16.05.17

Expert Opinion

Globalized cyber-insecurity, the Achilles' heel of companies

    Cybersecurity forms one of the pillars of the digital transition of companies. The rapid development of digital threats and their globalization are forcing companies to build up cyber resilience that safeguards their performance.

    The date of 12 May 2017 will no doubt remain etched on our memories as a black day for global cybersecurity.  More than 70 countries were affected by the WannaCry [1] infection. Sixteen hospitals within the British health service - the NHS -, were forced to postpone operations, car production units at Renault brought to a halt, the Telefonica and Fedex groups severely affected, the Russian Ministry of the Interior targeted, and a German railway station paralyzed, all by one single piece of malware, the WannaCryptor (or WannaCry) ransomware. This uses SMB vulnerabilities and the ETERNALBLUE and DOUBLEPULSAR exploits, which were discovered by the NSA then leaked from it, to introduce itself into information systems, encrypt the data they contain, and demand a ransom to decrypt them. In under 24 hours, more than 100,000 Windows systems were infected at a formidable speed of propagation. This worldwide cyberattack highlights the vulnerability of hyper-connected societies and their economies, and the necessity of developing a culture of digital security.

    According to the established adage attributed to John Chambers, ex-CEO of CISCO, "There are two types of companies: those who have been hacked, and those who don't yet know they have been hacked." Beyond the mere slogan, this pragmatic statement describes precisely the increasingly powerful nature of these threats that affect enterprises ever more violently and jeopardize their performance, and sometimes even their existence. Over the course of the last two years, nearly 75% of enterprises were victims of a cyberattack. Worldwide, the average cost of a digital attack stood at 700,000 euros in 2016, with wide variations depending on the activity of the company targeted and type of harm suffered.

    The development of the cyber threat in 2017

    If the cybercrime economy is growing at great speed, this is because the threat is developing in complexity and constantly adapting to the different levels of shield protecting companies' information systems, often being one step ahead of defensive actions. The human factor constitutes one of the weak links in the security chain connecting man to systems. The threat can utilize social engineering and phishing, malpractice inside a company, or sophisticated system penetration tools of the APT (Advanced Persistent Threat) kind. In 2016, ransomware remained the most lucrative tools for hackers, with no less than 62 new families of this type of malware developed during the year... Cryptolockers, which encrypt all the data on the victim's disk, generated more than 40 million dollars in 2015, with an average cost of 300 dollars for every user who agreed to pay the ransom (like the WannaCry ransom) to get their data back. Attacks by DDoS (Distributed Denial of Service) have also become considerably stronger. The principle behind DDoS relies on the compromising of a large number of "zombified" machines, with the hacker taking control of them to direct and funnel a deluge of requests to the target's servers. DDoSs now make use of the vast pool of connected objects which have little or no protection, to produce targeted campaigns of great intensity. The attack that targeted the internet hosting company OVH in September 2016 reached a record power of 1Tb/s (one terabit per second) and was carried out thanks to the compromising of 146,000 connected surveillance cameras suffering from security flaws.[2]
     

    Artificial intelligence and big data as new shields

    Classic security tools have become inadequate to deal with the increasing power of cyberattacks. New platforms analyze the threat very far up the chain of events characterizing the attack. UBA (User Behavior Analytics) utilizes all the data from a company's information system and its employees to detect the weak signals warning of abnormal behavior and compromise. UBA platforms use machine learning processes to learn what is a network's "normal" functioning and react to irregular practices. In this way, artificial intelligence is becoming the crucial element in the building of smart and scalable cybersecurity able to adapt in real time to cyberattackers' most complex strategies.

    While the race for technological innovation in cybersecurity is mobilizing everyone's efforts, there also needs to be an immediate cultural revolution in terms of heightened awareness of best digital practices within companies, as can be seen from the WannaCry attack, and as those to come will continue to show.

     


    References

    [1] WannaCry, cyberattack of 12 May 2017: https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

    [2] DDoS against OVH - September 2016: https://www.ovh.com/fr/a2367.goutte-ddos-n-a-pas-fait-deborder-le-vac