The Georgia Institute of Technology put together a list of its top four cybersecurity threats for 2016. These include the ever-expanding list of technology companies that are weakening privacy, the growth of Internet of Things (IoT) devices that aren't secure, a lack of well-trained security professionals, and cyber espionage.
Weakening Of Privacy
The researchers said that individuals today are increasingly more pressured to sign-up for "take it or leave it" privacy policies in which they have to give up tremendous amounts of data in order to be able to use the service at all.
There is little to no flexibility and control given to the users to choose to give part of the data in exchange for a portion of the service, for instance. Mobile devices have made it worse by constantly tracking our locations, as well.
Worse still is the fact that access to data is given to third-party companies that the users of the service may not even be aware of, and with which they have no prior relationship.
Wenke Lee, professor of computer science at the Georgia Institute of Technology's College of Computing and co-director of the Institute for Information Security & Privacy (IISP) at Georgia Tech said that users should limit the information businesses collect to only what is absolutely necessary to provide the service.
The report gives the example of Uber being able to track individuals through the "God View" functionality that was available to multiple employees. The Electronic Privacy Information Center (EPIC) filed a complaint to the Federal Trade Commission (FTC) that Uber misled customers about the degree to which they can control their privacy and the ability to opt-out of the service's tracking capabilities.
Noah Swartz, staff technologist for the Electronic Frontier Foundation (EFF), doesn't believe the trend in which companies can collect more and more data about each user is reversible, because protection against monitoring is "almost impossible" for the average consumer.
“If you find yourself in the situation that you want to use a service or an app, but you don't agree with the terms of service, you don't really have to have a choice," Swartz said. “It is all or nothing."
With the continuous advancements in artificial intelligence technology, it's becoming difficult for the more careful consumers to protect themselves against being tracked, mainly because the AI technology is better at recognizing patterns than humans are at hiding them.
Many have warned that IoT is going to make people even less secure than they are today on their computers or mobile devices because every "smart" device around them, such as thermostats, coffee makers, TVs and "connected cars," is susceptible to hacks.
Many of these devices will be interconnected, which will make machine-to-machine trust increasingly more important. It's not just the channel they use to communicate that needs to be trusted (TLS encryption), but also whether the devices at the other end should be trusted at all.
This issue will become even more relevant when self-driving cars begin to communicate with each other. They will need to be able to identify illogical commands or spoofed communications, and they will need to do that automatically without human intervention.
Shortfall Of Skilled Security Workers
As our devices multiply and become ever more complex, more skilled security professionals are needed as well. According to Frost & Sullivan and the International Information Systems Security Certification Consortium (ISC2), there will be a shortfall of 1.5 million security workers worldwide by 2020.
“The message that everyone is hearing is, 'IT everywhere,' and not just in the online world," said Mustaque Ahamad, a professor in the College of Computing at the Georgia Institute of Technology. “The problem is that ‘IT everywhere' also requires the need to safeguard IT everywhere, and for that, we need the people."
After the many major data breaches in the past few years, company boards and CEOs have started to take a greater interest in security. This is because it could cost them their jobs when such a data breach occurs, in addition to a significant damage to their reputation. In the past, it used to be much harder for security experts inside the company to request the budgets they needed, but now it's becoming easier, according to Fred Wright, Principal Research Engineer at the Georgia Tech Research Institute (GTRI).
Still, with such a big shortfall of security workers, companies are starting to adopt cloud computing as a stop-gap measure. This essentially outsources their security to another company that has more expertise and can scale more cost-effective security to all of its customers.
Much of the cyber espionage and nation state hacking activity has been attributed to Chinese actors, but groups affiliated with France, Israel, Iran, Russia, Syria, the United Kingdom, and the United States all have been documented. Nation states continue to steal each others' information to gain economic advantages or cause a negative economic impact in rival countries.
Michael Farrell, chief scientist for GTRI's Cyber Technology & Information Security Lab, believes that the digitization of physical data such as fingerprints, iris scans, palm geometry, and other biometrics could lead to an increase in theft of these unique signatures, which are increasingly used more often for authentication to devices and services. The data could be stolen from unprotected databases that sit on systems that are connected to the Internet, and then used for identity fraud.
The researchers conclude that there isn't strong deterrence against hacking, especially against nation states, at the moment. This means that groups are bolder in their hacking operations and aren't content with just stealing data anymore, but also affecting the functionality of systems.
As we become increasingly more interdependent with all the technology surrounding us, such attacks become both more likely as well as more impactful. There is some hope, according to Farrell, who said that the quality of commercial threat intelligence rose dramatically in the past three years. This should offer an opportunity for the industry peers to better collaborate with each other to fight against the arising threats.
“We need to create an ecosystem where everyone is playing well together," said Jason Belford, associate director of Georgia Tech Cyber Security.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.