A review of recent trends in cyber threats – Q4 2017
It is difficult to write a good news story for 2017 because the reality is that all threats are on the rise. The only silver lining is both for professional thieves and those working for IT security (to stop them) because, “business” has never been better. For the rest of us, hopefully some of these statistics will remind you to update your software, maintain excellent passwords, be careful what you download, and be careful what you click on. For those in IT, you also need to keep and monitor logs at every layer in the technolgoy stack, be on constant lookout for behaviour changes in systems and people, and add additional layers to your defensive perimeter.
How big is the market for cyber security?
According to CyberSecurity Ventures, global spending on cyber security will exceed US$120 billion in 2017. The massive growth in this sector has fueled a baffling array of consultants, software vendors, cloud vendors, hardware vendors, managed service providers and more helping to protect our systems and data. It is incredibly complex market that is very difficult to quantify. If we take Canada’s share of the global GDP at 1.5% as a proxy for our share of the security market that puts local spending at CAD $2.26 billion. What is fueling this dramatic investment in security technology that serves no direct revenue stream for buyers? It is the massive growth and globalization of hacking and the direct and indirect costs of a breach.
Ransomware is the new black – but that doesn’t mean that the others are going away
For those who don’t know the analogy, in fashion there is the notion that every year there is a hot new colour to replace the ever-popular black. This applies in security because every year there are new threat trends that dominate the minds of CEOs.
A few years ago it was all about high profile data breaches, last year everybody was talking DDoS and in 2017 the market has brought ransomware to the dance. Every tradeshow and conference headlines off it and new vendors are entering the market – including CIRA. We look to the DNS to help protect Canadians from phishing and malware (including ransomware). Despite the current focus on ransomware, the reality is that all types of attacks continue to grow because our IT systems have grown very complex and interconnected. This complexity when combined with the entrepreneurial speed at which organizations must move creates vulnerabilities, which thieves call, “opportunities”. There is now a very clear path to nefarious profit enabled through the dark web, globalization, anonymous cyber-currencies, and proven payment models.
What do we mean by proven payment? At a Fall 2017 conference in Ottawa, Trend Micro presented that you could buy 100 credit card numbers for $19 and a complete identity for $5. These statistics predated the Equifax breach and a potential flood of new identities, meaning that the price for owning you has probably dropped even lower.
On the ransomware side of things, the average ransomware payout is reported to be somewhere between $700 – $1000 depending on who’s report you reference. This low average payout means that hackers aren’t just targeting the big enterprises but hitting local business and homeowners. Overall, it is estimated to be a billion dollar global “industry” for thieves! In Canada while we have seen a few high profile incidents reported in universities and hospitals we know that the vast majority of successful attacks go unreported because the damage to organizational reputation has traditionally out weighed the cost of just staying quiet. For individuals, we assume that many simply consider any hacking on their personal PC to be solved by a hard drive format and not involve contacting authorities.
Interestingly, Canada gets far more than our fair share of malicious activity – likely due to our proximity to, and use of, services based in the USA. Cisco’s 2017 mid-year security update showed a map where Canada was the recipient of far more malware attacks than our network size would suggest with a score of 6.2:1 blocks to network size. To compare the USA was only 0.7 blocks to network size. While this measure is difficult to fully grasp the critical learning is that we received almost 9X more malware blocks than we would expect based on our smaller size and proximal similarity to our southern neighbor.