The March 22 attacks on the airport and a subway station in Belgium's capital, Brussels, underscore the sad fact that terrorism is a growing international problem. Today we are also wrestling with the initial stages of another international human-made problem with profound implications for society―cyber risk proliferation. Every week there are news stories regarding major cyber attacks that targeted credit/debit card information, healthcare records, or government personnel data. Even the personal email of the Director of the U.S. Central Intelligence Agency was hacked.
The growing impact of cyber attacks is illustrated by the increasing number of records lost, from the 100,000 lost in 2004 to the nearly 2 billion lost by mid-2015. As the popularity of mobile devices and networked technology grows, cyber risk will only increase. Cyber criminals are already exploiting opportunities presented by new platforms and social media.
Many of us are aware of the dangers associated with our home networks and WiFi. Using social networking applications such as Facebook, Twitter, Linkedin, Instagram, and Pinterest lets our "friends" know where we are and what we are doing. All of these applications make us vulnerable to cyber attack, and each month there are more than 2 billion potential victims using them (based on 4th quarter 2015 statistics). It is expected that social media networks will face advanced attacks aiming to leverage a user's contacts, location, and even business activities.
The Internet of Things
Rapidly becoming ubiquitous, and therefore potentially even more dangerous than social media, is the Internet of Things (IoT); the network of physical objects embedded with electronics, software, and sensors to enable the collection and exchange of data. Wearable technologies, vehicles, buildings, cities, and appliances are just some of items now part of the IoT.
You can already control devices in your home such as smart thermostats, lighting, security systems, and even the coffee maker with your smartphone, and the number of IoT devices is expected to grow exponentially. Estimates indicate that nearly 1 trillion connected devices will be in service by 2020, representing a vast number of additional potential breach points through which critical personal information may be obtained.1 IoT devices may not be designed with protection against hacks; with vast amounts of personal information and business data being stored in the cloud and transferred between devices, any weak links in the security chain represent exploitable vulnerabilities.
The Industrial Internet
Technology is transforming the industrial sector, too, through the increasing integration of physical machines with sensors and software throughout networked systems. Cyber criminals could exploit this increased interconnectivity, particularly where connected components designed before cyber security became an issue remain in use. Attackers have reportedly destroyed some of Iran's nuclear centrifuges and temporarily gained control of a New York dam's flood gates and the power grid in Ukraine. As well as causing physical damage to plant and machinery, such attacks could also cause substantial business interruption losses.
Industrial control systems, such as those that control manufacturing processes or utility plants, are intended to enhance usability and accessibility, but they also create another domain in which cyber attacks can occur.
Are you prepared?
Cyber risk proliferation is real, it is scary, and it can be costly. However, there are ways to defend against, detect, plan for, and respond to cyber attacks. Organizations need to protect themselves from catastrophic costs caused by cyber attacks. A good first step is to better understand your cyber risk.
The Hurricane Andrew of cyber is coming. Are you prepared?
1 Global Machine-to-machine Management Software Market 2014-2018. TechNavio/Infiniti Reports. 17 September 2014.