This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Aliaksandr Latushka, Information Security Group Leader, iTechArt.
How have cyber attacks evolved over the past 12 months?
2021 follows on emboldening the innovations and challenges brought to us by 2020 with a huge number of people even more immersed into the online world. In fact, internet tech usage is growing not only in private lives and businesses but also on the part of government organizations. As a result, the information volume available on the internet is increasing exponentially. And this couldn’t go unnoticed by people who are dissatisfied with current political trends or those who want to exploit these data assets for money — legally or otherwise. In the past year, virtually every tech industry sector faced serious cyber incidents. Malicious cyber groups like Nobelium, REvil, DarkSide, Babuk, Red Epsilon, Prometheus, and APT28 were quite active and proved how they can affect the work of companies. Not a week went by without high-profile cyber incidents with gigantic amounts of data and/or capital losses: The monthly damage from cyberattacks in 2021 averaged $500 billion, a fourfold increase in 3 years, and caught even the attention of the UN.
What lessons can be learned from the biggest cyber attacks in recent history?
Despite significant losses, companies continued their activities with extensive use of IT. I believe that this is largely due to integrated corporate information made safe through security management systems. For a long time, these systems have been operating in order not to prevent cyberattacks, but to reduce the damage to an acceptable level.
Cyber threats, globalization, and the lack of borders on the internet empowered the necessity to unite not only for working groups and professionals but also for entire companies and even state actors to develop new tools and skills to oppose and reduce damage.
What will cyber attacks look like in the future?
Modern tools are becoming vital, at least to increase the response rate to incidents. A fairly low entry cost threshold to execute cyber-attacks, paired with their significant financial benefits and lack of accountability led to an increase in shadow activity cases. Their participants unite into cyber groups with a deep stratification of imputed functions. Some criminals may just develop the code, unaware of or not interested in their true function in such groups.
There’s one more potential cyber threat – the rapidly increasing number of “smart” devices — the so-called IoT. As a rule of thumb, such devices are not yet equipped with enough energy to “carry onboard” sufficient means of protection and are dependent on the safety of the environment. Due to the ever-growing adoption of those devices by the general public, IoT attacks are becoming easier and a real pain in a modern home or office.
To sum up, we should keep on expecting increasingly complex cyberattacks aimed at causing major damage to corporations and states; cyberattacks aimed at IoT devices as a low-effort action with disproportionately inconvenient effects, and the growth of attacks using social engineering and deepfake tools.
Alongside these, we will also observe the moral battle between two views: One advocating for control in detriment of privacy (for example, to increase governmental watch tools or for the business purposes of corporations) and another willing to preserve privacy as the means, among other things, to avoid massive cyber frauds.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
Is there anything you can oppose to such a future? I’d say, there’s definitely a need to develop a culture of safe work environments, which must be integrated into all aspects of IT activities – from design to operation and support of the finished product.
SDLC procedures should take place for the entire range of products, and Pentest should be the proof of effectiveness. Conducting Pentest audits will also contribute to developing BCP procedures in case of cyber incidents;
Conducting research and exchanging experiences about past cyber-attacks should take place. Using the SOC experience may also be effective for countering and reducing damage from attacks;
Capping it off, it is also much necessary to provide awareness training for staff and IT users.