Tuesday, 1 May 2018

Predicting the Unpredictable

What does the future hold for cyber security?


Cat and mouse. Tit for tat. In cyber security it seems that for every head we cut off, new ones take their place. To understand how this hydra might evolve, we welcomed a panel of some of the leading security thinkers to gaze into the not so distant future. At Symantec’s Crystal Ball event I was joined by a government official, a sociologist, a business leader and a threat insider to see the direction of travel and how we should arm ourselves for tomorrow’s threats.
One point was unanimous; major threats are coming our way, but each had their own take on how the picture will evolve in coming years, and how we could protect ourselves against these threats. Here are some of the insights.


WannaCry was only the tip of the iceberg

One of the most striking predictions to come out of the event was the fact that the UK will inevitably be hit by a cyber incident of massive proportions – even greater than WannaCry - and worst of all, that it will turn out that it was entirely preventable.
According to Ian Levy, Technical Director at the National Cyber Security Centre, government and industry must come together to prevent this. It’s only through sharing data and collaboration that we can build the defences able to withstand these inevitable ‘category one’ threats.
Critically, Ian pointed out that for all too long we’ve treated people as part of the problem. In the future, this will have serious consequences.


The rise of mass social engineering

Social engineering attacks will gain momentum over the next few years. And they won’t strictly target citizens anymore. Corporations, markets and high-profile individuals will all fall victim, according to Dr Jessica Barker, sociologist and Co-Founder of Redacted Firm.
Geopolitical tensions and a more connected society will create a perfect storm where society becomes more vulnerable. Fake news will be part of the problem but it won’t be the whole story – at least in its current form. There will be a wider threat as we continue to trust our networks and take in information from a variety of online sources blindly. Social engineering on a mass scale will influence markets, reshape the political agenda and influence consumer behaviours.
Education will be key. We all have a collective responsibility to encourage critical thinking in the face of this threat.



AI will call the shots but at what price?

Artificial intelligence (AI) and automation will make businesses more productive and is already being implemented. But if businesses don’t know where the kill switch is from the outset, or ready their artificial intelligences for malicious attacks, it could cause major problems further down the line. Graeme K Hackland, CIO at Williams F1 Team discussed the risks of handing over too much power to automated systems.
We’re currently used to having humans make the decisions in our businesses and we’re used to being able to raise the flag and course correct if we see that something is going wrong. ‘black box’ AI or Machine Learning, where data goes in and actions take place or conclusions come out could cause significant problems. Without having insight into the process, it will become increasingly difficult for businesses to identify if data or systems have been tampered with. A hacker could gain access to an AI, or the systems that feed it. Whether changing data, inputs, sources or confusing hard coded and learned rules, attacks could bring businesses to a standstill.


What happens when hackers get their hands on AI?

Automation was also front of mind for Peter Wood, Chief Executive Officer at First Base Technologies. In his work, he can see how hackers are already beginning to make use of automation within the cyber kill chain. As this use expands, hackers will be able to automate all the different stages of an attack. Worst of all, they will be able to commoditise the automated attacks as a service, and carry out increasingly clever attacks faster than ever before. So what happens when machine learning and AI becomes accessible to hackers in the very same way? Adaptive malware, AI social engineers – hacking will become far more efficient and effective.


Power to the people

Fortunately, cyber defence is rapidly evolving and currently the good guys are way ahead on the AI and ML curve. But technology and investment alone will not be enough for us to defeat these attacks. Just as we know the hydra will grow new heads, we know attackers are never far behind industry innovations. New systems will combine both technology and behavioural understanding to help find the solution to these challenges.
Think about it like neighbourhood watch. The more people that are in it, the more eyes on the street and consequently, the safer you are. if we ask users the right questions, we could – at scale – prevent attacks before they even occur.
But people need to be engaged the right away. For too long, we’ve been dragging employees kicking and screaming into becoming cyber experts when they quite simply don’t care. We have to change this approach, and that has as much to do with psychology as it does with the technical resources that we give users. Get this right, and we’ll be better placed to face the challenges of tomorrow.

Darren Thomson

Darren Thomson, CTO and VP of Technology, EMEA

   

No comments:

Post a Comment

loading...