We recently posted about Deepfakes being a new cyberthreat for 2021. There are a few more threats to be aware of this year, and knowledge about them is the best defense.
Internet of Things, or IoT devices, already represent a mature technological industry. These connected devices are commonplace in homes and offices alike. In a perfect world, they make life easier, and the products supported by IoT more useful.
Unfortunately, IoT devices can be vulnerable to data leaks, cyberattacks, and hackers. Connected devices will be an area of concern for 2021, and their threat potential is almost guaranteed to get worse.
The security issues common to IoT devices stem from the rapidly growing demand for smart devices. The number of products connected to the internet surpassed the number of people on the planet somewhere between 2008 and 2010 and is expected to exceed 75 billion by 2025.
The hacking risk isn’t just a question of having more devices so much as having a higher concentration of devices. At the beginning of 2020, U.S. households had an estimated 11 internet-connected devices per household. The number is expected to explode with the rollout of higher-speed wireless technologies like 5G in addition to the upward trend fueled by people working and attending school remotely during the COVID-19 pandemic.
More internet-connected devices mean a bigger attackable surface, and having a higher concentration of IoT devices in a household or office means more points of entry for hackers.
Case in point: an unsecured internet-connected coffee machine was successfully infected by ransomware in September 2020. While security vulnerabilities in IoT devices are commonplace, infection by relatively sophisticated malware represents a potentially massive evolutionary leap and could very well become the norm in 2021.
As IoT devices become more numerous and more interoperable, the large-scale cyberattacks on businesses, local governments and agencies could migrate to home networks, effectively locking residents out of their homes and appliances and exfiltrating their data.
The issue is not limited to home and office environments, either. IoT is expanding in the medical, industrial, and military fields, with expected annual growth at 21, 21.3, and 6 percent respectively. The possible benefits from internet-enabled applications to any of these fields are enormous, but the increased risk can’t be overlooked.
AI and Machine Learning Hacking
The good news first:
In the face of overwhelming hacking attempts, phishing emails, a skills shortage, and an ever-increasing attackable surface, cybersecurity companies and experts are increasingly turning to AI solutions to defend networks and devices.
Advanced machine learning algorithms are deployed to identify phishing emails, malware attacks, and generally suspicious or out-of-the-ordinary behavior on networks that could suggest a cyberattack.
The bad news is that hackers have access to the same technology.
In much the same way that cybersecurity AI and machine learning can be leveraged to scan and analyze massive amounts of data to identify a phishing attack, hackers and other threat actors also have an enormous amount of data at their disposal, especially from previous data breaches and leaks.
As a proof of concept in 2017, researchers at the Stevens Institute of Technology used data from two large-scale data breaches where millions of passwords had been compromised. By analyzing tens of millions of passwords from a compromised gaming site, the AI-enabled network was able to artificially generate hundreds of millions of passwords based on patterns it identified. When applied to a set of 43 million compromised LinkedIn passwords, it was able to crack them with 27 percent accuracy.
Although this was only an experiment, more powerful programs exist. One program discovered in February 2020 reportedly had the capacity to analyze more than a billion compromised login and password credentials and generate new variations. This represents an evolutionary step beyond credential stuffing (a crime where the target’s passwords are used to access other accounts). AI makes it possible to identify patterns and correctly guess passwords.
While it’s uncertain exactly how many threat actors or hackers are actively utilizing AI and machine learning, governments and technology firms alike are taking the threat seriously and actively building defenses. This is considered likely to lead to an ongoing arms race between cybersecurity firms and hacking groups and is guaranteed to continue to escalate for years to come.
Again, the best defense against cyberthreats is knowledge. You should know about Personal Cyber Protection Coverage, also, because it can also protect against the effects of these threats. This endorsement provides the type of coverage you might expect from a first-party cyber liability endorsement: data recovery and restoration, cyber extortion, financial loss due to online fraud, and breach of personal data.
You can always contact your local independent agent to learn more about cyber protection insurance.
The policy coverages described above are in the most general terms and are subject to the actual policy exclusions and conditions. For specific coverage details and policy exclusions, refer to the policy itself or contact a Central Agent.
Blog courtesy of CyberScout. ©2020 CyberScout, LLC