Crime breeds copycats. Before the internet, news of a crime had to spread through the media or word-of-mouth, but it still led to copycat crime.
In this digital age of cybercrime, word spreads instantly and malicious code is quite literally copy-able. Cyber criminals replicate, but also learn from others and “improve” upon cyber attacks, making each successive cyber security attack an even greater threat.
So when an NSA-grade malware leaked onto the global cyber playing field, we knew it was just the beginning. And such cyber attacks are exposing all kinds of weaknesses in global cyber security.
A New Level of Attack
If hackers had to rely exclusively on self-created code, there wouldn’t be many cyber threats out there. Even the swindlers behind phishing scams rarely create an original idea, they generally just tweak the attempts of others before them to steal social security numbers, user credentials, or money.
But the National Security Agency has the luxury of employing some top-notch computer folks, people who reportedly have created volumes of tools to hack computers (known as “exploits”). Then, a mysterious hacking group known as the Shadow Brokers dumped a bunch of those exploits onto the global playing field.
That was only earlier this year, with some of the latest exploits leaked as recently as April, yet by May we had a massive global cyber attack on a previously unseen scale, based on those NSA-created tools, in the form of the WannaCry virus. Then followed Petya, the smarter younger sister of WannaCry. Petya needed only one outdated device on an entire system to crash a network because once she was in she could spread from computer-to-computer. These new level exploits are teaching the world some tough lessons, exposing major cyber security weaknesses.
Weaknesses in Infrastructure
Outdated, unsupported software? Check. Untrained personnel who fall for scams? Check. Inadequate passwords, used on multiple sites? Check. Today’s cyber attacks know what weaknesses in cyber security infrastructure will likely generate the greatest returns. They are basic weaknesses in infrastructure that cyber security experts have been warning industries about for years, but most businesses and individuals have still failed to handle. Entire national economies have been hit by this latest cyber attack. Until we address these weaknesses in infrastructure, we can expect more of the same.
Weaknesses in Responsibility
It’s tough to handle a problem when you think it is someone else’s responsibility to handle it. That’s the heart of the matter—the weakness in responsibility making such major cyber attacks “successful” (to the threat actors, anyway).
On a smaller scale, it’s “the IT department’s” responsibility. On a larger scale, it’s the “federal government’s” responsibility. While governments try to sort out their own internal responsibility problems, some industries are choosing to band together to improve cyber security. Other businesses are seeking cyber security insurance. Many just have their heads in the sand.
Weaknesses in Response Plans
What do you do in the event of a cyber security attack? If you cannot answer that question for your own household, business, and/or industry, you can see another area of weakness getting exposed by these global-scale cyber attacks.
The truth is, you cannot wait for an outside solution, such as international police to jail enough hackers that cyber threats will end. Some of these attacks begin with national actors, and just spill over into other businesses and industries! That means you need a stronger castle, with fortification against cyber security threats and an action plan in response to an attack.
Build that, and then go ahead and still advocate for greater unified cyber security measures.