The world in which we lived 25 years ago has changed. Technology has invaded our homes, our businesses and our lives, promising us facilities and well-being – and they have indeed made our life easy. But not everything is perfect. Along with these facilities, we are also facing threats that are alien for all of us. Threats that do not come from the real world we live in, but from the virtual world. Faceless threats that do not invade through windows or doors, but through a simple network cable or through thin air. And now, we are struggling to protect ourselves from the almost invisible evil that lurks at every new virtual connection.
I remember that some 25 years ago, anyone who had a cell phone was seen as someone with reasonable purchasing power because phones were expensive equipment. Nowadays it is almost impossible to find someone who does not have such a device. And the irony is that most of us do not even use cell phones for voice calls. Nowadays, cell phones have become handheld computers with internet access and with an ability to install tons of third-party applications. All of this has revolutionized the modern world of technology.
IT Infrastructure, applications, virtual environments, artificial intelligence – all of these resources have come to facilitate our life and our work. However, along with this rapid evolution, new threats have also come, which, in proportion to the modernity of the new resources, also bring constant security challenges.
However, these security challenges are not similar to what we were accustomed to a few years ago. Virtual world or simply “cyberspace” is a nonphysical space composed of each computer and user connected to the internet, where people begin to create connections and relationships capable of founding a space of virtual sociability.
One of the threats present in this virtual world is cyber crime which characterizes any illicit activity or practice in the network. These practices involve system intrusions, virus spreading, theft of personal data, ideological falsehood, access to confidential information, and so on.
Data on the occurrence of these cyber crimes are notoriously scarce, since there is no common standard for registering them, and companies have no incentive to report them. What we have then are surveys of NGOs and consultancies that analyze data collected through interviews and questionnaires, which may help a bit in the evaluation of these risk scenarios.
1. Viruses: files developed with a specific evil purpose. The purpose of infections can be simpler things such as deploying advertisements to promote a product, or they can have complicated functions as well, such as stealing information or damaging the computer.
2. Worms: a program similar to viruses, with the difference of being self-replicating. It creates functional copies of itself and infects other computers. It can be designed to perform malicious actions after infiltrating a system. In addition to self-replicating, it can also delete files on a computer or send documents by email.
3. Spyware: a program designed to monitor the activities of a system and send back the information. Some specific types of spyware programs are Keyloggers, Screenloggers and Adwares.
4. Backdoor: A feature used to secure remote access to the infected system or network, exploiting undocumented critical flaws in installed programs, outdated software, and firewall to open router ports.
5. Trojan: Trojan is a program that remains hidden until you begin it. Besides performing the functions for which it was designed trojan can also perform other tasks without the knowledge of the user.
6. Rootkit: Explicitly designed to hide your activity on the infected system to ensure the presence of an attacker or other malicious code on a compromised computer.
7. Ransomware: A type of malicious software that restricts access to the infected system and collects a redemption so that access can be restored. If the ransom is not paid, data can be lost and even published publicly.
Some of these malicious codes have become famous in cyber-attacks in recent years. An example of this was WannaCry, a ransomware that in 2017 hacked over 2.3 million computers worldwide. It was considered one of the most significant data hijacking attacks, causing a loss that exceeded $1 billion worldwide.
Another ransomware that took away the sleep of many people in business in the same year was NotPetya, which was very similar to WannaCry had made enormous losses for the company called FedEx.
With the great and rapid evolution and our inevitable technological dependence, cyber-attacks such as those mentioned can certainly still brighten the pages of the newspapers, bringing bigger impacts if nothing is done to control them.
Cyber crime has reached such a high level of sophistication that it represents a mature but illicit global business sector. With the almost ubiquitous technologies that now connect the physical and digital worlds, there is a new potential for individual cyber-attacks to devastate critical business and operational processes.
Within this scenario, what can we do then to lessen the possibility of incurring a risk of these? The answer is to anticipate the attacks, that is, to identify and understand these risks, to find ways to prevent them from happening and to perform scenarios based probabilistic modeling to help understand how these cybernetic risks occur and how they can reach the execution stage.
Cyber security requires a comprehensive and multidimensional approach to governance, requiring the involvement of the board and top management. Every organization today should plan “when” – not “if” – a cyber security breach can happen.
Cybernetic risk represents a relatively new class of risk, which brings with it a great challenge and the need to understand the often complex technological aspects, social engineering factors and the changing nature of Operational Risk as a consequence of cyberspace.
For this reason, we all need to understand the threat landscape and be prepared to face this enemy, with strength, strategy and above all, preparation, persistence and temperament.