Considering how fast internet and wireless communication technologies advance, you would think that we’ve beaten cybercrime by now. Instead, the world continues to witness massive breaches after massive breaches that cost businesses and consumers trillions.
According to the Official 2017 Annual Cybercrime Report by the Herjavec Group, the cost of cybercrime is expected to reach $6 trillion annually by 2021 — that’s twice the recorded cost of $3 trillion in 2015. These estimations are based on the most recent year-over-year trends, growth in state-sponsored attacks and other historical cybercrime data.
When it comes to the actual incidences, the many, ugly forms of cybercrime came into full view — from “ransomware” to Distributed Denial of Service, or DDoS attacks.
Make no mistake, strides are being taken by the government and cyber security firms to combat these threats. As of now, there are many ways for you to avert most forms of cyber attacks. It’s just that some organizations, like the National Health Service in Britain, fail to observe even the most basic of security practices, including keeping their software applications up-to-date.
And that’s exactly where businesses and individual users can make a difference — by being vigilant and proactive in their cyber security.
The internet is basically filled to the brim with resources that can teach you how to protect against cyber attacks. Better yet, innovators in spaces like blockchain and machine learning also present new opportunities that could potentially put a stop on the never-ending war against cybercrime.
1. Preventing zero-day attacks.
The most dangerous form of cyber attack is the one that you don’t see coming.
It’s reasonable to assume that your business network is already protected by your very own security software. This typically includes an antivirus, anti-malware and a web application firewall. However, these layers of defense depend on software updates that contain threat definitions, which will then enable them to detect and eliminate infections.
A “zero-day attack” is an exploit executed by hackers before these patches are rolled out. For example, if a developer releases an app with an unknown security flaw, hackers can take advantage of this vulnerability before it’s even discovered.
Today, cyber security enterprises and organizations are looking at machine learning as the potential, long-term solution to zero-day attacks. One particular example is the system built by a team at Arizona State University that monitors websites on the “deep web” that markets security exploits as a service. Using machine learning, the researchers were able to capture an average of 305 high-priority threat warnings each week.
Machine learning and artificial intelligence are also known as the underlying technologies behind the Chronicle — a new cybersecurity company launched by Google X. Touted as a “digital immune system” by Google X chief Astro Teller, the platform presumably runs on a detection-based ecosystem that also utilizes the massive infrastructure of Alphabet, the parent company of Google.
Although the nitty-gritty of the Chronicle product is still unclear, the product is positioned as a proactive threat prevention, analysis and intelligence platform. These are the kind of functionalities that wouldn’t be possible without some form of machine learning as the backbone.
2. Self-sovereign identities.
The internet is easily one of the most important inventions in the last generation. It propelled us into the future and now permeates every single facet of modern life, including, but not limited to business, education, entertainment and communications.
But as people grow more connected, bigger pieces of their identity are stored online, thanks to businesses, online services and government entities that collect personal and financial information.
Inadvertently, this created opportunities for hackers to commit “identity theft,” which can incur huge losses to consumers. According to the 2017 Identity Fraud Study, consumers lost to the tune of $16 billion in identity fraud damages.
Some of the ways hackers can steal sensitive information is through phishing, website spoofing and card skimming. The most lucrative method, however, is to breach a central repository with a deep pool of identities. One example is the infamous Equifax data breach where over 145 million Americans had their personal information stolen.
With a self-sovereign identity, identity theft can be averted by granting the full control and possession of identities to their rightful owners. A blockchain system like Decentralized.id or DID, for example, allows users to store their personal information on a decentralized, public record. They can then access and verify their identity to avail services via their personal device.
For example, suppose you signed up for a subscription service. Traditionally, your account details will be stored in the company’s own database, leaving you with only your login credentials for access.
A self-sovereign identity, however, is stored in an immutable blockchain that you can access and verify through your own device. It can be a driver’s license, bank account or online account information. Once stored and encrypted in a blockchain, platforms like DID allow you to manage your IDs and use them for various transactions, like logging on to web services or making purchases.
3. DDoS mitigation.
Finally, DDoS attacks are the most common form of cyber attack, and they still present a big problem to businesses in 2018.
The 2017 Worldwide DDoS Attacks & Cyber Insights Report indicates that businesses lose up to $2.5 million per DDoS attack. Apart from revenue losses, it can create a window for further breaches, such as data leaks and malware infections. And as a result, it may also cause irreversible damage to the company’s reputation.
A DDoS attack works by flooding an online service with traffic using a network of computers infected with Trojans, also known as “botnets.” This would consume most, if not all, of the available bandwidth that the server can support, thus, denying access to real users.
Due to their compounding effects, DDoS-as-a-service providers see up to 95 percent in profits in deep web markets, according to Kaspersky Labs. Fortunately, these attacks can now be easily fended off with DDoS protection services like Cloudflare. There are also web hosting services that feature network-level flood protection, screening and blocking traffic from suspicious sources.
Ultimately, all it takes is a proactive approach towards cyber security. Throughout the war against cybercrime, there never really was a shortage of security tools that can respond and repair the damage done by cyber-attacks. But with the technologies mentioned above, you can assume a proactive stance and take the battle to the hackers.