-2017) which measures the commitment of ITU's 193 Member States to cybersecurity.
It measures the participating countries' commitment to cybersecurity and helps them to identify areas for improvement. Through the information collected, it discovers the practices in use so as its Member States can identify gaps and implement selected activities suitable to their national environment and to also help create an eco-system that harmonizes best practices while fostering a global culture of cybersecurity.
Will this be enough to curb or eradicate the threats of cybercrime? What are the areas targeted by these criminals? Are we equipped with the knowledge to prevent these crimes?
For cybersecurity to be used against cybercrime, it needs to encompass controlling physical access to the hardware, as well as protecting against harm that may come via network access, data or code injection. Be it malpractice by operators, intentional or otherwise, security can be tricked into deviating from secure procedures that can cause severe harm.
Therefore, cyber security has to take centre stage due to easy access to data, the increasing reliance on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, and the growth of IoT devices that make attacks that much easier to happen.
The database for Common Vulnerabilities and Exposures (CVE), covers weakness in design, implementation, operation or internal control and as they are discovered, these vulnerabilities are documented and stored in the CVE database.
A vulnerability is where at least one working attack or "exploit" exists. Vulnerabilities are often hunted or exploited with the aid of automated tools. This prevents attacks from reoccurring but not preventing new attacks from happening.
Ranked third on the table, Malaysia can be seen as a promising role model for countries to look to as both championing the move to a digitized nation as well as in sending a strong signal to the cybercrime world, that nations considered as small and a little insignificant in the large scale of things, are very proactive at building their defences against these threats.
Dato’ Dr. Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, had this to say regarding the recognition, “CyberSecurity Malaysia is extremely proud that Malaysia was successfully ranked top 3 in the Global Cyber Security Index for its high commitment and focus on cyber security. As an agency responsible for cyber security in the country, CyberSecurity Malaysia is dedicated to continue strengthening Malaysia’s cyber security. In order to defend country's critical infrastructure and provide cyber security services across sectors in Malaysia, capacity building plays a crucial role to develop more experts in the field to cooperate with existing cyber security professionals and skilled workforce.”
Perhaps there is no one solution that can be used to eradicate these attacks. It might need the cooperation and coming together of more organisations, people and even countries that a solution to cybercrime will prevail.