With many of the world’s largest companies and even Governments coming under attack, 2012 was branded the “the year of the hack”. . Indications are that 2013 will prove to be even more deserving of that title (as each successive year always is); so we ask ourselves what is causing this surge and have the motivations of the attackers changed?
One theory is to attribute the rise to three simple factors;
Growing opportunity – As more sensitive information and systems get uploaded to the web giving hackers an ever increasing attack surface to plunder.
A rise in hacker skills and ability – there is a plethora of training material and support networks available in cyber-space to hone the skills of would-be attackers. Couple this with the availability of sophisticated attack frameworks and we find ourselves faced with well equipped and knowledgeable adversaries.
Reward, the root of all motivators – whether the attackers are motivated by financial reward, support for a noble cause or desire to gain the respect of their peers, it is clear that the digital medium now offers increasingly better returns to an attacker than the physical one.
Human drivers have not changed, rather the eminence of the digital world. We are becoming increasingly reliant on systems, be it from a personal, business or governmental perspective, to perform a multitude of tasks. Our reliance on the cyber world is simultaneously becoming one of our greatest strengths but potentially also our greatest weakness.
It is only natural that cyber attacks will grow proportionally with our dependence on technology, therefore, we must hope, so will our ability to defend ourselves.
The ancient Chinese general and military strategist Sun Tzu wrote “if you know your enemies and know yourself, you can win a hundred battles without a single loss”.
Well planned and executed penetration testing is a reliable way to understand your strengths and weaknesses, whilst at the same time learning about attackers capabilities.