Cyber threats easy to predict, so why do they still surprise us?
- By William Jackson
- Jan 13, 2012
It didn’t take a crystal ball to predict the threats we would be facing in 2011, and the experts making the predictions 12 months ago were able to give us fair warning.
“In general, malware is becoming more sophisticated, criminals more professional, the target environment richer, and the stakes are becoming higher,” I wrote last January in an annual look at what the year ahead would bring. This was all true, but it hardly required going out on a limb. This has been the trend for some time now. Still, when the worst occurs, we always seem to be taken by surprise.
2011: The year of the breach
Cyber threats in 2012: 5 pain points
Here is how the predictions from last year played out.
The consumerization of IT and the proliferation of mobile devices were listed as separate looming threats. In retrospect, they probably should have been combined, as the introduction of personal devices such as increasingly smart phones and tablet computers into the workplace have posed a challenge to administrators who need to manage an enterprise that is increasingly out of their hands. Routine data consumption by users grew into the gigabyte range, and the line between social media and business tools became increasingly blurred.
Long-standing predictions of an explosion of malware for personal mobile devices finally were realized in 2011. This has not yet translated into a flood of new malware into the enterprise, but it has eased the way for more sophisticated social engineering attacks.
A focus on targeted, political attacks was another prediction that came true, in large part due to social engineering.
“We will see more cyber espionage and potentially cyber sabotage,” said Kevin Haley, director of product management for Symantec. Rather than being broadcast, these attacks often depend on tricking a target or a middle man, making them more difficult to defend against.
Advanced persistent threats
This prediction was spot-on. The most embarrassing breaches of the year, such as those of Energy Department laboratories and at RSA the Security Division of EMC, were perpetrated with advanced persistent threats believed to have been introduced through targeted attacks by social engineering.
Politically motivated espionage and sabotage naturally lead to thoughts of cyber war, and this was predicted to be a consuming issue in 2011. So far we have managed to avoid all-out cyber warfare, but the threats posed by asymmetrical online attacks and the efforts by a growing number of nations to develop offensive and defensive capabilities has made this an issue that policy-makers and strategists have been wrestling with.
The U.S. Cyber Command reached full operational capability in October 2010 and spent much of its first year defining cyber war and establishing the rules of engagement for cyberspace.
The one prediction from last year that hasn’t been so fully borne out was the threat of manipulation in the supply chain, the intentional introduction of backdoors or vulnerabilities into hardware or software by developers, manufacturers or vendors.
That is not to say that supply chain security is not a real concern and that effort is not going into assuring the reliability of our sources for mission-critical IT. We just haven’t seen the attack yet that takes the issue to the headlines. But if such an attack were carried out well, we wouldn’t see it. So our bliss may just be ignorance.
William Jackson is freelance writer and the author of the CyberEye blog.