Ruby Rose is the most dangerous celebrity on the net. The star of the TV series Orange Is the New Black and scientist facing off against a prehistoric shark in The Meg is a peaceful person offline, but online it’s a whole different story. McAfee, one of the leading global cybersecurity companies, has just crowned her the queen of hackers, ousting Avril Lavigne, because photos and links related to her have proved to be the most effective at directing more unwary users to viruses and malware in the last 12 months – obviously without her knowledge.
The ranking may focus on pop culture, but the problem of cybersecurity is as serious as it is underestimated. The attacks are growing exponentially and the development of the Internet of Things, with its networks of smart objects, promises to further accelerate them.
Two figures offer insight into this new scenario. In 2016, the Mirai attack against Dyn, one of the world’s leading internet providers, put more than 150 thousand websites offline, including some of the major web platforms, such as Amazon, Spotify, Twitter, Reddit, Yelp, Netflix, and the New York Times website, by exploiting the vulnerabilities of common webcams, which it turned into systems to attack a target. Over 14 thousand customers abandoned Dyn’s services, bringing the company, which was subsequently acquired by Oracle, to its knees.
The second figure is 300%, which is the increase in the number of connected objects to 75 billion between now and 2025. These will include more and more cars, pacemakers, toys, and, of course, large infrastructures such as power plants, nuclear plants, and other utilities and transport networks. It is no coincidence that the projections for the cybersecurity market follow the same trend. Global turnover is set to rise over 62% from approximately 153 billion dollars in 2018 to 248 billion in 2023, according to Gartner analysts, who see the healthcare sector as being in the forefront for investments.
The attacks on our electronic security, both individual and collective, can take different forms, from DoS (“denial-of-service”) attacks that bring down entire sites, to phishing attacks with deceptive emails and the spread of the dreaded “ransomware”, computer viruses that hold whole systems hostage, blocking them until a ransom is paid.
The latest Europol report on organised crime indicates that ransomware, which hit more than a billion people worldwide in 2017 alone, is the most dangerous. In fact, it was ransomware that held the IT systems of 14 British hospitals and several Spanish electricity companies, as well as another 45 thousand computers in 74 countries, hostage for 14 days in May 2017. Its name, WannaCry, could not be more apt, because thousands of people could not access basic services, such as electricity and healthcare, until the systems were unlocked.
A complicating factor in this scenario is the growing presence of governmental players who do not act for merely economic purposes, but also strategic ones, such as altering the results of an election or weakening a hostile government by sabotaging its vital infrastructure, such as electricity and water grids.
The European Parliament launched the GDPR, the new European privacy regulation, in recent months, and has recently expressed concerns over the risk that, with the approach of the European elections next June, Facebook, Twitter, and other social networks could be vulnerable to interference activities aimed at tampering with the result of the vote. The EU has already put in place some initiatives to counter interference, including an amendment to the rules on party funding aimed at prohibiting the collection and use of user data for profiling purposes. The amendment will only apply to European “political groups”, as the European Commission has no authority to directly sanction political parties in individual countries.
Concerns are also growing on the other side of the Atlantic, where California has recently approved SB-327, the first US law on the security of smart objects, which imposes new security measures on all manufacturers as of 1 January 2020. This measure has already been contested by many who consider the provision too vague, but it does at least have the merit of stealing a march on the Federal Congress, which is still dithering over the Internet of Things Cybersecurity Improvement act.
However, the most ambitious provision remains a Digital Geneva Convention aimed at protecting civilians from cyberattacks on vital infrastructures such as power grids and hospitals. It was recently re-launched by the president of Microsoft Brad Smith on the centenary of the armistice of the First World War, at the time called the war to end all wars. “Unfortunately, it was not”, Smith emphasised, “and, as Albert Einstein noted, to really improve human life we have to adapt our policies and organisations to keep up with technology”.
- Accenture report on increasing cybersecurity costs 2017
- Size of the cyber security market worldwide, from 2017 to 2022 (in billion U.S. dollars)
- Distribution of annualized costs for external consequences of cyber attacks on global companies in 2017
- Global number of cyber security incidents from 2009 to 2015 (in millions)
This article is part of REIsearch, a citizen and media engagement campaign aimed at assessing and improving the digital competences of European citizens. It follows in the steps of the 2016 endeavour on chronic diseases which engaged more than 60,000 people.