The new face of cybercrime beyond 2021
By Dr Vinod Surana
On December 4, 2020 the ‘Internet of Things Cybersecurity Improvement Act of 2020, also called as the IoT Act, 2020 was enacted. It is drafted by the National Institute of Standards and Technology (NIST). The Act contains regulations and guidelines for management and use of IoT devices, disclosure and resolution of IoT device vulnerabilities, contractor compliance, standard practices to name a few. Additionally, NIST also offers a starting point for IoT manufacturers after the commenting phase of the draft was over in February 2021 followed by a plan of action for 2022. The Indian laws were inadequate for issues relating to Cyber, AI, Cloud and Bigdata and there is a dire need to have standard frameworks that will assist stakeholders in the country in scenarios of cyber-attacks, ransomware and malware. Educating the consumers about ensuring their safety and privacy while using these developments, is essential.
Alongside all the technological developments, the cyberspace ought to grow and the number of IoT devices worldwide is stated to be 27.1 billion in 2025 (17.1 billion in 2016) from which 43% devices will be mobile connected on an average, considering at least 3.5 devices per person. The Government of India had formulated a draft IoT policy that launched a Smart City project to enhance the digital capabilities of the city. It would consist of smart lighting, smart transportation, smart homes and parking spaces. Issues that need addressing include privacy and security, infrastructure efficiency with stable internet connectivity across the nation and presence of standards for manufacturing of IoT devices.
Artificial Intelligence (AI) and Machine Learning (ML) bring about a revolution in the digital world standing at the heart of all modern software driving the future. Human abilities such as learning from experiences and using knowledge to understand one’s environment is amplified by AI. Technology advancements have caused an exponential growth in database infrastructures. Computer models are getting trained to identify individual choices and personality traits based on the content they like on Facebook. Advertisement targets are empowered by AI; if you have searched for a red dress, Facebook and Instagram will flood your feed with numerous ads matching your search interests. If you are booking a flight online, chatbots will assist you to resolve your queries. Chatbots can be trained on wider issues such as understanding human language over messaging apps and come up with relevant responses.
Every day, cybercrime and cyber breaches top the headlines informing loss of millions of dollars to companies, governments, and healthcare facilities. The exposure to threat grows with every new technology update, IoT devices like smart refrigerators, smart phones, smart watches, fitness trackers and smart security devices. Work from home has made employees operate without the boundaries of corporate firewall, compromising their home networks. Criminals are not only attacking your company system’s but also getting access to your ‘own’ personal information. Cloud infrastructure now contains sensitive information that is very likely to be at risk.
With the latest 5G technology, the internet speed will soar giving hackers the opportunity to catch early vulnerabilities, attack your systems and disrupt connectivity faster. Home networks are likely to expand with many more smart gadgets promising to make life easier. Imagine a situation where the grocery store sends your weekly products at the doorstep even before you order it, or lights automatically turn on as soon as you enter the house. Insurance companies leveraging on your personal information from existing devices such as car GPS trackers, fitness trackers, smart home devices and fitness watches. Alexa understands your music preferences, style of cooking and reads out the news to you. Smart cars will track user movements, smart cities will track travel preferences.
Smart bulbs/ TV’s or even smart refrigerators can be used to infiltrate home networks, steal your credentials, and give access to other information giving devices. It can be a doorway to burglars who would now know that you are not at home. It goes without saying that as IoT, AI and ML continue to grow, more and more devices will be embedded into the network. They do give a better experience and amusement but at what cost?
Misconfiguration of devices, security holes, poor or no maintenance and lack of updates make the perfect environment for any cyber-attack. The worse that could happen is your device could be converted to a botnet. Botnets can consist of hundreds and thousands of computers that are interconnected and running one or more bots. These bots are used to perform Denial-of-Service attacks (DDoS), allow the cyber criminal to access the device and instigate malicious activities such as data leaks, credential leaks etc.
Future predictions for cyber attacks include improvised hi-tech ransomware attacks, IoT hacks, Botnet attacks, threats from crypto-mining and AI is likely to be the quintessence of cyberattacks 2021 onwards. Are companies prepared to handle these extraordinary situations? How are they building their cyber security workforce? Gradually, several other security challenges will mount alongside the digital transformation. The actual threat is when our personal data is everywhere it is not supposed to be: ‘Who we are, what we do, what we want and why we want it?’
What minimum can you do to ensure your privacy?
- Users must remain cautious of what information they are sharing over the internet
- Smart devices must be bought after a thorough research on what threats you are exposing yourself to.
- Users must keep themselves educated with latest trends of cybercrime.
- Terms and conditions following every application or device must be well-read, not just accepted.
- Update your devices regularly, keep an eye on recent patches, vulnerability checks and bug fixes.
- Gadget manufacturing companies must hire cyber experts, patch vulnerabilities and known loopholes must be fixed regularly.
- Refrain from buying faulty products or those with minimum security compliance.
- Enable Two-Factor-Authentication wherever possible, soon passwords will become obsolete with Multi-Factor-Authentication. Passwords and OTP’s are susceptible to risks as compared to a fingerprint or a retina scan.