Contact Form

Name

Email *

Message *

The future of Cyber Security? An unsolved dilemma.


When I read leaders talking about where technology will be in the future, cyber security seems often out of the picture.

Several companies want us to believe that we'll be more connected and happier thanks to the Internet of Things (I've already written in the past about my absolute disesteem for this term).

A recent TV Dell commercial shows how a person gets saved thanks to intelligent devices tracking its personal information. Wow, whopping, right? Not so fast!
 
No one seems to consider that the more devices we connect to the Internet, the more insecure the network will become. Internet of Things is one of the biggest challenges in the future of cyber security.

Hackers were able in the past to compromise Iran's nuclear centrifuges through the Stuxnet virus, and its source code is still around. Having more devices connected to the Internet can only make us more insecure, if security isn't adequately implemented. In the future, for you to murder someone, you could not need to hire a hit-man; a hacker could compromise one of the "smart" home devices, and could have much better chances to get away with murder like that.

In my opinion, the future will see a larger adoption of biometric solutions, as they're becoming more affordable and technically efficient. Fingerprint readers, face recognition and other technologies are much more accurate and affordable than before and don't require a technically intensive training.

     
The next major challenge will be big data security. In fact, both companies and intelligence agencies are interested in the data we generate on the Internet (i.e. accounts we create on numerous websites, our purchase pattern, our browsing activity, our emails, etc.) because it helps predict our future behavior. It's easy to understand the implications on privacy and individual rights. Snowden's revelations on NSA spying activity made it clear that Big Brother's digital dictatorship has finally come true (no, I'm not a conspiracy theorist!).

The increasing sophistication of the offense requires a new strategy. Hackers are becoming more and more skilled and are often affiliated to criminal organizations or to foreign governmental/military organizations, hacking against U.S.corporations and government organizations.

They have money, power and technology to pursue their goals and, for any dollar spent in improving defense, bad guys spend another dollar to build exploits.

For these reason, more must be done to close the current skill gap in cyber security by supporting new professionals and new university programs that supply a hands-on training in connection with companies and government institutions, such as NSA, FBI, DoD, etc.

On a corporate level, companies must educate their employees by involving them in the security strategies.

In my personal opinion, the way cyber security is conceived and implemented must be deeply reviewed. The only way to effectively counter hackers is to think like them (see my post How to think like a hacker ).

This perspective, called offensive security, is more worried about finding vulnerabilities like an external attacker would, rather than focusing on the defensive end (IDS/IPS logs, firewall logs, etc.), and often comes to better results.

A little bit like the orks in the Lord of Rings - The Two Towers, who found a hidden way below the walls that could cause fortification to crash. Defenders were all on the perimeter walls, unaware of this, until it was too late and the bad guys were in.

I believe a lot in offensive security and chose to go back to college and study a specific program to become a professional pentester. I hope I'll soon be able to give my personal contribution.

Comments

Related Posts Plugin for WordPress, Blogger...