You may have talk about the idea that we are now entering a ‘fifth generation’, or ‘Gen V’, of cyber security. You may have wondered what that means, what the previous four generations were and which generation of attacks your organisation’s current security practices are sufficient to defend against.
The ‘Gen V’ idea comes from a presentation delivered by Gil Shwed, founder and CEO of Israeli security company Check Point Software, back at the start of 2018, which was followed by a report and white paper. Shwed argued that the unprecedentedly damaging WannaCry and NotPetya attacks of 2017—which primarily targeted the NHS and Ukraine, respectively—were not one-offs or ‘thousand-year floods’. Instead, they were the opening salvoes of the next generation of cyber threats.
What were the last four generations? Per Shwed, Gen I (late 1980s) refers to attacks against stand-alone PCs. Gen II (mid-1990s) added the risk of attacks from the Internet. Gen III (early 2000s) introduced the exploitation of vulnerabilities found in Internet-connected applications. Gen IV (2010–2017) saw cybercriminals respond to the development of better malware detection methods with polymorphic malware—that is, malware which tries to hide itself from automated detection tools, perhaps inside a Word document or by obfuscating its code.
Fending off each generation’s threats require an expanding toolset. An anti-virus was enough in Gen I, a firewall in Gen II and an intrusion prevention system (IPS) in Gen III, but by Gen IV anything less than sandboxing and anti-bot protections would leave your systems vulnerable. As you might expect, the proportion of businesses with the relevant protections decreases with each subsequent generation—Shwed claims that 100% of the 443 surveyed had anti-virus software installed, whilst only 7% implemented sandboxing.*
What is Gen V? This is the era of the large scale and multi-vector ‘mega attack’, incorporating ‘state-sponsored technologies’ and covering multiple countries and industries. How can you defend yourself against these threats? As Shwed suggests, the solution is ‘real-time threat prevention technologies’ across all devices and systems paired with robust threat intelligence and ‘the best security technologies’.
Mitigate offer a range of tools to fulfil these roles, from our automated Safeguard vulnerability scans to Mitigate, which allows you to track levels of internal risk across your organisation, respond to threats in real-time and which is powered by advanced threat intelligence and research conducted with the Academic Centre of Excellence in Cyber Security Research at Lancaster University, where we are based.
What if you are an SME—surely these kinds of massive-scale attacks are just for major firms and governments to worry about? Unfortunately, this view is naive. Even if you are not targeted specifically, in these attacks collateral damage is inevitable. Your complacence could even put others are risk—the NotPetya attackers gained access to the systems of giants such as Maersk by first comprising accounting software produced by a small Ukrainian firm. If you are part of someone else’s supply chain, you are now just as much of a target as they are, and have just as much need to start building a ‘small army of security technologies’ now.
* However, in the subsequent white paper the figures are given as 82% and 21%, respectively. There are other issues with the figures in the paper, such as the claim that 97% of surveyed businesses have a firewall, anti-virus and IPS in place, but 95% have the first two only, which suggests that either 2% of businesses somehow have a firewall, anti-virus and IPS whilst also not having a firewall and anti-virus, or these two groups represent 192% of the sample. Checkpoint Software did not respond to a request for clarification.