Technician with laptop, checking aisle of server storage cabinets in data center

Author and TED Talk presenter, Keren Elazari, believes compromised IoT devices, the rise of cryptojacking and shortage of cybersecurity-skilled professionals are the three major cyber threats the world is facing today. (Photo by Echo/Getty Images)

Innovation | Technology

 Former hacker gives insight into the world’s top three cybersecurity threats 

Cyber criminals are using new techniques to tap into devices and steal resources to finance their activity

A Facebook IconFacebook A Twitter IconTwitter A Linkedin IconLinkedin An Email IconEmail

As a former hacker herself, cybersecurity expert Keren Elazari—who is a speaker at the 2018 World Congress of Accountants in Sydney, Australia, at which CPA Canada is major sponsor—has a lot to say about fighting cybercrime.

Below, Elazari, senior researcher at the Blavatnik Interdisciplinary Cyber Research Center, author and TED Talk presenter, outlines the top three major cybersecurity threats she believes the world is facing today.

1. IoT (internet of things) devices, such as a photocopiers, printers and routers, are vulnerable to threats. Cybercriminals send malware to the device in the form of a malicious attachment, such as a PDF, which appears inconspicuous. When the attachment is opened, it gives the criminal access to valuable hardware for potential surveillance and extraction of confidential information. A printer, for example, is easily targeted, and often disregarded as a security threat and something to protect. 

According to a Spiceworks survey, only 16 per cent of respondents from the IT industry felt printers were a significant security threat. But printers are easily targeted. Not only are print jobs regularly sent to a company printer from employee PCs, a printer also connects to the private internal network, the WLAN, which in turn connects to the internet. Hackers target this company resource, stealing data or setting up shop for other types of cybercrime. 

“It’s the foundation for criminals learning how to use these devices. Not necessarily targeting the secrecy of files or the environment, but it’s all about creating assets,” explains Elazari. 

“Criminals have learned how to transport [information], whether through a webcam or another device you have for office use. They use these devices for a variety of cybercriminal activity.” (See Use a hacker’s mindset to tackle cybersecurity, says expert)

2. Cryptojacking is on the rise. In this popular cybercrime scheme, the criminal does not steal data, but instead taps into CPU processing resources and uses electricity or power to mine cryptocurrencies, such as Monero or Zcash, which are much harder to trace than Bitcoin. To do this, they use phishing attacks, such as sending victims an email with a link that looks legitimate. Once the link is clicked, a cryptomining script is installed and runs in the background of the victim’s computer.

Another common method—often used in tandem with the above attack—is when a cryptomining script is placed on a website or an ad. The script runs automatically when the website is visited, or the ad pops up. Results are then delivered to a hacker-controlled server. Some trending cryptomining programs include Coinhive and Crypto-Loot. Earlier this year, it was reported that security company Darktrace used AI to uncover a cryptomining business beneath the floorboards of a European bank, allegedly set up by a rogue employee. 

According to Elazari, these scams can use up to 60 to 70 per cent of your computing power, causing systems to slow down, while driving up your electricity or cloud computing bills.

“It doesn’t require any special target,” she says. “It’s more much opportunistic, using your digital resources, using resources to create monetary value.”

3. The lack of skilled labour creates a gap. Calling this the biggest threat of all, the shortage of cybersecurity-skilled professionals calls for an outcry, says Elazari. A recent report by Cybersecurity Ventures estimates there will be 3.5 million job openings in cybersecurity by 2021. The report also suggests the cybersecurity job market has not been able to keep up with the rise in cybercrime, which is predicted to cost $6-trillion a year globally by 2021, double from 2015.

Elazari stresses the need for people with analytical minds, who are good with numbers and understand how to work with large amounts of data. It’s here where a CPA’s expertise can be utilized, she adds.

“There is going to a be a new type of professional competency,” she says. “We will need more humans than ever before in the cybersecurity workforce…who work with sophisticated analytics software at any time of day.”

FOR MORE 

Find out ways to beef up your IT department using CPA Canada’s IT security practices report or how to approach cybersecurity as a CPA with the Introduction to cybersecurity for CPAs workshop.