Whilst 2018 has got off to a quieter start than 2017 in terms of media headlines, given the impending introduction of the GDPR initiative in Europe, we can be sure that it will not be long before more newsworthy attacks surface. Maybe the crash in crypto-currency prices from mid-December has led attackers to take a back seat and spend time working on the next forms of attack. With prices starting to rise again and the prize on offer to inflict public Corporate embarassment from the GDPR introduction from end May 2018, we should not be too surprised if Q2 sees some fireworks.
Last year I had the pleasure to attend the two CyberSecurity Trends conferences in Sibiu (Sept) and Porrentruy (Dec) under the aegis of the cybersecurity unit from the UN, as well as a number of other conferences. For me the most notable trend was the complete absence in the first half of 2017 of any conversations on machine learning and the place it might hold in the domain of cybersecurity, to occupying over half the topics of discussions in December.
It seems the pace of the evolution of attack vectors, increasingly in the hard to discover application layer and now rapidly moving into the processor layer of mobile devices has reached an inflection point where an already lack of skilled technical support workforce can no longer cope. The pace and volume of new niche vendor solutions and the need to still protect against possible vulnerabilities across the 7 layers of the security stack is so great that it is beyond a human to now learn fast enough the knowledge needed for efficient defence. We can add to this challenge, the multiplication of risks about to be caused in home and office by the connection of IoT (Internet of Thing) devices and the risks smart phones will bring in a Bring Your Own Device culture.
Will we therefore see the rise of the robot, a software driven platform capable of self-defending and self-learning, more than capable of operating at exponentially faster and on parallel tasks, that a human technical support operator could never keep up with.
Whilst there is much to develop in this area, I do believe 2018 will see the rise of a new domain mega-trend in this area of cyber-security. I further believe that these platforms can add value to the business or environment being protected, helping technical resources feel more motivated by removing mundane process tasks and more importantly freeing up their time to actively communicate within their organizations and networks. Communication is the foundation to better collaboration and it is only through collaboration we can better self-defend.
The next UN supported conference will take place in Sicily in May. I do recommend readers put the date in diary and pre-book attendance as the knowledge and wealth of experience on offer, in one placed, over two days, is first class. This edition features a detailed review of the speakers and topics discussed at the December conference so the reader can judge the wide range and quality of speakers the organizers pull together.
This edition of CyberSecurity Trends looks more closely at machine learning. With an excellent article by academics Justin Sherman and Anastasios Arampatzis on Practical Human Security, they demonstrate how human flaws will always remain and the only solution is to use technology tools to reduce / remove the impact of human errors in the defence ecosystem. Whilst Oliver Kempf’s article looks at Digital Transformation again drawing the conclusion that advanced computing tools are going to be needed to help people better manage the ecosystem.
With mobile devices likely to be increasingly the gate with which attacks might enter the ecosystem we have excellent articles from Nicola Sotira illustrating the military breach that was caused by the Strava fitness app and Giancarlo Butti highlights the hidden risks of the smartphone mobile systems. For those among you who like history Laurent Chrzanovski explains the history of the term Bluetooth.
As stated in the last editorial, if we are to address complacency then it is Board and the Executives that need to set the tone of the culture to discuss and address these issues. Without an effective culture, collaboration even within the business will fail and breaches will remain common place. We invite you to join in the process and submit articles or suggestions for us to cover.
The goal of this publication remains to open up knowledge and information sharing across research and commercial activities, so providing a bridge between public and private dialogues, in an aim to help our world operate more safely giving the growing frequency of attacks that seem to endlessly get media attention.
If you would like to contribute articles or have suggestions for us to cover in future editions of the magazine, or even wish to purchase hard copy versions of the magazine to give to your customers, please do contact us via email at firstname.lastname@example.org.
On our website http://www.cybersecuritytrends.uk you can also view publications in other languages / countries and purchase advertorials for future editions
Author: Norman Frankel