Attack sophistication is growing. 20 years ago, social engineering had already made inroads and automated attacks were on the rise, with denial-of-service, browser executable attacks, and techniques for uncovering vulnerabilities in the binary code of applications.
Today, attacks are bigger, faster, and deeper, ranging from blended (cyber-physical) attacks and malicious counterfeit hardware, to entire supply chain compromises and adaptive attacks on critical infrastructure.
Yet in another sense attacks are on a downward trend, possibly giving enterprises and individuals a better chance of protection.
The downward trend is in the intruder technical knowledge. While current levels of processor power and smart software opens the doors to many more miscreants, fewer attackers may know what to do once inside, other than follow instructions from their hacking tools.
The fear that haunts futurologists about the world being driven by robots and AI may have a positive reflexion in the world of hacking.
If software is eating the world of hackers, enterprises and organisations may be better able to deal with hacker attacks through defensive software of their own.
That does not mean that all the creativity will disappear from cyber-attacks. Nation states will continue to recruit hacking talent for spying on others, and social engineering remains a popular technique.
However, as the vulgarisation of hacking continues, the real innovators will represent a smaller percentage of total hacking community.
The temptation for attackers will be to rely, perhaps exclusively, on a click-driven interface for initiating attacks without knowing how the attacks are perpetrated. This is like car drivers who drive using the dashboard and controls in front of them, but without understanding how the car itself works.
Where possible, enterprises should therefore avoid such reliance and maintain a level of knowledge and innovation above that of the common hacker, adding in software and automated protection to counter attackers’ automated aggressions.
There will always be a risk of creative, knowledgeable attackers, but seen as a numbers game, vulgarisation of IT system hacking could drive down the probability of an enterprise suffering higher-level, more dangerous attacks.