by 2020 , with a compound annual growth rate ( CAGR ) of 19 %. In addition , successfully taking down a cloud provider is a one-to-many opportunity . The complex , hyperconnected networks that cloud providers have developed can produce a single point of failure for dozens or even hundreds of businesses .”
Further , it warns : “ Cloud services are centralised and present a huge potential attack surface . Rather than hacking businesses individually , criminals that can infiltrate a single cloud environment would potentially have access to data from dozens or hundreds of organisations or be able to wipe out an entire range of services with a single attack .
“ And it ’ s not just businesses that would be affected . Government entities , critical infrastructure , law enforcement , healthcare and a wide range of industries of all sizes all use the cloud and many of them use the same cloud provider . If a cyberterrorist can take down a single major cloud service provider , the implications could be devastating .”
Because of the high value of these networks and the potential for devastating results should they be compromised or knocked offline , critical infrastructure and healthcare providers are now finding themselves in an arms race with cybercrime organisations .
Next-gen morphic malware
The blog also predicts that adversaries will begin to leverage automation and machine learning in their attack tactics , techniques and procedures ( TTP ).
“ Current polymorphic malware , for example , has been around for decades . It already uses pre-coded algorithms to take on a new form to evade security controls and can produce more than a million virus variations per day . But so far , this process is just based on an algorithm , and there is very little sophistication or control over the output .”
It continues : “ Next-gen polymorphic malware built around AI , however , will be able to spontaneously create entirely new , customised attacks that will not simply be variations based on a static algorithm . Instead , they will employ automation and machine learning to design custom attacks to quickly compromise a targeted system and effectively evade detection . The big difference is the combination of discipline and initiative .”
Critical infrastructure to the forefront
“ Most critical infrastructure and OT networks are notoriously fragile and originally designed to be air-gapped and isolated ,” notes the blog . “ But the need to respond at digital speeds to employee and consumer demands has begun to change that , making everything exposed ( look at cloud-enabled SCADA services .) Applying security as an afterthought once a network designed to operate in isolation is connected to the digital world is rarely very effective . Because of the high value of these networks and the potential for devastating results should they be compromised or knocked offline , critical infrastructure and healthcare providers
74 Issue 01 | www . intelligentciso . com