There really is no final fix solution endgame when it comes to cyber security.
The claim was made by security industry veteran and chief research officer at F-Secure Mikko Hypponen and two of the most valuable lessons in cyber security are to know your enemy and not to rely on users to be secure.
“We will always have cyber security problems because we will always have bad people, which means job security in security is likely to continue for ever,” he told the Wired Security conference in London.
Cyber attackers are continually evolving their techniques and capabilities to steal and monetise data in new ways, which means the goalposts are continually moving.
“If we were still fighting the enemy of 10 years ago, we would be in great shape,” he said, alluding to the security tools that have been developed since then, as well as the security improvements in software.
“Attackers will always have the upper hand because they have the luxury of time to study our defences, while defenders do not have that luxury, so it is an unfair contest – a never-ending race.”
Reflecting on lessons learned over his 25 year career in information security, Hypponen said the most important thing is to understand the adversary.
However, he said the days of being able to do that easily are long gone, with most organisations finding themselves faced with a whole range of attackers.
They are all looking to gain something, said Hypponen, whether they are hacktivists supporting a cause, nation state actors or criminals.
“But for most organisations, criminals are the most likely to be attacking them,” he said, noting that of the 350,000 to 450,000 new malware samples that F-Secure sees on a daily basis, 95% comes from organised cyber crime groups.
“It is different when you get targeted by foreign intelligence agencies, because they are really bad, but most organisations are not targeted by foreign spies because most organisations are of no interest to them,” he said.
Although these cyber criminals like to portray themselves as Mafiosi, Hypponen said most are just “geeks” looking to make money from selling things such as hacked PayPal accounts and credit card details along with step-by-step guides on how to use them to make money.
Ransomware most popular form of cyber crime
Ransomware that encrypts victims’ data and demands payment in return for restoring it is fast becoming the most popular way for cyber criminals to make money.
“This is a simple business model based on the principle of selling data to the highest bidder, which is often the person or organisation that owns the data in the first place,” said Hypponen.
F-Security is currently tracking more than 110 different ransomware groups operating around the world and competing for market share.
“Ransomware has become very competitive, with the result of some groups seeking to expand into new markets by translating ransomware campaigns into 26 different languages,” said Hypponen.
Another evolution of ransomware attacks is the shift away from consumers to target enterprises.
“As soon as an infected computer is connected to the corporate network, the attackers enumerate and mount all the file shares the user can access and dynamically set the ransom based on how many files they manage to encrypt on the network,” said Hypponen.
The biggest concern about ransomware for enterprises is that it will stop business operations. With continuity in mind, some enterprises are even setting up bitcoin wallets to be able to pay ransoms quickly and minimise the impact on business continuity.
“This idea of continuity is really backwards, because it does not address the problem,” said Hypponen. “The more enterprises pay these ransoms, the greater and more entrenched this problem will become.”