We live in a constantly evolving, hyper-connected world, with technological developments continually bringing us closer together and, in many ways, having a hugely positive impact on our lives.
From the seemingly endless possibilities of smart devices; to collaborative, remote working; storing and sharing information in the cloud; and talking online with friends, family and colleagues all over the planet (or even outer space) – technology permeates every aspect of our lives.
But this technological advancement brings with it a dark side – a vulnerability. Over the decades, cyber attack vectors have also evolved, making it increasingly challenging for businesses and individuals to protect themselves in the digital world.
While once we only had to concern ourselves with simple computer viruses – known as the first generation of cyber attack – we’re now up against so much more, with 5th and even 6th generation attacks in full swing. But most companies’ cyber defences are sadly lacking, according to Gil Shwed, founder and CEO at Check Point.
“Most people still seem to be at the third generation of cyber protection, while the attackers are at Gen 5. Why are so many people still at Gen 3 when dealing with cyber attacks? We need to change that, but how can we do this?
“We recently surveyed people who work in cybersecurity and CISOs told us that they have too many technologies to deal with and it’s very difficult for them to consolidate. Security engineers tell us they are struggling to secure the cloud and IoT, and DevOps workers tell us they need more automated help because human processes aren’t enough.”
Cyber Attack Generation Timeline
In the 1980s hackers were using viruses to attack standalone PCs. These were usually spread via floppy disks. They impacted organisations, as well as individuals, and led to the development of signature-based anti-virus products.
Defence: Anti-virus protection
Attack: Network attacks
By the mid-90s fast-spreading worm attacks came directly from the evermore ubiquitous internet, requiring companies to install firewalls at the perimeter of their infrastructure to keep cybercriminals out.
Defence: The firewall
In the early noughties attackers began exploiting vulnerabilities in applications, potentially affecting all the companies that use those applications. It is also around this time that the motivation of attacks appears to change from recognition to remuneration. The idea of cybercrime as a business comes into effect.
Early examples of botnets are used, particularly for sending out spam. This generation of attacks leads to the development of intrusion detection systems, which themselves quickly added remedial capabilities and became intrusion prevention systems (IPS). IDS/IPS was still based on signatures.
Defence: Intrusion prevention (IPS)
Attack: The payload
In the latter years of that decade, we begin to witness the rise of targeted attacks for which there were no signatures. This led people to adopt the phrase “unknown unknowns” coined by then US Secretary of Defence Donald Rumsfeld, in a speech about the lack of hard evidence of weapons of mass destruction. The quality of malware code improves significantly and the first rootkits start to appear.
Defence: Behavioural analysis
Attack: Multi-vector attacks
Starting in 2017, we see large-scale, often state-sponsored mega-attacks, with the potential to affect many companies, since most enterprises are still stuck in the second- or third-generation cybersecurity tools, characterised by point solutions.
Attackers who are not sponsored by nation states also now have access to the same powerful infrastructure that enables such attacks, raising the prospect of greater, and wider, use of such strong-arm tactics against many more targets.
Defence: Multi-vector prevention
As 5G networks roll out, the use of connected IoT devices will likely accelerate dramatically. They will increase networks’ vulnerability to large-scale, multi-vector Gen 5 cyber attacks. IoT devices and their connections to networks and clouds are a weak link in security, according to Check Point researchers. This is because it is hard to get visibility of these devices that can have complex security requirements. What is needed, they says, is a more holistic approach to IoT security, combining traditional and new controls to protect these ever-growing networks across all industry and business sectors.
Defence: Nano security
The new generation (Gen 6) of security will be based on nano security agents. These micro-plugins can work with any device or operating system in any environment, controlling all data that flows to and from the device, and giving always-on security.
Itai Greenberg, VP product management, believes the proliferation of IoT devices are providing hackers with fantastic opportunities: “From IP cameras and smart elevators to medical devices and industrial controllers, IoT devices are inherently vulnerable and easy to hack.
“Moreover, most of these connected devices are not at all protected, as they’re connected to corporate networks without anyone’s knowledge. This security gap increases the risk of a successful cyber attack where critical devices can be shut down, damaged, manipulated, or used to infect other systems on the network. Now is the time to take action and secure IoT the same way we secure IT.”
How can we achieve Gen 6 cyber protection?
“I think prevention is the number one issue. I hear a lot of discussions about discovering attacks and collecting data – that’s important, by the way,” says Shwed.
“I’m a CEO – I like data. There’s probably nobody who asks for data more than I do. But what we need to do is not collect data. We need to prevent attacks. If we prevent the attacks using data, that’s still interesting, but prevention is the most important thing.”
It is vital that organisations move to Gen 6 or, at the very least, Gen 5 security, he adds. “We’re getting ransomware, so we need to use anti-ransomware measures,” he explains. “Organisations that use anti-ransomware don’t get hit by ransomware but less than 1% of organisations use anti-ransomware software. The way to get to Gen 5/Gen 6 is through consolidation of security platforms, such as Check Point’s Infinity Next. I’m a little biased but I would say that’s the best and anyone can challenge us on that. Hopefully they will reach the same conclusion.”
The first step is the most important step of any journey. The first step on the journey to Gen 6 security is simply to “make the decision”, says Shwed. “Choose to switch from the traditional model to the new model. Most security platforms have security features that go all the way up to gen 5. Activate them, use them. You have it.”
In 2020, all Check Point appliances will come with Gen 5 technology already enabled, Shwed explains. “You won’t have to pay extra for it. We believe it’s important. We want you to start your journey at Gen 5, not having to start at gen 2 and working your way up.
“We also need to build a security architecture. Security isn’t just about buying another product. If you have 20 projects you’re working on and if each one takes six months then you could be finished in 10 years. That’s too late. In 10 years time security will have changed. The way to deal with that is through revolution and building an architecture. Instead of looking at it as 20 projects you need to look at it as one architecture.”
A study conducted by Check Point found that outdated security is even more of a challenge than security professionals are aware of. When asked which cyber security solutions are used in their companies, just one-fifth of organisations (21%) claimed to use advanced threat prevention capabilities (Gen 4 cybersecurity).
And only 3% are using threat prevention capabilities in prevention mode, and adding a layer of cloud and mobile security (Gen 5 cybersecurity). The rest are placing their organisations at risk for Gen 5 multi vector and mega-attacks, Check Point warns. And, as the regularity and diversity of cyber attacks continue to develop exponentially, there is clearly much work to be done to bolster companies’ cyber defences worldwide.