What’s Next for the Ever-Evolving World of Cybersecurity?
Cybersecurity – Cyber-attacks and online crime are nothing new but, more importantly, their rising frequency is making organizations around the world sit up and take notice. Cyber-criminals are cleverer and more innovative than many people give them credit. They know that they must move fast and continue to evolve in order to avoid the clutches of cybersecurity mechanisms. Cyber-attacks are becoming more significant in terms of scale too, and millions of individuals can be attacked or affected at the same time. Data analyst firm Gartner recently intimated there were more than eight billion connected devices in use by consumers at the end of 2017. With the spread of the Internet of Things (IoT), that figure could soon soar to 20 billion by the turn of the next decade, which will be music to the ears of hackers seeking clear routes of data access.
Later in this article, we’ll touch upon some of the recent cyber-attacks that have affected major national services and commercial giants. Nevertheless, the important question on the lips of most people today is whether cybersecurity can keep pace with cybercrime. Let’s look at a few key areas where online security is having to move fast to outsmart the rogue criminals from the dark web.
Anti-malware: How to combat the threat of AI malware
Several high-profile examples of malware attacks occurred in 2017. Perhaps the most surprising recent case was that on the UK’s National Health Service (NHS). According to the National Audit Office (NAO) over a third of NHS trusts in England were affected by the WannaCry ransomware hack. Thousands of NHS appointments had to be cancelled as a result. Fortunately, no patient data was compromised, which will have been a huge relief to the UK government. The failure of many NHS trusts to follow and implement cyber-security recommendations including anti-malware and firewall protection led to the attack. Vulnerable outdated software was also proven to be a cause of the attack.
Global logistics firm FedEx also fell foul to a high-profile cyberattack, costing them $300 million in the process. The Petya cyberattack affected all of FedEx’s European operations at its TNT Express base. The hackers behind Petya were not interested in charging ransoms for data retrieval, far from it in fact. Instead, they wanted to irrecoverably wipe the data they had stolen. The malware attack, modified using a leaked NSA exploit, spread in the same fashion as the WannaCry attack.
The next step for cybersecurity professionals appears to be the integration of anti-malware software within computer processing units (CPUs) themselves. In the US, Binghamton University researchers have received a $275,000 grant from the National Science Foundation to prove that hardware is capable of protecting computers and discovering anomalies when running programs, classifying malware and quarantining these expanding threats.
RSA encryption: The importance of public and private key encryption technology
Fortunately, we are still some time away from quantum computers having the necessary capacity to be able to crack RSA encryption. In today’s digital age where sensitive data is transferred every second of every day online, the reputation and integrity of organizations that operate online depends largely on their ability to utilize sophisticated RSA encryption technology. In competitive online marketplaces such as iGaming, online casinos must ensure sensitive customer data is transferred securely over the internet, and thus many utilize RSA. The encryption protocol is similarly used in other interactions that involve real money payments, including e-commerce. Although RSA has been in existence for several decades, it remains a highly secure method for data transmission with the encryption key made public while the decryption key is kept secret.
The real challenge for encryption experts is when RSA becomes easier to crack. Computer boffins at MIT and the University of Innsbruck believe they have developed a quantum computer capable of someday breaking through traditional encryption systems. Public key cryptography is everywhere; from making direct web connections to sending text messages, RSA encryption is in action. The dangers of RSA being solvable with a quantum computer has already been mooted in an FAQ by the American National Security Agency. Matthew Green, a computer scientist from the Johns Hopkins Information Security Institute, believes the prospect of RSA encryption being made null and void is “anywhere from 15 to 30 years away”, so it’s vital that the cybersecurity and cryptography community come together to start developing solutions in earnest.
Blockchain: Decentralized cyber security networks
Blockchain technology has been one of the buzzwords of 2018. If Bitcoin was the darling of the media in 2017, the technology upon which the cryptocurrency is powered could be its replacement this year. The beauty of blockchain is that it is 100% decentralized and not in direct control by any government or authority. It is not influenced by humans or emotions and can therefore be relied upon to execute tasks with supreme efficiency and accuracy.
That’s why Gladius has the potential to be one of the most interesting additions to the cybersecurity industry in some time. Distributed Denial of Service (DDoS) attacks are becoming increasingly rife among businesses and the cryptocurrency industry. Gladius has been designed as a decentralized solution to mitigate the risks of DDoS attacks by allowing organizations and individuals to connect to “protection pools” as close to them as possible to offer improved online protection for customers and increase uptime for web applications and digital content. Members of Gladius can rent out part of their spare bandwidth through the Gladius desktop client and earn money by sharing their bandwidth with other organisations and individuals. When you consider that the average DDoS attack can last up to 24 hours, costing over $40,000 per hour on average, Gladius could create a blockchain-powered content distribution network the likes of which have never been seen before.
The need for improved online defences is obvious enough; driven largely by the volume of cyber-attacks and criminals in operation today. The next generation of cybersecurity software and hardware needs to be better able to recognize patterns of criminal activity online. Artificial intelligence (AI) could be the solution to pattern recognition that we have all been waiting for. The nature of malware and ransomware continually evolves and machine learning has the ability to learn and understand the ways in which cyber-criminals tweak their viruses and bring the hammer down far quicker than any human being could achieve.