|
Getting your Trinity Audio player ready...
|
βThe bad guy only has to be right 1 percent of the time to get through,β said one security firm founder.
By: L.C. Leach III
On Nov. 3, 1988, long before most of the world would hear of dot-com and cyberspace, Eugene Spafford, an assistant professor of computer science at Purdue University, awoke to a peculiar problem: He could not log into his school computer from home.
At first, he thought his machine just needed rebooting.
βBut later I started looking at system logs on that machine, and some others,β said Spafford, now in his 38th year at Purdue, via email to The Epoch Times. βAnd I found evidence that [a computer worm] had been present.β
The worm turned out to be the first stand-alone computer malwareβcreated by Robert Tappan Morris, a Cornell University graduate student, who would soon become the first person indicted under the U.S. Computer Fraud and Abuse Act.
At the time, the number of potentially vulnerable machines hovered under 80,000 worldwideβand there was barely any such thing as cybersecurity.
In the 36 years since Morrisβs worm, the world of computers and information technology has evolved into a multi-billion-dollar industry with more than 5.5 billion internet usersβapproximately two-thirds of the worldβs population.
And behind the scenes, millions of cybersecurity professionals are fighting cyber criminals in an invisible war that is becoming more intense, more expensive, and more challenging than ever before to keep personal information and business operations safe.
βCyber crimes are projected to reach $10.5 trillion by 2025, up from $3 trillion in 2015,β said Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine, a research and market intelligence firm with locations in Northport, New York, and Sausalito, California.
He said that since 2013, the demand for cybersecurity professionals has been so high that the estimated shortage since then has grown 250 percentβfrom 1 million to more than 3.5 million in 2024.
βIt wonβt be until sometime in 2025 that we look ahead with another prediction,β Morgan told The Epoch Times via email.
βBut we expect cybercrime growth to slow to around 5 percent annually over the next five years, given heightened awareness by consumers and organizations around the cyber threats, and the measures they are taking accordingly.β
PhishLabs, for instance, founded in 2008, is a globally recognized cybersecurity firm in Charleston, South Carolina, that grew 376 percent from 2012 to 2016. Acquired by Fortra in 2021, PhishLabs protects thousands of businesses each month from cyber attacks, data breaches, and financial losses due to online fraud.
βExternal threats play a large part in digital threat landscape,β said Eric George, director of solutions engineering in a 2024 company blog.
βAnd like the name suggests, external threats are those that come from outside of your organization.β
Company founder John LaCour said his main concern is always in the β1 percent.β
βThe bad guy only has to be right 1 percent of the time to get through,β LaCour told The Epoch Times via email. βAnd we have to be right 100 percent of the time to stop him.β
Biggest Threats
Dr. Noah Schiffman, a reformed hacker in Charleston, South California, and now an independent cyber researcher, has worked for much of the 21st century as a chief technology advisor and cybersecurity officer for companies such as KBR, Wave Sciences, and Orbis, Inc.
Much of his focus has been on trying to predict criminal βexploits,β or techniques, and implement measures to stop them before they are executed.
βBut new exploits are discovered every day which canβt be predicted,β Schiffman told The Epoch Times via email.
βAnd most, if not all, of the threats from 10 years ago are still very relevant today. However, many have grown in their sophistication and complexity.β
The five current areas of exploitation that are high on the cybersecurity alert include the following:
Ransomware. As the name implies, ransomware is malware that criminals use to keep data away from their owners, then force them to pay a ransom to recover the data.
Hollywood Presbyterian Medical Center in Los Angeles, California, for example, paid the equivalent of $17,000 in February 2016 to a hacker who seized control of the hospitalβs computer systems and ransomed all of its records until payment was made.
In the eight years since then, Schiffman said ransomware has significantly increased in both frequency and severity.
βThe use of cryptocurrency as payment has helped with attacker anonymity and made it very hard to trace and track down cyber criminals,β he said.
Cloud Technology. In the not-so-distant past, companies stored their data in-house because it was seen as the safest way to secure it. Now, many companies outsource data storage and services to firms that use a βcloud or data that is accessible from a Web browser.β
Firms then handle the cloudβs data security for the companies as a service. And this cloud technology gives hackers new and possibly more targets to breach.
βDespite the large budgets cloud providers spend on security, breaches still occur due to things like service provider vulnerabilities, insider threats, misconfigurations, and poorly handled credential management,β Schiffman said.
Mobile Computing. Schiffman said the average number of personal computers used to be one per family. In 2023, this figure rose in North America to more than 13 per person, and includes desktops, laptops, gaming platforms, and hand-held devices such as smartphones and tablets.
βMobile phones now outnumber traditional computers in ownership and use,β Schiffman said.
βAs the number of these devices increases, your susceptibility to being attacked increases, because there are more targets. Therefore, this continues to be a target of cyber criminals, with largely phishing attacks as the main attack vector.β
Phishing. In this cyber crime, criminals posing as reputable sources use fraudulent email in an attempt to trick the recipient, usually an end user, into revealing confidential company information, such as login credentials, passwords, or account data.
If the recipient responds as intended, they unwittingly let criminals into a system to steal money and account information.
βSince the end user is always the weakest link of the security chain, targeting individuals through phishing will always have a degree of success,β Schiffman said. βThe most effective prevention is through end-user education.β
Artificial Intelligence. Cybercriminals use AI to carry out a variety of sophisticated attacks, including data poisoning, password hacking, social engineering schemes to trick individuals into revealing sensitive information, and deepfakes to manipulate visual or audio content and make it seem legitimate.
Both Schiffman and Morgan pointed out that AI is just the latest cyber threatβand likely not the last one.
The growing sophistication of threats has led to some massive security breaches.
Kaspersky Lab, a privately owned cyber security company headquartered in Moscow, reported that a cyber gang known as Carbanak stole up to $1 billion from 100 financial institutions worldwide from 2013 to 2015.
In June 2015, the U.S. Office of Personnel Management in Washington discovered that background investigation records of current, former, and prospective federal employees and contractors had been stolen. The theft included the Social Security numbers and other sensitive information of 21.5 million individuals.
From Nov. 27 through Dec. 18, 2013, when cyber criminals breached the computer systems of retailer Target, approximately 40 million cards were compromised, as well as 70 million customersβ personal details.
In December 2023, about 1.5 billion records were leaked from New York-based online real estate education platform Real Estate Wealth Networkβin what Schiffman called one of the largest leaks in U.S. history, with an exposed database of nearly 1.16 terabytes due to having βnon-password-protected folders and system access.β
The database of National Public Data, a Florida-based background check company, was hacked in December 2023. Schiffman said this breach of an estimated 2.9 billion records impacted 270 million people. Much of the stolen data was leaked and βmade freely available in a 4TB dump onto a cybercrime forum July 2024.β
In 2012, the South Carolina Department of Revenue in Columbia was the victim of a phishing attack that affected 700,000 businesses and compromised the Social Security and bank account numbers of 3.8 million individuals.
Β Β Β Β Β Β Β Β Β Β (TheEpochTimes.com)
