Have you ever wondered if your WiFi router might get hacked? If you haven’t, then maybe you should.
This threat has been around for a while. Any machine can be hacked, in principle at least. And although security systems have become stronger over the years, no security system is perfect and no device is fault-free. The multitude of different devices we use these days is causing the number of potential vulnerabilities to skyrocket.
Among the devices you use to get online, routers play a crucial role. They’re potentially connected with any other device, like your phone, your computer or even your fridge, if you’re into such smart appliances. Therefore, if hackers get control of your router, they might be able to mess with your other devices, too.
Recently, AT&T Alien Labs discovered a new malware called BotenaGo. It can exploit more than 30 vulnerabilities in WiFi routers and IoT devices and potentially attack almost 2 million devices. Corporate networks are particularly vulnerable to such malware because they often connect to many different devices. Corporations are also more lucrative targets for hackers because they tend to be more willing to spend millions of dollars to unlock their systems than private citizens. For example, if hackers start a denial-of-service attack on a company, they could hit a massive payday.
Of course, no company in the world wants a malevolent group of hackers to shut down its services or leak sensitive customer data. Therefore, it shouldn’t come as a surprise that many companies are willing to spend millions to prevent such events from happening.
4 Ways to Mitigate Cybersecurity Threats
- Always upgrade your systems.
- Stick to the 3-2-1-1 backup rule.
- Implement the zero-trust model.
- Educate your employees.
The Cybersecurity Market Is Exploding
When large parts of the world hunkered down facing the Covid pandemic in 2020 (yes, sorry, that topic again… ), experts became increasingly concerned about cybersecurity issues. Things were risky enough beforehand: More than 15 million digital records had gotten lost due to data breaches in 2019. It turns out that the experts’ concerns weren’t unfounded, either. In 2020, that number more than doubled, up to 35 million lost records.
Depending on your point of view, these numbers either represent a huge threat or a huge opportunity. Huge in this context means $156 billion, which was the amount companies and citizens spent on cybersecurity in 2020 alone. You might object that this was a rather special year, with record levels of remote work and remote school going on in many parts of the world. I wouldn’t blame you for expecting that cybersecurity threats might go down during the periods where in-person life resumes and digital interactions decrease.
But researchers expect the opposite. The beginning of the pandemic might have accelerated things in digital spaces, but much of this growth is expected to continue in the years to come. For the next five years, experts expect a solid 14 percent annual growth in the cybersecurity market, totaling $352 billion by 2026.
This is a huge market opportunity, and most of this growth is expected to come from the Asia-Pacific region. Unfortunately for those looking to capitalize on this space, the market is quite fragmented, meaning that there are many different players competing for cybersecurity solutions.
Overall, this situation is both good and bad. On the one hand, it’s nice to have a competitive landscape that isn’t dominated by a handful of big tech monoliths. On the other, it means that good solutions to serious problems might come from companies that many people know little to nothing about. Thus, if a person or a company wants to buy a cybersecurity solution, they might have to do extensive research to make sure that the company is worth trusting.
For employees in tech, this market situation means two things. First, a career in cybersecurity might be well worth considering if this area interests you. Second, if you’re not interested in doing cybersecurity full-time, you might need to learn a thing or two about it anyway. Your company will thank you for it.
Are Bug Bounty Platforms the Solution?
This projected explosive market growth means that many companies can’t quickly purchase a good antivirus software and call it a day. Many companies need solutions that are tailored to their existing framework, and this means extra work for cybersecurity providers. Also, those companies that already have good defenses are constantly on the hunt for possible bugs in their software that make them vulnerable to cybercriminals. With demand this high and ever-increasing, cybersecurity companies are unable to keep up.
To spot and remove these small loopholes that cybercriminals so love, more and more companies are putting problems on bug bounty platforms instead. On these platforms, companies invite hackers to find vulnerabilities in their systems. Depending on the platform and what the company wants, hackers get money either when they can pinpoint a vulnerability or when they patch that vulnerability up so future hackers can’t exploit it.
This approach requires a certain amount of trust, of course. Companies need to be confident that they’re offering enough money so that the hackers won’t be tempted to do bad things once they find a weak spot. For hackers, it’s a great way to build a good reputation and a strong resumé, especially if they’re hacking as a side hustle or if they’re self-taught.
Then again, there’s the risk of pointing potential vulnerabilities out to the public. If a company underestimates the amount of money they ought to offer a successful hacker, they might risk a disaster. A hacker might switch sides and instead of informing a company about a vulnerability, they might exploit it to their own benefit.
Some industry experts tout bug bounty platforms as the next big thing in cybersecurity. I personally am doubtful about their promise. I’d only advise a client to make use of such platforms if there are no other cybersecurity companies that offer a similar solution. And if there’s no option other than using a bug bounty platform, I’d advise placing a generous bounty to mitigate the risk that a hacker turns against corporate interests.
Developing corporate security systems and employing hackers to test them is one thing. But often, some general rules can get you quite far, too. These tips work best for smaller-scale companies or relatively independent departments within larger companies. Also, it’s not a bad idea to apply some of these guidelines in your personal digital life as well, especially for important areas like your finances or healthcare records.
1. Always Upgrade Your Systems
This should be a no-brainer, but it’s surprising how often private and corporate IT systems are out of date. You don’t need to buy the newest phone or the smartest fridge. But make sure that you keep all your software updated, use a safe password manager and multi-factor authentication wherever possible, and delete applications that you don’t use any more.
I’d advise you to do a monthly security checkup for yourself and your company. In this checkup, you’ll change any passwords that have stayed the same for a while, delete old applications and accounts, and update any software. This type of digital hygiene is rather boring and cumbersome work, but it’s worth your time.
2. Stick to the 3-2-1-1 Backup Rule
If you have important documents that you don’t want to lose, back them up. A lot. A good rule is to make at least three different copies of the data using two or more storage mediums and storing one copy off-site. For added security, you can keep one copy on an immutable and indelible site.
For example, you might want to keep your tax returns on your laptop computer, a separate hard drive, and a hard copy in a safe. This way you have three copies, three storage media (one of which is paper in this case), and two copies off-site because they’re not on your laptop. For added security, you could store a copy on a blockchain. This is one of the easiest ways of making your data virtually unchangeable and undeletable.
3. Implement the Zero-Trust Model
In addition to keeping copies of everything important so you don’t lose anything, you might consider keeping intruders out in the first place. The most foolproof way of doing that is by trusting no one else and no other device.
A concrete example of this mindset is changing your passwords every so often, using multi-factor authentication for important sites, and monitoring login attempts from devices you don’t know. If you can, you should also encrypt any data you’re sending or storing by using a secure messenger.
4. Educate your employees
It’s common knowledge that humans are the weakest link for a hacker. That’s why it’s so important to make sure your employees and team members know which links they can and can’t click on, who they can give permission to, and which parts of the IT systems they should be able to access.
If you can, invest in quarterly training by third-party experts. Cybercrime is constantly evolving, so you’ll want to keep your employees up to date. It’s not sexy, but given the potential risks, it’s well worth the cost.
Preparing for Future Hacks
In cybersecurity, those who can anticipate the hacks of the future have a huge advantage. And who knows what these hacks might be a few years down the road?
Maybe we’ll all be working and gaming in a metaverse. When you log in, you might realize that hackers have infected your digital self with the flu, and it won’t be able to work or play as usual. The hackers might use your digital downtime to retrieve your account’s data and trace it back to your real-life self and do whatever they want with it. Or they might ask you for money in exchange for restoring your digital health.
To be fair, I’m making this scenario up. It isn’t half as unrealistic as you might think, however. The metaverse seems to be just around the corner. It’s quite conceivable that we’ll be working and playing in some version of it within the next decade. And this new step towards a more rounded-out digital identity opens up new opportunities for everyone. This includes new vulnerabilities that might get exploited by hackers.
In a few years we might be worrying more about the viruses that come through our WiFi routers rather than those that lurk in the air we breathe and the surfaces we touch. In an optimistic (or pessimistic?) scenario, the next pandemic might not be one that affects our physical bodies, but one that renders our digital avatars unusable for a few weeks.
Because at the end of the day, we’re all vulnerable, no matter who we are. We’re all at risk, albeit to varying degrees. Welcome to the future.