Cybersecurity of the future: security “by PlayStation” and IoT asbestos

withs.jpg

ZDNet

Helsinki, Finland: One expert predicted that social reliance on internet connectivity, the toxic gimmick caused by vulnerable Internet of Things (IoT) devices, and “walled garden” devices would all feature heavily in the future of cybersecurity.

during the Sphere Cyber ​​Security Conference On June 1, WithSecure Chief Research Officer (CRO) Mikko Hypponen He told attendees that many topics are likely to greatly impact the security of future generations as well as how consumers and organizations are managed and protected.

Rely on contact

“We are living in a technological revolution, although it can be kind of hard to see its scale,” Hypponen told reporters. “The Internet is the best and worst thing to happen during our time.”

The cybersecurity expert believes that future generations will depend on connectivity as much as we do on electricity today. If the power grid fails, due to a solar storm, for example, Hyppönen said many countries would feel prickly and possibly collapse because of how dependent we are on this energy source.

One of the predictions he made was that, despite the importance of the Internet today, it has not reached a stage where society is considered vital, unlike electricity. However, the day may come when communication enhances everything in society, from the economy to energy and food production, and without it, society will not be able to function.

This also has huge implications for security, as Internet-connected systems are constantly under attack, new vulnerabilities are discovered, and actors continue to evolve their tactics.

“The more a nation advances, the more vulnerable it becomes,” Hyppönen commented.

Internet asbestos

“In 15 to 20 years we will be looking at decisions today, scratching our heads, wondering what the hell we were thinking when we decided to connect everything to the same public internet,” – Hyppönen.

The CEO is, of course, talking about the millions, if not billions, of IoT devices connected to the Internet today.

Hyppönen highlighted the problem of fermentation when you have a future full of devices with outdated firmware that cannot be updated – the “IoT asbestos” executive clauses scenario.

While we considered it a good idea now, we also once thought that asbestos was great for construction.

Consumers look at price rather than security when it comes to the Internet of Things, and unfortunately, cheaper products often also lack basic security standards. As a result, we can see a toxic mix of devices connected to the Internet, out of date, riddled with vulnerabilities that attackers can exploit to create botnets, and more.

Cybercrime has become a booming business

According to Hyppönen, more than 98% of malware samples scanned by WithSecure daily originate from money-making cybercriminal gangs.

The “enemy” base has evolved far beyond the evolution of floppy disk viruses. Threat actors are now making a fortune from ransomware and cryptocurrency, leading to a current – and future – scenario when you have wealthy criminals able to invest in their attacks.

“It changes the game,” Hyppönen said. “The richest and most powerful cybercrime gangs, [for example, Conti] They have the manpower to carry out large-scale attacks.”

These so-called “cybercrime unicorns” can invest “serious money” in hiring skilled personnel and new technologies for their gun portfolio.

Fighting in the AI ​​Arena

Now that cybercriminals have the money to spend, the next stage in their progress is the adoption of artificial intelligence (AI) and machine learning (ML) technologies.

In the future, Hyppönen believes that threat actors will transition from hiring cybersecurity experts to AI professionals — and the only reason they haven’t already is the acute shortage of talent in this emerging field.

However, as more people enter AI as a profession, barriers to entry decrease, and it becomes easier to use AI frameworks, “criminal groups can also begin to compete for these skills” because they have the wealth required to do so.

As a result, artificial intelligence will take over the manual work that cybercriminals currently do, transforming the cybersecurity battlefield from a battle between the manual work of threat actors and automated defenses into a clash between “automatic and automated”.

Hyppönen noted that “the only thing that can stop bad AI is good AI.”

Security “from PlayStation”

Another noteworthy tech shift, which is already happening but has room for growth, is what executives call “security with PlayStation”.

When you buy a game console, for example, a PlayStation 5 or Xbox, you are buying a computer but you do not have the right to assign it or run software that has not been approved by the seller. Sure, it is possible to jailbreak a PlayStation and run an unsigned code, but this is a difficult task and the average player will not undertake it.

A game console, in and of itself, is a computer that is used for a narrow range of activities. The organization has already begun releasing devices to employees that are controlled when it comes to software deployment — including Apple iPads, Google Android phones, and Chromebooks — and according to Hyppönen, we should expect to see end users constrained, “gated computing systems” becoming a popular method. to improve security.

What does the future hold?

Suppose we follow the current path of technologies to become faster, more powerful, and cheaper. In this case, Hyppönen anticipates that someday – albeit not necessarily in our lifetime – humans will have access to “unlimited computing” for something very close to freedom.

These computers will have something like unlimited power, storage, bandwidth, and memory that will cost basically nothing.

“What would you build if you had no limits?” The CEO commented. “This is a liberating thought, and I believe we are heading towards a bright future [from] Someone who has spent his life seeing the dark side and fighting the scum of the internet. I’m still optimistic.”

Disclosure: Attendance at SPHERE is sponsored by WithSecure.