As Hollywood ponders the future of cybersecurity, Thales Threat Report identifies likely cyber villains of the present
When an A-list celebrity sits down with a magazine to talk about cyber security, you know you’re seeing an IT issue mature into the mainstream right before your eyes.
In the February issue of Innovation & Tech Today, actress Scarlett Johansson pondered the topical nature of cyber security and its utility as a cinematic plot device.
"It has a good threat component," she said. "I think we, as a society, have been kind of living blissfully and consuming information…and have rarely thought about what the long-term or even the short-term consequences are. And now…it’s like a beast, seemingly with no end in sight. So, I think it will continue to be a trend, definitely. And it certainly works well for a plot device."
Johansson recently starred in Ghost in the Shell, a film about a cyborg who chases terrorists in near-future Japan. The bad guy: A hacker threatening a scientists' artificial intelligence technology.
Other sci-fi releases have also prompted reflection on cyber security. When Rogue One: A Star Wars Story was released last year, The Cyberwire made an online parody depicting Empire commanders leaking Death Star plans after falling victim to a phishing scam. And while the Rogue One rebels eventually obtain their objective through more physical means, it remains notable that the plot revolved around the theft of information (albeit for the cause of galactic freedom).
And on the small screen, Emmy-nominated Mr. Robot tells the story of a vigilante hacker trying to bring down one of the country's most influential companies – while holding down a day job as a cyber-security engineer.
While some of these Hollywood scenarios are certainly far-fetched, you don’t have to be a Star Wars fan to appreciate cyber security’s dark side.
How dark is it? For Thales' 2017 Data Threat Report, we asked 1,100 senior IT executives at large enterprises around the world to tell us how vulnerable they feel to cyber threats. Their responses reveal a paradox.
Of those surveyed for the report, 68 percent said they have experienced a data breach, with 26 percent experiencing a breach in the last 12 months – both numbers that have gone up since the previous year. Paradoxically, overall security spending is also up; in 2017, 73 percent of organizations increased their IT security spending – a marked jump from 2016, when 58 percent indicated an increase.
While 30 percent of respondents classified their organizations as 'very vulnerable' or 'extremely vulnerable' to data attacks, the two top spending priorities indicated were network (62 percent) and endpoint (56 percent) protection solutions. Somewhat counterintuitively, spending on data-at-rest solutions was the lowest priority at just 46 percent.
Garrett Bekker, senior analyst for information security at 451 Research and author of the report, says that a possible explanation for the paradox is that organizations keep spending on what worked in the past but aren’t investing to counter modern breaches.
"Data protection tactics need to evolve to match today's threats," he says.
"It stands to reason that if security strategies aren’t equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase."
As in years past, the 2017 report explored threat perceptions. All vertical industries polled identified cyber criminals as the top threat (44 percent), followed by hacktivists (17 percent), cyberterrorists (15 percent) and nation-states (12 percent).
With respect to internal threats, 58 percent of respondents believe privileged users are the most dangerous insiders – a slight decrease from last year’s 63 percent. At 44 percent, executive managers are also seen as risky insiders, followed by ordinary employees (36 percent) and contractors (33 percent).
In this age of the cloud and SaaS enterprise deployments, more and more enterprise data is being created, transported, processed and stored outside corporate network boundaries, making traditional perimeter-based security controls and legacy network and endpoint protection solutions increasingly less relevant. Other new, popular technologies also bring added security challenges. For example, nearly 40 percent of respondents are using Docker containers for production applications. At the same time, 47 percent cite security as the 'top barrier' to broader Docker container adoption.
So, when it comes to cyber threats, how close are we to living in the dystopian worlds depicted on the big screen? Thankfully, we're nowhere near the threat levels posed by cyborg assassins and malicious AI systems, but certainly hackers, phishing scams and other threats are as relevant in the real world as they are in Hollywood screenplays.
As enterprises around the world strive to confront the cyber threats of today and tomorrow, it's our job to ensure that some of the more fantastic Hollywood visions don’t come to pass. When it comes to cyber security, we don’t want life imitating art.