Why do cyber threats now pose even more danger?

By Jack Durrant, Associate Director, BA (Hons) ACII

I’ve always admired great chess players, and thoroughly enjoyed  watching The Queens Gambit on Netflix. As for my chess game, I’m a casual player at best, and I am sure many players would beat me with ease, but I think the game is valuable and I would encourage everyone to give it a try. I understand some of the broad techniques employed by higher calibre players; their strategies are so innovative that sometimes I struggle to follow their methods even when I see analysis after the event.

I think this is interesting and important with insurance on several levels:
1.    The seemingly boundless knowledge and experience of chess grandmasters was first defeated by computers way back in 1981, evidencing that computers have the potential to overcome humans with relative ease. Computers did so in the dark ages when floppy disks were the preferred medium of data transfer. This demonstrated they didn’t even need that much computing power, provided that the parameters set could be easily programmed and commands easily executed.

This gives pause for thought, as most people outside of the computing, coding, and programming sector would admit that it’s extremely difficult to protect themselves from that which is often difficult to understand.. And returning to the chess analogy, the frameworks and structures employed to protect computer systems inevitably try to make it difficult for threat actors to overcome. However, old unpatched software gives threat actors and computers can be an unprotected gateway to programmable and executable instructions, attacking and infiltrating the positions of  easy targets.

Imagine how much more power and possibility comes from a modern-day computer, given we now have means to transfer data much more quickly and without the requirement for even a USB. If a computer could beat a master at chess, I have no doubt that computers can easily find vulnerabilities in business systems.

2.    Sometimes in a game of chess the illusions on the surface might hide insidious motives. The hope is to get one’s pieces positioned in ways that multiple different tactics might be employed to gain the advantage and leave your opponent’s pieces exposed, and then take them to secure points or overwhelm your opponent.

The same is true when cyber hackers enter a business’s systems. Just as in chess, the methods used by hackers often involve patience. Infiltrators will often monitor your business for a long time before striking at critical moments – for example when you’re  due to pay or receive large amounts of funds, when you have a reduced workforce,  such as over a holiday period, when you’re due to have a busy spell, or potentially while you have large amounts of data available. This attack has the potential to  inflict maximum damage and inflate the amount you may be willing to pay to reobtain control of your systems.

In addition, even ,   where businesses have protections, hackers sometimes have a back-up plan. By keeping hold of data, they may  use this as a secondary route to extort data – even when the have reasonable cyber risk management controls.

3.    In chess, there is an unending combination of moves which can be played in any given game, which inherently makes the game perfect in its design – no game will should ever be the same.
This endless realm of possible moves and outcomes in chess is much the same as in the cybersphere – there’s always an opposing force that can consider tactics and a strategy several moves in advance. I have spoken before about zero-day attacks (those never-seen-before attack methods which are researched for years and sometimes executed by state-backed hackers). There are also some tried and tested methods which might be relentlessly reworked. I’m sure that many of you are familiar with the classic tale of  managing to get the Trojan Horse into the ancient city of Troy in plain sight. This is just one example of a method that is redeployed in cyber-attacks – nefarious tactic barely hidden under a blanket of normality. 

I am sure everyone reading this right now has within the last week been a potential victim of phishing. This is also a classic attack strategy, which has an infinite number of iterations bounded only by the perpetrator’s creativity.

I suppose there are many parallels that we could draw from paying chess, but we take away something of note from this strategic game of constant one-upmanship . I wouldn’t be as naïve to think that I would even brave the board against the likes of chess world champions; let’s be honest, the game would be over before it even starts. In the same light I doubt chess champions would pitch themselves even against a smartphone nowadays in a game – the expertise gap is just too big.

Where someone might pitch me against the combined intuition of a computer and the creativity of a world champion player, it’s simply no contest. Cyber is much the same, so I’d recommend the following as my final “move”; take the precautions to keep out the low-level threats (set your defence), have a credible idea of the methods someone might use to attack you and run penetration testing (test your defence), and then for when the worst happens have a back-up plan (buy a cyber insurance policy).

If you’d like to know more about protecting and defending your digital assets, speak to one of strategic specialists today on 020 7543 2807, or request a callback below.