Cyber impact: managing the unknowns

Katherine Robins, Deloitte Risk Advisory Partner and cyber security practitioner alerts us to emerging cyber threats, and the scary fact that with every new technology there comes a new way to use that technology in a malicious way.

The cyber security market is in lock step with the need to build resilience, monitor and try to prevent these emerging technologies from both misuse and attack.

Understanding how best to do this is threaded throughout the tech trends nominated by Deloitte this year. As mandatory data breach reporting comes into effect in Australia in February 2018, and GDPR for Europe later in the year, the need to be able to detect an incident becomes even more critical.

Security vendors have responded with sophisticated tools that use a mix of behavioural analytics, big data (to detect trends of malware events across different industry verticals, geographic locations, etc) and machine learning to provide better incident response and better detection of ‘never-before-seen’ events, also known as zero day attacks or ‘unknown, unknowns’.

Some examples include:
Blockchains are increasingly being used as they move from their cryptocurrency roots to using the underlying technology (of merkle trees, cryptographic hashing, distributed ledgers, etc) to secure and track data sets of any type. For example there are blockchains for supply chain applications, logistics, property and asset ownership, and even for tracking food production.

Internet of Things (IoT) or Internet of Everything (IoE) continues to grow, driving the IoT security market. As more and more devices become connected, the risk of compromise and attack increases. There have been highly publicised attacks where IoT devices such as CCTV cameras, baby monitors, toys, etc, have been compromised and then used to launch distributed denial of service attacks.

There have also been attacks through connected systems such as the heating, ventilation, and air conditioning, or HVAC systems. They have been used to gain access for example to the corporate network in order to steal corporate and client data. The biggest issue with IoT is that in a large number of instances, the devices are too small to be able to support a security layer.

In the case of light switches and door bells, there isn’t enough compute power, or storage, to support encryption or ‘cut down’ firewalling, which leaves the device susceptible to attack. Industry bodies and organisations have been formed to provide better governance, regulation and security in this growing area of concern.

Cloud Security continues to become more complex as multiple governance, data privacy, data sovereignty, data breach notification and information security laws are regulated differently from country to country. Subsequently where data is housed will be subject to the local laws. For organisations focused on global standards this has created issues. There has been a trend for hybrid deployments, with some large organisations keeping a local data centre presence for sensitive information and cloud presence for the flexibility and scalability for non-sensitive data.

The downside to these technologies is that the bad guys are also using these technologies to produce better attacks that are harder to detect.

To find out more about our emerging cyber threats tech trend for 2018 click here

Want to stay up-to-date?

Stay on trend and in the know when you sign up for our latest content