Psychologists first discovered the theory of group polarisation in the 1960s. The simple hypothesis was that an individual with moderate views tends to express ever more extreme opinions when faced with a group of peers. Essentially, they encourage each other on to a point whereby their actions become more pronounced.
In today’s faceless online chamber, the effect accelerates, something backed up with a study carried out in 2002 that found that when group discussions are conducted in an anonymous environment, it can lead to a more pronounced effect.
Bring this together with an armoury of ever-improving, code-based weaponry and it is like having a meeting of radicals in an arsenal.
Hacking – then and now
To understand how this effect is having a long-term poisonous effect, it’s important to understand the historical context. ‘Hackers’ in the 1990’s were relatively docile humans, often compelled to explore creative routes to subverting technical processes.
Fast forward to the noughties and a malevolent group of individuals had taken this approach, multiplied the negatives, and were using ever more spiteful techniques in response to a suddenly hostile environment for criminal gain.
This amplification manifests today in a dirty pool of cybercrime techniques that care little for real-world victims. The now mainstream use of cynical software such as webcam hijacking RATS and pernicious ransomware, which use guilt, fear and blackmail to extort money wholesale, is evidence of the general downward direction of travel.
Lately, however, there has begun to be another step change in the collective attacker mind-set. The morass of online attackers has inched higher with ever-more extreme actions. The willingness to hack into companies and infrastructure providers is ratcheting up. The last five years has seen a remarkably cadence of company and governmental organisation breaches.
Where will this trend go next?
There is a rising risk of cyber attacks targeting vital services such as transport, utilities and industrial systems. Taking down an electrical grid or breaching a railway network doesn’t just cause disruption and financial damage – it puts lives at risk.
It’s also not just theoretical – attackers have plunged regions into darkness and switched off large parts of the internet. It’s not necessarily the amount of data now being breached that is the high water mark – it’s the impact on people’s lives.
It appears the technical approaches have been developed which can switch off the lights or kill the data transfer mechanisms that now run everything. It’s now not just a question of whether such attacks can take place, but rather when the human being pressing the button actually has the motivation or will to do it.
>See also: 2016: a year to remember in cyber security
Decreasing the cycle
Under such strain, how to reduce this dystrophic cycle? The well-rehearsed mantras of the security industry will help: collaboration and technological advance. Things such as cooperation between cyber security companies and public bodies are important – sharing data always helps improve protection in the event of escalating attacks before they become a problem.
From a technological standpoint, there are also interesting technologies being developed in what has effectively become an arms race. Predictive technologies which use a positive approach, using things such as AI and machine learning, are helping put the defenders back on the front foot by predicting what will come next, as opposed to just responding.
In the long term, companies need to understand that security has got to a point where it needs to be built into the underlying technologies they develop from the very beginning. In a world dictated by software, this point is often overlooked in a headlong rush to appease business operations. Build things securely from the ground up and it helps take the heat out of attacks, no matter how extreme the actions of the crowd become.
Sourced from Alex Mathews, lead security evangelist, Positive Technologies