- SMB Spotlight
For the past few years cyber security has been an increasingly big focus for both governments and businesses. This is because the steady stream of cyber threats targeting them has been growing in both frequency and complexity. In today's world even off-the-shelf exploit kits now have the potential to cause crippling damage.
However, in 2013 we've seen some of the biggest and most dangerous attacks and data-stealing campaigns ever uncovered, and it wasn't just criminals behind them, but our own governments. The nature of the revelations has made 2013 a defining moment in history for the security industry.
State snooping and PRISM
It has been believed for years that governments had shady cyber programmes, but in 2013 things really came to a head with the PRISM spying revelations.
The year began with some less surprising revelations about China. In February security firm Mandiant reported linking a Chinese military unit based in Shanghai's Pudong district to attacks on at least 141 companies.
In the summer, though, things really caught fire when ex-CIA analyst Edward Snowden leaked documents to the press chronicling the US National Security Agency's (NSA) controversial PRISM campaign that was gathering huge amounts of data on citizens around the world. These revelations continued with claims that the UK's GCHQ was involved in tapping submarine telecoms cables, and that world leaders' phone calls were being monitored.
While the NSA has tried to quell rumblings about PRISM – claiming its agents only saw 0.00004 percent of the world's web traffic during the campaign – the nature of the snooping has led to an international backlash against the US. Numerous political bodies, including the European Commission and German government, have called for new international laws to stop campaigns such as PRISM occurring again.
The campaign's discovery is even more dangerous as it has led many governments and businesses to start instigating protectionist cyber policies that could cause lasting damage to the global economy.
These include plans from the Brazilian government to create a new "secure email" service within the country and a new strategy by Deutsche Telekom to route local internet traffic through domestic servers only. Industry commentators have predicted that the protectionist policies could cause untold harm to key industries, such as the cloud.
Bitcoins are the new black in cybercrime
For years privacy groups have been singing the praises of cryptographic currencies such as Bitcoin. This is because by facilitating peer-to-peer transactions, the currencies allow people and businesses to enact commerce without using traditional banking exchanges, meaning they're tax free and semi-anonymous.
The advantages of Bitcoin have led many people to start moving to use the platform and "mine" Bitcoins. In a normal situation, a user runs the algorithm used to authenticate Bitcoin transactions on their computer and is in turn rewarded with Bitcoins. This development in itself isn't worrying, but the increased number of users attempting to mine Bitcoins has caused their value to skyrocket, a development that has led a number of shady characters to take an interest in the crypto currency.
The spike in value has led many criminal botnet operators to alter their strategy and spread malware designed to turn computers into a Bitcoin-mining machines.
This was shown in October when security firm Symantec found the infamous ZeroAccess botnet had been altered to mine Bitcoins after successfully rescuing 500,000 of the 1.9 million machines that had been compromised. Since then numerous security vendors, including F-Secure's Mikko Hypponen, have warned that the trend will continue and grow in 2014.
Security top of the agenda for tech giants
One bit of positive news to come out 2013 is that hardware manufacturers and developers are getting interested in building their products with security in mind from the start. This phenomenon was showcased in September and October by Apple and Intel.
On the Apple front, the shift in strategy was demonstrated when it unveiled its new iOS 7 operating system and iPhone 5S smartphone. As well as running the latest iOS 7, which itself features more than 40 new security updates and services, the 5S also features a nifty Touch ID fingerprint scanner.
The Touch ID sensor works by scanning the sub-epidermal skin layers of the person holding the iPhone to verify their identity before unlocking. While this sounds small it's a big step towards biometrics within security, and has been hailed as a massive step forward for making it quicker and easier for users to secure their iPhones.
Intel president Renee James called for firms to drop previous archaic opt-in security models and begin designing products with fully integrated security from the beginning. The Intel president went so far as to suggest the company may take a leading role in this and start offering its integrated security tools free with products.
The news could be a key step for the security community in its ongoing battle to protect the growing number of devices connecting to the internet. With the Internet of Things on the horizon, in the future this will mean everything from cars, houses and medical equipment will be online.