The press is awash with cryptocurrency. Reports on the all-time highs, the billionaires who jumped on the bandwagon early, and the news that the likes of Goldman’s are setting up trading desks to exploit the wave are rife.
And there are certainly hotspots in the world influenced by the relative stability of the currency. In some countries it’s seen as an economic saviour. A way to keep economies trading when there is a lack of cash and the potential for criminals to create black money and instigate corruption - places like India where people can queue for hours to get money from an ATM. It is an easy way to move money.
As leading bitcoin exchanges typically excel in service availability, some users have turned into full-time traders, as they have a platform to store and trade thousands of dollars of cryptocurrency in real time. This increased attention is creating profitable opportunities for cyber criminals - the most high profile case was of course the WannaCry campaign, which locked up computers around the world demanding bitcoin exchanges for a decryption key. And only last week, BitConnect announced it was under heavy fire from hackers just one of the reasons suggesting it would close its exchange. It’s spooked investors.
Several crypto-currency exchanges around the world have experienced outages related to either a flood of natural traffic due to market fluctuations and demand, or malicious traffic from denial-of-service attacks. In particular, last summer both Bitfinix and BTC-e announced that their networks were experiencing service degradation due to a denial-of-service attack. Coinbase reported experiencing issues with load times that resulted in users not being able to login or view the websites of the targeted exchanges.
As Bitcoin continues to rise in value, cyber criminals will continue to rely on cryptocurrencies as a means for payment. The wallets and exchanges that house the currency will also be targeted at a persistent rate. Bitcoin exchanges might experience denial-of-service attacks by hacktivists seeking to compromise or seize accounts.
Big brands will succumb too - in the past, hacktivists groups such as Anonymous launched denial-of-service attacks against PayPal after refusing to process payment for WikiLeaks.
All the studies that look back on 2017 tell you that criminals used various ransom exploits and hacks to encrypt vital systems, steal intellectual property, and shut down business operations.
Between service disruptions, outages, or intellectual property theft, hackers are leaving businesses reeling, searching for solutions after a hack occurs.
Forensics tells you that hackers and their methods are becoming increasingly automated. The age of Artificial Intelligence (AI) and machine learning is now.
Many say it will transform cyber security, which probably explains why one-fifth of companies already rely on machine learning and artificial intelligence and a quarter plan to integrate it in to security plans the next 12 months. It’s a sensible move to include the latest developments and should be encouraged.
However, there is some scepticism. Europe is falling behind the US and Asia Pacific in the adoption of security methods using artificial intelligence.
It may seem surprising, but I think there is good reason for it. AI is highly effective when it comes to managing very complex situations where theoretical modeling is virtually impossible - if you need to predict how a person will respond for example. It’s also useful when your budget or resource is restricted.
But there’s no getting away from the fact that positive security models are still the best way to protect from cyber attacks, especially where there is zero margin for error. Plus AI is no substitute for the skills needed to investigate attacks and develop a strategy.
Security professionals need the technology to find the data that will tell them a story. The human brain can’t process millions of pieces of information but nor can AI systems come to conclusions about how strategy should change based on the data, and what security steps the business should take. The two must meet in the middle.
I’d argue that Europe is more advanced in its thinking and waiting until AI has evolved. Closing the skills gap is a more urgent need. As demonstrated by the upturn in companies employing hackers to help design their security - a third of companies are now taking on hackers as they understand the mind of a hacker and know where to look for the next attack type, and the virtually co-ordinated global attacks fashioned by groups like Anonymous.
Bitcoin is now a routine part of the cyber attack landscape. If companies are to succeed is staying secure they have to take that as a given and build skilled teams, supported by real-time detection, mitigation and defence. AI will be a part of this puzzle but it can’t be relied upon. Not just yet.
Soon AI will be everywhere and companies have to prepare for this future, but they shouldn’t lose sight of the present dangers and the risks that comes from adopting too early.