Back in 2011, the World Health Organization conducted research on safety and security on the Internet, listing such general threats to security as spam, viruses and malware, and phishing scams. Now, at the turn of the decade, it feels right to look over the past ten years and assess whether the same threats are still looming over us and what challenges to online security we will face in the 2020s.
The Internet has indeed grown to be more dangerous over the past ten years, simply as a consequence of its expansion: we feel more at ease spending money online – and on intangible online goods. Besides, the number of websites and connected devices has grown exponentially, forming the Internet of Things.
However, the main threats remain quite the same, but as the stakes are growing, attacks become ever more sophisticated.
Phishing attacks have been among the top threats in recent years and they are expected to stay in the foreground over the coming decade.
Ten years ago, phishing was rather straightforward: you could receive an email with a link that you were supposed to click, or you could be asked your bank account details by an unknown philanthropist – something that is now virtually unheard of. These days we are reasonably well protected by email services and browsers that filter out most spam and suspicious messages.
In response, scammers rely on social engineering to play on our feelings so that we willingly reveal confidential or personal information, or simply transfer our money to a certain account. For instance, scammers can pretend to be charity organisations and take advantage of current events, such as natural disasters or health scares (e.g., the coronavirus-related panic) to work on us through our fear and compassion.
At the same time, phishing scams are growing in scope and variety: in the future we can expect them to combine traditional schemes with voice phishing via calls (vishing), SMS (smishing), or to be disguised as trusted services. Advanced vishing attacks can use Voice over Internet Protocol (VoIP) and broadcasting services to spoof the caller’s identity.
Scammers take advantage of people’s trust in the security of phone services, especially landline services, and address potential victims simultaneously via email, voice, text message, and web browser functionality to gain more credibility. For instance, a targeted person might receive calls and emails from a hotel employee who would complain that they couldn’t process a credit card payment and ask for additional details, or from a bank asking to provide certain information to unblock a suspended account.
Viruses and malware
Similar to phishing scams, viruses have also become more technically advanced. The fast development of machine learning and artificial intelligence has revolutionised protection systems – 86 per cent of enterprise-grade systems are currently AI-driven. Such giants as Avast, and smaller companies Cylance and Deep Instinct, leverage…