We’re a good few weeks into 2020 now and it can’t have escaped your attention that cybersecurity is an extremely hot topic for the year. (It’s also our focus for all trade shows at which we’re exhibiting this year)
Why are we so focused on cyber?
While corporate giants will remain high-profile targets for cyber-attacks, it’s the SMEs (many of which are manufacturers) that are being urged to reinforce their cyber defences. They’re the ones having to interact with increasingly smart and connected supply chains and markets. They’re also least likely to have cyber security professionals on their payroll or to be subscribing to managed cyber protection services.
Moreover, and with a nod here to Skynet in the Terminator films, 2020 could well see the first AI-enhanced attack. Is this any surprise? Not really. For some time now cyber security companies have been touting how they are keeping one step ahead of cyber threats by using AI algorithms to recognise suspicious software code and behaviour. So it was only ever going to be a matter of time before those behind cyber-attacks upped the ante.
Your files have been encrypted
Of the various forms of cyber-attack, ransomware is growing at an alarming rate. Although it’s now two years since WannaCry severely disrupted the UK’s NHS, the healthcare sector is still considered at risk, and it’s been reported that the sector continues to use out-of-date software and that it doesn’t have adequate cyber-security expertise.
What’s more, organisations in the sector are more likely to pay the ransom as disruptions can put patients’ lives at risk. It’s this fear of disruptions that makes the financial and travel sectors high risk too. For example, foreign currency exchange firm Travelex – which provides services to some well-known High Street banks and large supermarket chains – was hit by a ransomware virus just a few days into 2020.
Cyber criminals not only like the idea of Ransomware-as-a-service (RaaS) but see reaching for the low-hanging fruit (i.e. those most likely to pay) as good business sense. Moreover, some are selling their malware on in kit form. It’s an alarming sign of the times.
Plug and pay!
Another sign of the times, and one that I find pretty surprising, is that there’s a general misconception that you can only fall foul of a cyber-attack by visiting an unsecure website or clicking a link in an email or text, having been tricked into thinking it’s from someone you know.
The thing is, removable memory devices are potential carriers for viruses too, and they’re used extensively in industry and for personal use.
Indeed, this was the case with the Spora virus, whose code features an innovative means of spreading itself via USB sticks. When it attacks a system, Spora encrypts each file with a separate key. As for the ‘business model’, not only would you have to pay to have your files decrypted but you might also be sold ‘immunity’ from future attacks.
In tailoring a virus so that it can propagate efficiently via USB stick, cyber criminals have once again reached for the low-hanging fruit. While I would absolutely love to believe we’re now all far more cyber-aware, the evidence suggests otherwise.
A few years ago, researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, spread 297 USB drives around the Urbana-Champaign campus. Almost half of the drives, which contained a Trojan, were picked up and plugged into a computer. Of the drives plugged in, only 16% were scanned for viruses first.
It’s a frightening statistic. If not this year then certainly soon, USB sticks carrying viruses – including ransomware ones – that have a degree of AI about them will be in circulation.
If bespoke/industrial form factor removable memory devices like Datakey keys or tokens had been left lying around as part of that study, the individuals picking them up would simply have been unable to access the content; content which would not have been able to ‘escape’.
The take-home here is that if you have an embedded system that needs to interface with removable memory devices, you can greatly reduce the risk of a virus being introduced by avoiding a form factor as widely available as USB thumb drives.
Cyber security through device form factor is just one of the things we’ll be focusing on during 2020.
If you’d like to talk to us about this or anything else, drop us a line or come and see us at a trade show.