What will next year look like, in terms of cyber-security, and technology more generally?
In 2019 Business Email Compromise (BEC) attacks grew to be even more popular, says Ed Giaquinto, CIO of Sectigo, a device authentication and website scanning product company.
He says: “For instance, a Nikkei employee was recently tricked into handing over £23M. This type of social engineering attack takes advantage of humans’ good faith, with attackers posing as senior figures in an organisation to trick employees through email into transferring money to their accounts. It’s an unfortunate fact that BEC makes money for criminals, and until measures are in place to combat such attacks, we should expect them to increase both in volume and ingenuity.
“Digital certificate solutions are available today to verify the true identity of an email sender. To combat BEC and related email social engineering scams, enterprises will increasingly adopt these certificates – called Secure/Multipurpose Internet Mail Extensions, or S/MIME, certificates. At the same time, companies will educate their employees to look in their email application for the blue ribbon icon that indicates authenticated identity.”
The primary motivator for hacking has shifted toward monetisation. As a result, the cybercrime industry has undergone a transition towards consumerisation with a growing and diverse supply chain, it’s suggested in a report, by Oliver Rochford, director of research at Tenable. He points to three – white, gray and black – markets, representing a spectrum of motives between disclose and defend and obfuscate and attack. The white and black markets, criminal and legitimate, while diverging on motives and objectives, are symbiotic. The report points to parallel and intersecting supply chains, for both legitimate and criminal buyers. The gray market, typified by covert nation-state actors and activities in the interest of national security, has a disruptive impact on the supply chain, defining the floor for exploit value and impacting intelligence availability, it’s claimed.
