The cyber security conundrum

Cyber security risks are becoming more numerous and more complex, threatening the way we live our lives. It's time we took them seriously.

computer picture

When it comes to hacking, there is always something fishy going on. Literally in the case of one casino, whose fish tank was attacked by hackers seeking to penetrate through its thermostat into the broader computer network and thus access the bank details of wealthy clients.

Unsurprisingly, global spending on cybersecurity is growing at around 10 per cent a year – three times as fast as the broader economy. It's on track to reach USD120 billion by 2021.

That might look like a big deal. But it won't anywhere near enough, says Jules Trocchi, chief executive officer of Security Direction International.

With technologies such as 5G and quantum computing advancing at such a rapid pace, Trocchi says we underestimate the cyber security threat at our peril.  

“As we move towards the Internet of Things, there will be 10-20 times as many devices connected to the Internet as people," he says. "It will require more advanced and joined-up thinking to understand how the threat spectrum now extends to many newly vulnerable areas, and what to do to ensure security in a hyper-connected world.”

cost of cyber attacks-01.svg

By 2021, there could be as many as 25 billion connected devices world-wide, from around 14 billion currently, according to the IT consultancy Gartner. And those devices – from smart fridges to intelligent door bells – could account for up to a quarter of all cyber-attacks. 

This necessitates an overhaul of our approach to cyber security.

“Up to now, our defences have focused on building castle walls - putting higher and stronger firewalls around your network to keep out the invaders. But as we built the walls higher, so the attackers got longer ladders to scale them,” says Trocchi.

Here is where the human immune system could provide some inspiration.

According to Trocchi, many of the more effective cybersecurity systems are seeking to replicate the mechanisms the human body uses to kill off viruses. These systems work by creating digital antibodies to defend systems against unknown threats. 

“The new idea is not to focus just on keeping the enemy out, but when they inevitably do manage to get in, to have in place automated processes that immediately neutralise them and render them harmless," he says. "Instead of following the old defensive castle wall paradigm, these systems adopt new more pro-active approaches such as emulating the human immune system, where 'antibodies' patrol computer networks 24/7, with the ability to detect any foreign body on entry and immediately 'quarantine' it to prevent harm from being done."

The immune system approach can include disguising the configuration of a network when an attacker is detected, and continuing to change to create a moving target. By making the digital environment look threatening and complicated, such systems can deter attackers from causing any harm.

All of this can happen automatically, says Trocchi, because “the weakest link for security breaches is often the human being”.

Darktrace is among a growing number of cybersecurity companies embracing such technology. Using advanced machine learning, its Enterprise Immune System "learns" what normal operation looks like for every user, device and network, which in turn enables it to detect and address increasingly complex and subtle problems. The same principles can be applied throughout the digital world, including on the cloud.

Quantum future

But even these sophisticated systems might not be enough to foil cyberattacks in a world dominated by quantum computing. While such technology is still experimental, many IT security experts believe quantum computers will be able to overpower existing encryption technology in less than a decade.

To Trocchi, quantum computing – which harnesses the quantum property of atoms to perform complex calculations at blistering speed – will be a  “game-changer for the whole IT world”.

While traditional computers store all their information in a combination of ones and zeros, quantum computers use qubits which can additionally have a value of both one and zero at the same time.

That opens the door to much faster, much less energy intensive processing, which will render most forms of current cryptography obsolete. Data which hackers intercept today but cannot yet be read will likely be decodable in the future.

So whoever wins the race to develop quantum computing, will also be able to decode vast amounts of currently indecipherable information.

For that reason, some companies are already starting to use early forms of quantum cryptography to future-proof the security of their data. This hinges on the Heisenberg Uncertainty Principle – the central tenet of quantum mechanics which says that if you try to read and measure a quantum object, such as a photon that caries the encryption key, you change its state.

While that sounds fiendishly complex, there is just about enough time to develop quantum-ready cryptography.

The most powerful quantum computer in use today, operated by Google, can use up to 72 qubits. Scientists estimate that current security systems will only be seriously challenged when that power increases to 1,500 or even 2,000 qubits. The race is on, thus, to develop quantum cryptography quickly enough, with well-thought out standards.

Quantum’s numerous applications include virtually unbreakable cryptography solutions for high value data, which herald a whole new world of security and safety for governments, companies and individuals alike," concludes Trocchi.