What’s it like for the Future of Cybersecurity

Over the past 30 years, the internet has gone from novelty to necessity. Cybersecurity has existed since the creation of the first computer virus in 1971. That was the “creeper” virus, a harmless application designed to replicate and move from computer to computer. New malware is created every day, however, by “threat actors” who attempt to develop new tools for often-nefarious purposes.

Cybersecurity professionals attempt to stop them, each investing to out-perform the other, in what has become a cat-and-mouse game. In the decades since, the sophistication on all sides in the game have increased. Machine learning and AI are being used by both sides to continue this game of cat-and-mouse. Quantum computing will be next, exponentially elevating the capabilities of an attacker and a defender. So the cat and the mouse will keep getting better and faster, but the overall game isn’t going to change too much.

Predicting how we will stay safe in a hyperconnected world over the next 10 years is a hard task, but experts predict that smart cities and “deepfakes” are two of the major cyber security challenges ahead.

Already, voice assistants and devices such as smart meters and lights are becoming the norm. Smart cities will take this further, embedding the so-called internet of things into infrastructure and built environments. Possibilities include street lights that change intensity based on the presence of humans (detected by their smartphones) and virtual guides for the elderly should they get lost.

That convenience comes at a cost, says Mariarosaria Taddeo, a research fellow at the Oxford Internet Institute and deputy director of its Digital Ethics Lab. “My speculative idea is that the more you have smart cities . . . the wider the surface of attack.” Ms Taddeo, who is also a fellow at the Alan Turing Institute, is concerned about the effect these complex networks will have on cyber security. With every additional connection, it becomes harder to figure out where a vulnerability has emerged.

Here’s what the future of cybersecurity will look like in the next five to ten years and beyond.

1. AI and Machine Learning in Cybersecurity

AI cybersecurity, with the support of machine learning, is set to be a powerful tool in the looming future. As with other industries, human interaction has long been essential and irreplaceable in security. While cybersecurity currently relies heavily on human input, we are gradually seeing technology become better at specific tasks than we are.

In the business environment, AI is currently being used to analyse large amounts of data and to help streamline processes, it is also increasingly being used as a method of cybersecurity protection by alerting organisations of unusual activity. AI and machine learning tools help reduce cybercrime in a variety of ways, from automatic network security monitoring to behavioural analytics, vulnerability management or Phishing detection.

Machine learning, a component of AI, applies existing data to constantly improve its functions and strategies over time. It learns and understands normal user behaviour and can identify even the slightest variation from that pattern. But besides gathering information to detect and identify threats, AI can use this data to improve its own functions and strategies as well.

Private sector businesses and corporations have already deployed AI systems, and even some governments are using the technology. Why? Because AI can save time and money by going through structured data quickly, as well as comprehensively reading and learning unstructured data, statistics, words, and phrases. This can be utilised to provide proactive and quick responses to new challenges, potentially before a human could spot them. Essentially, AI could save money as well as national secrets.

Still, loopholes exist. Hackers are trying to figure out ways to beat the machines, sneaking in through cracks we didn’t know existed. Right now, months go by before an organisation detects a data breach. By then, the hacker is long gone, along with all the sensitive data.

On the other hand, AI can sit back, collect data, and wait for a hacker to appear. AI looks for behavioural abnormalities that hackers display — for instance, the way a password is typed or where the user is logging in. AI can detect these small signs that otherwise might have gone unnoticed and halt the hacker in their tracks. This can also be useful in spotting user error or manual changes to system protections that could let a hacker gain access to the network.

Any system can be exploited. In the constant chess match of cybersecurity, human hackers will always probe the weaknesses in every system — including AI. Artificial intelligence is programmed by humans, and thus can still be defeated. While AI’s ability to process information is impressive, it can only work as well as it was programmed to. As hackers adjust to AI systems, human programmers will have to deploy new countermeasures. The cat and mouse game will continue, but AI forms a welcome reinforcement in the war to protect data.

AI and Machine Learning in Cybersecurity : How They Will Shape the Future – Click Here for Further Reading

2. Passwords May become obsolete

Passwords are deeply ingrained in all aspects of our digital reality. In 2020, NordPass estimated that the average person had 70 to 80 passwords. And yet, password compromises and shared secrets remain the number-one cause for hacking-related breaches. Now, with the COVID-19 pandemic driving the rapid shift to remote work, coupled with the cybersecurity pressures following a slew of significant cyberattacks in 2020, the urgency to move away from passwords has never been greater.

Organizations are being forced to look closely at password authentication, specifically asked to justify the costs associated with password support, reevaluating the impact on user experience and, most importantly, justifying whether the password is truly doing what it is intended to do – protect the organization from an online attack. Most quickly realize that, no, passwords are antiquated, are a major cause of frustration and, ironically, are risk drivers.

Today, organizations are moving towards passwordless authentication; using advanced technologies such as biometric signatures, hardware tokens, cryptographic keys or PINS to verify users. In a recent report by LastPass, 92% of businesses believe passwordless authentication is the future. In May 2020, Microsoft said more than 150 million people were using passwordless login on Windows every month.

Despite questions around the future of the password, 85% of IT professionals surveyed do not think passwords are going away completely. Yet, over 92% believe that delivering a passwordless experience for end-users is the future for their organisation. The answer to the password predicament is simple: rather than eliminate passwords completely – change the way we interact with them. This is where passwordless authentication comes in.

How would passwordless logins work?

A passwordless login experience means that while passwords may still exist in the IT infrastructure, the employee will not have to manually enter a password during their login. It brings several benefits such as reduced IT costs by eliminating password related risks, increased productivity amongst employees as they save time on remembering and/or changing passwords, and stronger security by guarding every access point with more secure forms of authentication. However, moving into a passwordless approach requires choosing and implementing the technology that fits your organisations’ needs. Some of the methods to choose from are:

Implementing single-sign-on (SSO) can help secure and simplify managing access no matter where employees are located. Through a protocol – such as Security Assertion Markup Language (SAML) – SSO establishes a secure line between an identity provider and a service provider, meaning it creates a link between where IT manages employees access information and the application users want to login into. SSO allows for employees to reduce the number of passwords they must remember or update, boosting their productivity and minimising the risks associated with credentials.

Enabling multi factor authentication (MFA) provides IT teams with the tools to manage access at the individual user level, defined groups or even by job role. MFA considers a multitude of factors such as location, IP address or biometrics (face ID) versus only one factor – such as a password – prior to granting access to an application. By prompting a user for additional information when logging in, IT can be confident that the person requesting access is indeed who they say they are. It also streamlines the process for the final user that will have a faster and easier login experience.

Behavioral Biometrics

Enter behavioral biometrics, the authentication method that will make logging in more secure and efficient than ever. With behavioral biometrics, your password is no longer a what. It’s a how.

It’s the number of milliseconds between your keystrokes. The amount of pressure your fingers apply on the keyboard as you type. The geometry of micromovements you make as drag your mouse. The exact angle at which you hold your phone. The dozens of other identifying and quantifiable little patterns that you’ve developed throughout your life.

All calculated against your unique behavior profile established over a period of time. All done by an app in the background, without you having to do anything extra, like enter a set of numbers or pose for a face ID. Sounds like the future? You bet it does.

Is the Future of Cybersecurity Passwordless? – Click Here For Further Reading

3. Smart Cities and Cybersecurity

The concept of a “smart city” can hardly be considered the city of the future anymore. Instead, it’s the new normal. With rapid advances in the Internet of Things (IoT), local governments are investing in and implementing the means to improve efficiency and convenience for its citizens. But all of this spending on smart cities comes with its fair share of challenges. As cities become more advanced, so do the cyber attacks that threaten them.

Everything in a city—from street lights, traffic signals and cameras, electric and gas meters and sewers can all feed into the digital infrastructure, so it’s important to understand that these endpoints require network-related security services in the middle.

What does a smart city look like?

The city of the future comprises a complex ecosystem of services that span public and private entities, people, processes, devices and infrastructure—all of which are constantly interacting with each other. It encompasses elements like:

Smart grids, or the use of technology to improve the communication, automation and connectivity of an electric power network.

Autonomous vehicles and self-driving transport.

5G and IoT-enabled technologies to bring innovations to the management of waste, energy, water and intelligent transport systems.

Traffic Data Services, using wireless data to help traffic planners improve how people move through the city.

Using smart lighting in streets to make cities feel safer and make lights more efficient.

Using AI and AR to make a city more people-focused, bringing immersive technologies to improve residents’ self-reliance, self-service and decision-making.

What are the cyber security challenges faced in a smart city?

The more connected we get, the more risk we take on by increasing the attack surface. A smart city must remain vigilant against the threat actors that are increasingly targeting municipalities, using a vector that is getting bigger and less visible.

Three key factors influence cyber risk in cities: the blurring lines between the physical and digital worlds; the interoperability between old and new platforms; and the integration of services leading to weak points in the network. Smart cities and cyber security must be considered hand-in-hand.

The smart city is at risk of threats on multiple vectors, and there are plenty of real-world examples to learn from.

How can we protect the city of the future?

In an increasingly connected landscape, a smart city is only as secure as its weakest link. Infrastructure needs to be future-proofed, but it needs to be done so in a “smart” way.

First and foremost, smart cities must invest in cyber security. ABI Research found the energy, health care, public security, transport, and water and waste sectors are “woefully underfunded and incredibly vulnerable to cyberattacks.”

More than that, though, is the necessary education to shift culture and behavior for both workers and residents. Municipal governments should implement a security awareness and training program, install perimeter defenses and ensure secure configurations. Additionally, city planners should consult with experts in smart cities and cyber security who can help to ensure the right measures are taken, the right training is in place and the right recovery plans are ready for action. Because it’s not a matter of if the city is attacked—but when.

Securing the Smart City of the Future – Click Here For Further Reading

What’s it like for the Future of Cybersecurity

4. Cybercriminals Could Cripple Countries

If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.

Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.

The damage cost estimation is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities, and a cyberattack surface which will be an order of magnitude greater in 2025 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.

Cybercrime Hits Home

The United States, the world’s largest economy with a nominal GDP of nearly $21.5 trillion, constitutes one-fourth of the world economy, according to data from Nasdaq.

Cybercrime has hit the U.S. so hard that in 2018 a supervisory special agent with the FBI who investigates cyber intrusions told The Wall Street Journal that every American citizen should expect that all of their data (personally identifiable information) has been stolen and is on the dark web — a part of the deep web — which is intentionally hidden and used to conceal and promote heinous activities. Some estimates put the size of the deep web (which is not indexed or accessible by search engines) at as much as 5,000 times larger than the surface web, and growing at a rate that defies quantification.

The dark web is also where cybercriminals buy and sell malware, exploit kits, and cyberattack services, which they use to strike victims — including businesses, governments, utilities, and essential service providers on U.S. soil. A cyberattack could potentially disable the economy of a city, state or an entire country.

Cyber threats have expanded from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse. Many of these Things are connected to corporate networks in some fashion, further complicating cybersecurity.

By 2023, there will be 3X more networked devices on Earth than humans, according to a report from Cisco. And by 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years.

Future cyberattacks could potentially disable the economy of an entire country – Click Here For Further Reading

5. Deepfakes will be a serious threat to cybersecurity

Deepfakes are human image synthesis, a form of manipulated videos that create hyper realistic, artificial renderings of a human being. These videos are generally crafted by blending an already existing video with new images, audio, and video to create the illusion of speech. This blending process is created through generative adversarial networks, or GAN, a class of machine learning systems.

Deepfakes came into the public consciousness in 2017. In fact, Reddit was the community that coined the term. Many redditors popularized the technique by swapping mainstream actresses’ faces onto pornographic actresses’ bodies. Additionally, the practice of swapping Nicolas Cage’s face onto other movie character’s bodies became a very popular meme.

However the rate of deepfake videos has grown considerably as deepfake software continues to be distributed. In fact, these videos are easier to make than something in Photoshop. This is because the videos largely rely on Machine Learning technology rather than manual design skills

While impressive, today’s deepfake technology is still not quite to parity with authentic video footage—by looking closely, it is typically possible to tell that a video is a deepfake. But the technology is improving at a breathtaking pace. Experts predict that deepfakes will be indistinguishable from real images before long.

AI Is a Double Edged Sword

“In January 2019, deep fakes were buggy and flickery,” said Hany Farid, a UC Berkeley professor and deepfake expert. “Nine months later, I’ve never seen anything like how fast they’re going. This is the tip of the iceberg.”

Today we stand at an inflection point. In the months and years ahead, deepfakes threaten to grow from an Internet oddity to a widely destructive political and social force. Society needs to act now to prepare itself.

The opportunities for spreading disinformation like this at the very highest levels of government are almost limitless for those able to wield effective deepfake technology. Perhaps even more concerning is that doctored videos could also be used by hostile states or extortion-seeking cyber-criminals to undermine voters’ confidence in candidates up for election.

Financially motivated extortion and social engineering, and influence operations aimed at destabilizing democracies, are just the start. One expert recently claimed that as AI technology becomes more advanced and ubiquitous, the power to create highly convincing deepfakes could be in every smartphone user’s hands by the middle of this decade. So what can we do about it?

Combating deepfakes

One of the solutions to combat the incredible growth of deepfakes, has been to turn to AI itself. Sensity, a visual threat intelligence platform that applies deep learning for monitoring and detecting deepfakes, has created a detection platform that monitors over 500 sources where the likelihood of finding malicious deepfakes is high.

Beyond technological remedies, there is a growing appetite to seek legislative redress to combat the dissemination of deepfakes. California enacted a law in 2019 that made it illegal to create or distribute deepfakes of politicians within 60 days of an election. But enforcing bans is easier said than done, given the anonymity of the internet.

Other legal avenues could take the form of defamation and the right of publicity, but their broad applicability might limit its impact. In the short-term, responsibility will have to fall on the shoulders of social media giants like Facebook and Twitter.

Deepfake Technology: Implications for the Future – Click Here For Further Reading

Conclusion

Looking ahead, a few themes around the future of cyber security emerge. For one, a greater focus on prevention and preparedness will be vital. It’s that response planning for an incident, data breach, or other security event is absolutely vital. Preparedness and response playbooks will likely become more commonplace in the face of reduced predictability. Employee training at every level will go hand-in-hand to help mitigate the role of human error.

Cybersecurity has traditionally been reactive and threat-centric. This approach worked when organizations were able to secure their critical data in data centers they owned and managed. But digital transformation, globalization, the cloud, and workforce mobility have spread data and users far beyond the perimeter of easily walled-off office networks and data centers.

Purely reactive, threat-focused cybersecurity simply can’t keep up with the way we work anymore. Clearly, something needs to change. The Future of Cybersecurity is Proactive, Predictive and Dynamic.