Skip to content


What Cyber Threats are in Store for 2015? – Expert Commentary

2015 Lock-01

Invulnerability against cyber security attacks will never be fully achieved – it is an ongoing and increasing problem. However the cyber threats we experience today are far from new.  These types of crime have been around for almost as long as civilisation itself, albeit perpetrated in different forms. The threats are not really changing either but the way in which competent companies address them is evolving, with the support of law enforcement and the provision of evolving defensive tools and techniques.

Primarily the way in which legal services (police and related authorities) deal with the crimes is improving. They are combating cyber criminals in increasingly effective ways – however the task is also growing quickly with threats evolving daily. Despite some notable victories they are not likely to win in the longer term without the support and education of businesses and individuals alike.

The most significant changes we are seeing in the cyber landscape are the effects of the threats realising their aims. Credit card details are still valuable for criminals since they can be traded and monetised very easily within a thriving black-market. Money is the prime target for criminals and they have the time, and increasingly the resources, to find better ways of attacking individuals and organisations. Blackmail, denial of service and similar attacks, based on for example cryptoware, will doubtlessly increase in frequency and complexity in the coming months and years with financial targets as a primary focal point. 

For other attackers such as terrorist groups, it is a slightly different prospect with perhaps industrial control systems being the main target. The history of attacking such systems is limited but quite successful. The increasing linkages between main computer systems and the “internet of things” including industrial systems, means that this threat must be addressed much more effectively than it has up to now.

In the past these industrial systems have been seen as “not worthy of attack” but now with cyber-terrorism becoming more frequent and cheaper to execute, they are increasingly becoming prime targets notably for the critical national infrastructure. If the choice is between risking your people’s lives with bullets and bombs or attacking the enemy’s infrastructure by cyber means, whilst residing securely well within the bounds of your own country, the outcome is fairly obvious.

Unfortunately Cyber threats show no signs of reducing – but they do evolve and so those we might see in 2015 are likely to be similar to those we have seen in the last few years – but with some variations. The majority of these evolving threats are the work of clever criminals and state-sponsored activists. It is acknowledged that some of the more recent viruses and other cyber-attacks are the result of some very skilled individuals.

There are however signs of a change in the responses from competent organisations – they are reacting in a much more nimble manner. Rather than trying to stop everything at the boundary, they are realising they should be monitoring their internal workings more proactively and reacting to attacks in a much more dynamic manner. Assessing their capabilities and competencies in all respects is a much more effective way of dealing with the new style of threat and this can be done on an almost routine basis using tools like the Cyber Defence Capability Assessment Tool (CDCAT®) developed by Dstl on behalf of the MOD.  This is now being licenced for use by government and commercial organisations through APMG.

In combination with identifying the necessary skillsets and the competent individuals who hold them by means of the CESG Certified IA Professional scheme (CCP), the organisation can try to ensure they are well advised and protected. The latest addition to the armoury is the CESG Certified Training scheme (CCT) which provides clear evidence of IA technical training that has been assessed against stringent CESG criteria and meets their rigorous standards. Whilst the war will doubtlessly continue for many years to come, the battle against the criminals looking for instant/quick wins can be won by competent organisations which utilise appropriate tools and appoint the right person to be their first line of defence.

Authors:

Andy Taylor – CLAS Consultant & Lead Assessor, APMG

Martin Huddleston – Principle Cyber Solutions Architect, Dstl

Posted in Cyber Security.

Tagged with , .