By Jeremy Capell, executive: Cyber Resilience and Internet Solutions and ContinuitySA
As fast as information technology and digital innovations progress, that is the speed at which cybercrime and cyber security will advance alongside.
This is probably the most sensible prediction one can make about securing our digital assets and infrastructure in the future, rather than attempting to suggest which emerging technology presents the highest threat or the least benefit.
These are, after all, complementary ‘industries’ that co-exist, so it is interesting to consider that until tested, we will not know whether new technology will be our saviour or our downfall. Take blockchain for example – current conversation cannot decide whether blockchain presents the solution to cyberattacks or whether such thinking is naïve in the extreme.
Instead of speculating what manner of cybersecurity controls, due diligence, practice and procedures will be standard in years to come, I’d like to consider the areas of technological innovation most likely to require developments in cyber-protection.
Technology industry pundits can hardly contain their excitement about blockchain technology and how it’s set to revolutionise the way economies run.
That is because blockchain is touted as one of the most robust, disruptive technologies to emerge in the past decade, a new fabric for the Internet that will transform whole value chains in a wide range of sectors.
Research firm Gartner predicts that by 2025, blockchain’s business value-add will increase to $176 billion, exceeding $3.1 trillion by 2030. Deloitte’s Tech Trends 2018 Report envisions cross-industry applications in areas such as logistics, energy futures trading, social media content and of course, financial services.
While the possibilities are reportedly endless, blockchain’s very newness presents cyber-attackers with opportunities for exploitation. Rest assured that today’s sophisticated hackers, online terrorists and cybercriminals are following every technological innovation in a race to come up with new ways to break systems as quickly as fresh applications are discovered, and before vulnerabilities are closed.
As The Guardian reported, “There is significant work being done to shift the focus of blockchain technology away from pure currency speculation towards real world applications – especially around privacy and storage”.
Of course, recent coverage of Facebook’s Cambridge Analytica-gate is shining a light on the data that this company, and others, hold - with our consent but some argue without our knowledge.
This is potentially the information that is at stake and currently, we have very little defence. Rest assured, this will change.
Machine learning is what happens when a computerised, self-controlled toy car drives into a room, bumping into chairs, tables, doors and walls. The car persists, and its computer starts to “learn” the layout of the room and its various obstacles. The longer it stays in the room, the better it gets at driving around without hitting anything, at least until new furniture is added.
In the same way this self-driving robotic car can learn the dimensions of a room after only a few hours of knocking into things, imagine malware automatically testing and learning the defences of antivirus software - until it breaks through.
The WannaCry ransomware attack, which made headlines in 2017, was one of the biggest cyber-attacks in recent years, infecting hundreds of thousands of machines in over 150 countries around the world. This, and other cyber-attacks, currently require a degree of human intervention to launch and find their way through antivirus software and firewalls.
Malware equipped with artificial intelligence capability that self-adjusts until it finds vulnerability would be faster, more energy-efficient, and more effective than any human hacker, and therefore more economically attractive. The motivation to develop such technology is obvious.
Forget smart drones used in warfare to launch missiles. ‘Toy’ drones are now cheap enough to produce that thousands appear underneath Christmas trees and as birthday gifts around the world, used for landscape photography, documenting sports and spying on the neighbours.
They are fun for all ages, encourage outdoor activity, and they are vulnerable to a newly-created malware strain dubbed maldrone.
Unlike many forms of malware, maldrone is reputedly indiscriminate about the type of drone it infects, meaning that there is more ‘bang for one’s buck’ if one successfully writes and deploys this kind of software.
In a report titled The Malicious Use of Artificial Intelligence, researchers from universities such Oxford, Cambridge and Yale as well as organisations like OpenAI, supported by Elon Musk, warned that coordinated swarms of drones could be used for surveillance, sabotage, or launching deadly attacks on individuals or crowds of people.
What is safe today won’t be protected tomorrow, given the lucrative nature of cybercrime. The ingenuity of those seeking new methods of attack matches equally the genius of those introducing the technology they are attacking. No digital or information system is 100 percent secure. That really is the first rule and the first commandment of cybersecurity.
Today, and in the future, our best defences remain vigilance and resilience.