2020: The year that cybersecurity went from reactive to proactive
The idea of asking users to electronically prove their current health status to travel or leave their homes would have been unthinkable 12 months ago. Last year, many were preparing to travel overseas over the holiday period. It was ransomware that dominated the headlines after it forced the foreign exchange company Travelex to take all its systems offline.
Several months later and the arrival of COVID-19 also unleashed a cyber pandemic on unsuspecting users as remote working at scale became the norm.
An 800% surge in cyberattacks quickly followed with 4,000 attacks a day.
Within just a few months, Zoom was valued at more than the top seven airlines combined. The world was changing at breakneck speed.
The move from reactive to proactive cybersecurity
Zoom's success in a short space of time uncovered a wide range of security holes that allowed 'zoombombing' to become a thing for a few weeks. Security patches followed, and uninvited guests were once again locked out of virtual meeting rooms. Further high profile attacks on sites such as Twitter quickly highlighted the need to adjust to a more proactive than reactive cybersecurity strategy.
Security teams were beginning to tire of firefighting and being one step behind cybercriminals.
Responding to hacks, viruses, and data breaches after they occur was no longer acceptable at board level either. EU's GDPR policy also threatened enormous fines for data breaches that could have been avoided or better managed. Something needed to change.
By preemptively identifying security weaknesses, businesses could prevent threats before they occur. In the second half of 2020, we began to see how switching to a proactive security strategy helped security teams and law enforcement agencies take down cybercriminal gangs.
Expecting the unexpected
A year of unpredictability should have taught enterprises to expect the unexpected. Traditionally, organizations have made the mistake of trusting anything by default that is already inside the network and only distrusting anything outside. Zero trust approaches are now bolstering cyber defences both in and out of the office.
By no longer automatically trusting any website, email, or application, teams can isolate systems and prevent attacks from spreading across user accounts, devices, and the network. AI, ML, and predictive analytics are also increasingly being used to find patterns and structure in data to detect fraud and vulnerabilities across the entire infrastructure.
Cybersecurity will always involve a battle between attackers and defenders. But the react-and-defend approach is no longer cutting it.
In 2020, we witnessed the arrival of offensive cyber strategies where agencies turned the tables on cybercriminals by hunting for the adversaries' planning attacks on their networks.
EncroChat: Taking down encrypted digital communication
Tech-savvy criminals are turning to encrypted messaging services to communicate with each other. EncroChat was one of the worst kept secrets in the underworld and was another preferred tool for organized crime groups.
Police forces across Europe famously hacked and shut down the EncroChat network by harvesting data, such as passwords, messages, and geolocations.
In the UK alone, the move led to the arrest of 746 suspected high-level criminals who are believed to be involved in crimes such as gun smuggling and murder. The operation also led to the seizure of £54m in cash and more than 1.5 tonnes of cocaine.
The company was one of the largest encrypted digital communications providers, and criminals paid £1,600 a month for the encrypted EncroPhones. Although criminals thought the communications were secure, they forgot the golden rule that everything digitized could be scrutinized.
Safe-Inet: Europol takes down criminal VPN
Cybersecurity is often likened to a never-ending game of cat and mouse. When attempting to evade interception, one of the few things that attackers shared in common was a virtual private network (VPN) called Safe-Inet. The premium service provided criminals with up to 5 layers of anonymous VPN connections. Over the last decade, it had become the tool of choice for criminal gangs, but could an international cyber sweep really take it down?
Law enforcement agencies identified 250 companies worldwide that were already being targeted by known criminals using Safe-Inet.
The proactive approach enabled teams to prepare against an imminent ransomware attack by taking adequate measures to protect themselves.
A coordinated law enforcement action followed as the German Reutlingen Police Headquarters, Europol, and law enforcement agencies worldwide successfully shut down Safe-Inet services. Infrastructure was seized in Germany, the Netherlands, Switzerland, France, and the United States.
With the servers taken down, domains seized, and the services inaccessible, the operation was deemed a huge success. It further highlighted the power of a proactive approach to cybersecurity.
The dangers of criminalizing VPNs and encrypted communication
The taking down of VPNs used for illegal activities such as card skimming, ransomware, phishing, or account hijacking can only be a great thing. But there is a common misconception that people only use a VPN if they have something to hide or are doing something illegal. VPNs also play a critical role in protecting online privacy and data security.
Many countries do not have the luxury of accessing information or freedom of speech and are faced with mass surveillance. Authoritarian governments are increasingly using the internet as a giant control system. News that the IMF recently suggested that your browsing history should determine your credit score should also prove that users leveraging VPNs for pro-privacy measures are far from paranoid.
The protection of private and corporate communication is leading to the creation of many new encrypted services too. Opening a back door for law enforcement agencies is likely to introduce more problems than it solves. Many will see it as an excuse to remove essential privacy tools for the law-abiding.
We need to exercise caution and be mindful of the positive aspects of encryption and VPNs for citizens of the world. But the fact we are migrating away from the traditional reactive approach to cybersecurity is something we should celebrate rather than fear. It's no longer good enough to build up bigger walls and wait for an attack. In 2021 and beyond, the best defence against cybercriminals will be a good offense.