Data Breach

The Future of Cybersecurity: Top 7 Trends for 2021

in Cybersecurity
The Future of Cybersecurity

The COVID-19 pandemic forced organizations to make tough decisions, re-strategize, and adapt to changes on a large scale. It also forced many to move their processes and workflow online.

With people and businesses becoming digital-first, the future of cybersecurity will not be the same. Here are seven cybersecurity trends we expect to see in 2021.

An Increase in Cybercrime

The FBI reported that the number of cybercrimes has more than tripled since the start of the pandemic.

The increase is due to several factors, with the rollout of 5G being of one them. Cybercriminals are taking advantage of new technologies when committing crimes and have thus also jumped on the 5G train. The ease of data transfer allows them to execute their criminal actions more efficiently.

Additionally, internet users worldwide increased by almost 10% from 4.39 billion to 4.6 billion active users in 2020. It puts much more vulnerable data on the internet for cybercriminals to exploit. Thus, you can expect an increase in data breaches as well.

This should, however, not discourage organizations from embracing these new technologies. Instead, steps to amplify data and privacy protection should hasten.

Unification of Security Solutions due to Budget Cuts

The economic downturn that occurred as a result of the pandemic didn’t leave the IT industry untouched. Budget cuts led to a decrease in spending on the sector, which reduced by about 10% in 2020.

To make do with what’s available, CSOs will have to integrate different security solutions unto one central platform. This will boost efficiency and simplicity that will be otherwise impossible to achieve using separate products.

Example of security solutions that can be merged is a threat detection and defence platforms. Choosing to converge will shrink costs of operation as well as mitigate the task of management on IT teams.

Prioritization of Data Privacy and Cyber Insurance

future of cybersecurity

As cybercrime increases, a corresponding prioritization of data privacy and insurance should follow. Ignoring privacy concerns and failing to see cyber insurance is detrimental to organisations and businesses.

Proper encryption of data is a must. Customers’ data protection is at all costs. If users choose not to share their data with any third-party, their decision must be respected.

Early announcement of data breaches is also a must now. This allows individuals to take necessary steps to protect themselves from further damage like phishing attempts and so on.

Typically, customers sue organizations for data breaches and the payout is usually high. Therefore, having a cyber insurance policy will help alleviate the burden of financial costs from these payouts.

An Increase in Cloud Breaches

While some businesses already had plans to shift some of their activities to the cloud, the pandemic hurried the plans up and the move was completed within months.

While this is not necessarily bad, the hurry has led to unavoidable gaps in security and misconfigurations that can be exploited by black hat hackers.

Without stricter security measures, an increase in cloud breaches shouldn’t come as a surprise.

Organizations should be prepared to combat this with Cloud Security Posture Management (CSPM). CSPM manages cloud security by running thorough security assessments and closely monitoring compliance on the cloud. This helps in swiftly identifying risks and automatically remedying them in some cases.

Remote Workers Will be Targeted by Cybercriminals

work from home

The number of remote workers increased drastically in 2020. Remote work, though convenient, creates a gap in the organization’s security.

Employees and IT technicians that can detect and stop cyberattacks are no longer under the same roof. So a glitch in the system may go unnoticed until after a cybercriminal has exploited it.

Working at home also involves using networks that may not be very secure. This creates a suitable environment for criminals to steal sensitive information. Besides this, remote workers are also more susceptible to smishing, fishing, and other social engineering tactics.

Acceleration in the Growth and Adoption of AI in Cybersecurity

The future of cybersecurity needs Artificial Intelligence for effectiveness.

Implementation has started in healthcare, especially during the pandemic. It was used to reduce human contact between patients of Covid-19 and caregivers. Other industries like manufacturing, agriculture, fashion retail, marketing use it already. 2021 will see more growth and adoption of AI in cybersecurity.

We expect to see the use of machine learning to make critical decisions in security as well as enhanced AI solutions for cybersecurity. Criminals will also make use of AI in their activities. Hence, preparations to anticipate and respond accordingly to such attacks must be made.

Rise in Insider Attacks

More employees are getting involved in data breaches. A report estimated that over 34% of data breaches in 2020 arose from internal actors.

It’s trickier now that most workers may not be in the same office building where there is close monitoring.

Remote workers are scattered across the world. Some of these workers could coordinate with cybercriminals.

The Ashley Madison Hack: What Exactly Happened?

in Features
Ashley Madison Hack

Ashley Madison, a dating service that caters to married people or people in relationships seeking an affair, suffered a major security breach in August 2015. Impact Team – a hacker group – leaked personal details such as names, email addresses, credit card information, and sexual fantasies of about 30 million users of the service. The Ashley Madison hack was a historic data breach.

Learn about the Ashely Madison data leak and the controversies that followed.

How Did the Ashley Madison Hack Happen?

Founded in 2008, Ashley Madison runs a widely popular web service with the unashamed intention of helping married people have extramarital affairs. “Life is short. Have an affair.” is the company’s catchphrase.

In July 2015, hackers threatened to release company data including sensitive customer information. The hackers gave an ultimatum to Avid Life Media, the parent company, to permanently shut down Ashley Madison and Established Men – a sister hook-up site that linked young ladies to older successful men – within 30 days. 

The hackers accused ALM of promoting extramarital affairs and prostitution. Impact Team called out the company out for not keeping its promise to delete user data from their website after users paid the required fee of $19. The data included site usage history and personal identifying information.

To drive their point home, the Impact Team published a file containing some of the company’s financial information, including employee salaries and profile details of two customers of the site. 

The First Major Leak

On August 18, after the 30-day ultimatum had elapsed and the websites were still running, the hackers posted “Time’s up” on the dark web together with a BitTorrent tracker file cryptographically signed with a PGP key. 

The tracker file was actually a compressed 10 GB file that contained usernames, passwords, home and email addresses, height, weight, sexual fantasies, the last four digits of credit card numbers and even GPS coordinates of millions of users as well as passwords for the site’s Windows domain, and PayPal account details of executives of the company.

The Second Major Leak

The second dump was on August 20, two days after the first. This data dump was quite different from the first in that it mostly contained the company’s internal Data, including a 19GB file of ALM’s CEO Noel Biderman’s emails, and Ashley Madison’s website source code. 

The Third Major Leak

The Impact Team served a third-round of dumps. The leaked data included a list of government emails used to create user profiles, mailing addresses, IP addresses, the total amount spent on on-site purchases, and signup dates. 

Authenticity of Leaked Data 

Ashley Madison

The authenticity of some of the leaked data is still in contention. Accounts were often created without the consent of the real email address owners (sometimes as a prank). The site required the real owner of the account to pay $19 to permanently delete their profile. But they never deleted user data.

Cybersecurity experts noted that just because an email address was in the data leak didn’t mean the legitimate owner created a profile.

For instance, one of the email addresses appeared to have belonged to Tony Blair, a former UK prime minister. However, experts proved that the majority of the leaked data was authentic. Brian Krebs, a popular security expert, confirmed that lots of Ashley Madison account holders agreed.

The Aftermath of the Ashley Madison Hack

cybersecurity

Avid Life Media released a statement condemning the hack. They called it an act of criminality. CEO Noel Biderman had to step down from his executive position, an action he claimed to have taken in the best interest of the company. 

Subsequently, the company offered rewards for information about the hackers. The Police in Toronto also showed commitment to finding the culprits. The company together with the Canadian Police and US FBI worked to investigate the attack and arrest the perpetrators. A $500,000 bounty was offered for information on the Impact Team but no arrests have been made to date.

Canadian law firms Charney Lawyers and Sutts and Strosberg LLP filed a $567 million class-action lawsuit against ALM. The suit was on behalf of all Canadians citing the 30 million users whose information were published. They included the users who paid Ashley Madison’s permanent-delete fee but did not have their information erased in the suit as well. Ruby Corp (rebranded Avid Media) announced $11.2 million to settle the lawsuit.

Fallout of the Hack

Ashley Madison leak

Users with leaked information were targetted after the cyberattack. Josh Duggar, a reality TV star and Christian YouTube Sam Radar were among those that suffered public disgrace.

Numerous search websites popped up that allowed people to search for the emails of their colleagues or spouses. Some individuals and companies blackmailed users. Others received extortion emails requesting for bitcoin.

Customers of the website also suffered great psychological consequences resulting from the hack. Having to deal with an affair publicly hurt the victims as well as their spouses and children. A good number of those affected sank into depression and anxiety. Tragically, two suicides were traced to the hack, one of a pastor and professor at the New Orleans Baptist Theological Seminary. 

Security 

Security researchers revealed poor security practices in Ashley Madison source code. It had hardcoded security credentials such as database passwords, API secrets, and SSL private keys. The online service also didn’t use email verifications to filter bots and prevent people from opening multiple fake accounts. 

The only things they seemed to get right was not storing full credit card numbers on their servers. They made use of Bcrypt, a strong password-hashing function to hash customers passwords rather than leave them in plaintext. 

The hack arguably made people more conscious of their data privacy and holding companies accountable.

Go to Top