Seven cybersecurity trends for 2019
  • Transfer
Every year, users receive the same primitive information security tips: do not use the same password for different accounts, log out after logging in from a shared computer, do not enter into correspondence with the former king, who needs help with money transfer. For organizations, everything is more complicated: the situation is changing faster, and the damage from attacks can be devastating.

Author translation: Polina Kokovina

The more Internet penetration grows, the more new technologies appear, the more actively cyber attacks develop and mutate. Cybersecurity experts must resist attacks at all stages and use all the tools in the arsenal.

The Binary District Journal talked with Marco Essomba, founder and CEO of the iCyber-Security Group, and Dr. Tim Stevens, global security lecturer at King’s College London, about cybersecurity trends that users and businesses expect in 2019.

Users in the know - but not about everything

Thanks to the global growth of Internet penetration, cybercriminals have more and more opportunities to hack devices and accounts. This problem has long been on the agenda of information security specialists. However, today many users are no longer as vulnerable as they were several years ago. Tim Stevens claims that user security awareness has increased significantly.

“Two factors contributed to this,” Tim explains. - First, the situation with Snowden, the constant data leaks and reports of cybercrime led to the fact that users have become more attentive to privacy and the protection of personal data. Secondly, the press often writes about special operations online that are organized or supported by the state - especially those whose purpose is misinformation and sabotage. Of course, it is good that users are aware of such problems. In addition, many projects are being implemented that help users to strengthen the protection of personal data and master the rules of Internet security. ”

The Internet of Things - A Sick Thing

Business and government offer many user support schemes. There is a lot of talk that security in the digital space should be comprehensive and include small but important changes in user habits.

However, public and private organizations do not always recognize the existence of security problems in the technologies in which they invest. Tim Stevens says that there can be a relationship between growing awareness of data leaks and cyber attacks, and the fact that organizations are pushing users towards hyper-connectivity together.

“These problems are becoming more and more important - but so far very few people understand why this is happening. For example, the negative aspects of hyper-connectivity are hardly discussed. It is believed that the higher the level of connectedness of users and platforms, the better for society. Neither the government nor the business is ready to consider the opposite point of view. ”

Many information security experts express concerns about the security of the Internet of things. Marco Essomba mentions that state agencies for information security against the backdrop of a technological shift impose special rules.

“The UK Government Communications Center recently recommended that Internet of things providers introduce certain security standards,” says Marco. - It is estimated that there are about 50 billion IoT devices in the world, and they are all connected, everyone has software. These are mini-systems, and most of them are vulnerable. If they begin to be attacked en masse, big problems await us: the enterprises and the homes of ordinary people will be in danger. ”

Government organizations such as the UK Government Communications Center will have to quickly deal with the security issues of IoT devices; One of the reasons for this is the scale and pace of the emergence of such devices on the market around the world. Because of the rush around the possibilities of the Internet of Things, devices are stamped at breakneck speed, often in the absence of an adequate level of appropriate infrastructure and security protocols.

“Considering the obvious problems with the security of mass-produced and implemented IoT devices, it was necessary first of all to think about security, not about profit,” says Tim Stevens. - But this train has already left. Governments are now engaged in reducing the damage to existing systems, while at the same time trying to push manufacturers and distributors to introduce best practices. ”

So many tasks, so few experts.

The next trend in information security is related to the scale of the industry. “In my experience, many companies have difficulty responding quickly to emerging threats,” says Marco Essomba. “The number as a whole has greatly increased, and companies simply cannot cope with the flow of warnings about attacks.”

The increase in the number of attacks does not necessarily indicate that the number of hackers has increased. With the advent of hyperconnection - and especially with the advent of IoT devices - it became much easier for attackers to form botnets and extensive networks based on compromised systems. The reason for the compromise of the system can be either a virus or a low level of security and easy administrator passwords.

“Probably successful attacks on the Internet of things will become more frequent. It will take time before the situation changes for the better, says Tim Stevens.

It is difficult to predict the potential scale of attacks carried out through compromised IoT devices. However, it is clear that even now companies have suffered greatly from various kinds of cyber attacks.

“This is a problem from a business point of view,” says Marco Essomba. “At the same time, companies are trying to automate processes, because they simply do not have time to hire specialists. Even if you have a lot of money, it does not mean that you can hire the right expert - there are very few of them in principle. ”

Today it is very difficult to ensure information security. It is not enough just to be able to clean systems infected with Trojans and viruses. Various digital technologies are getting closer into our lives, and with it the need to redefine the profession of an information security specialist is growing.

“Indeed, there are not enough specialists capable of designing, operating and repairing complex computer systems and networks,” says Tim Stevens. “But most of all there is a lack of experience and knowledge in another field: we need people who not only understand how technology works, but also can think through the social, economic and political aspects of information security, develop effective and productive legislation, policy and strategy.”

AI enters the scene

Artificial intelligence is a favorite topic of discussion in the information security industry. Companies that use the digital infrastructure that needs to be protected from attacks — be it serious attacks on the system, DDoS attacks or other vulnerabilities — also listen to the discussion.

As Marco Essomb already said, many companies are struggling with constant attacks. They have to build a comprehensive protection, involving both employees and systems based on AI. But everything is not so simple.

“My experience with clients showed that they simply had no choice - most had to implement AI systems, because with such a barrage of attacks and warnings, people are basically unable to cope,” says Marco.

“Automation will play a significant role. For many companies we start working with, the effectiveness of detecting and repelling attacks is 70%. Under these conditions, it is impractical to implement protection by specialists. I think at a certain stage we will come to the creation of fully automated security systems - we are just working on this. ”

Starting from the early stages, the process of integrating AI systems — not only in the area of ​​information security — should be overseen by people. It seems that this is obvious. However, in a hurry to introduce new technologies, it is very easy to overlook dangerous complications that may emerge later, destroying the work of a seemingly ideal algorithm trained on a limited sample.

Marco Essomba explains that information security systems need to be automated, as the number of attacks grows, with which it is no longer possible to fight with the help of specialists. The main question is exactly how companies will master automation.

When asked about the potential role of AI platforms in ensuring information security, Tim Stevens answered that it is impossible to predict what future each specific technology holds, but AI as a whole has great potential - with the proviso that the level of vigilance of organizations that want to use AI technology.

“If companies are ready to learn and debug processes, if the development, implementation and maintenance of such technologies is carried out efficiently, the level of protection of the global information ecosystem can significantly increase,” says Tim.

Information security at the state level

In the press, phishing and cyber attacks, which are funded by governments, are increasingly common. Against this background, there is a growing concern in society about the level of national information security. But what role does the state play in all this?

“I’m more worried that governments and other institutions are increasingly exploring options for using cyber attacks for sabotage against other states, including the destruction of their basic infrastructures. Such experiments are very dangerous, ”says Tim Stevens.

Reflect similar attacks also have at the state level. “At a minimum, Western countries are actively preparing for such a turn of events,” comments Marco Essomba. But, although they write a lot about attacks financed by the state, other cybercrime sources remain the main problem for business and budget organizations.

“Of course, the number of attacks funded by states is growing. So, there are a number of well-known and documented facts confirming the activation of Russia and China in this area. But the volume of attacks from cybercriminals - criminal organizations whose goal is money - is still higher. Both of these sources of cyber threats are at the top of the list, but still, I would put cybercrime in the first place, since they create more problems. ”

Current state strategies

Tim Stevens mentions another trend, which was formed long ago and is directly related to the response to cyber attacks at the state level.

“It is curious that the leading political parties are unanimous in matters of information security. Of course, this does not always mean that the relevant strategies and laws will be adopted. However, as a political analyst, I can say: if politicians agree on a strategic issue, they always have some hidden motives that society does not know about. ”

Information Security and Children

Both Marco Essomb and Tim Stevens believe that it is necessary to teach elementary information security skills at school today. In many parts of the world this is already being done. “This is not new - I was lucky, I was told about it in the eighties!” - says Tim.

However, there is an opinion that due to the growing awareness of cyber threats, society overdoes, throwing out a barrage of warnings and advice on children.

“Neither the youth nor the older generation should be afraid to use online resources. The main thing is to arm yourself with the necessary tools and knowledge that will help you protect yourself and remain vigilant, says Tim. - The concepts of personal and information security have practically merged together. I am concerned that the responsibility for ensuring the safety of children is blamed on themselves. This is wrong and unethical. ”

Now many children are more knowledgeable about technology than their parents. This will continue to happen, especially as new technologies today appear and spread instantly. But this does not mean that young people are also well aware of how to protect their data online. Moreover, many cyber threats that companies face sooner or later reach ordinary consumers. Should children themselves ensure their information security by leading international standards? “No,” says Tim. “This is our task, not theirs.”

This weekend at the Digital October site, we are conducting two offline courses on cyber security: “Investigating cyber attacks for business” and “Web application security” . The program of courses is based on real fresh incidents.

Also popular now: