This is a post series on cybercrime. For more posts click here or the cybercrime tag below.
The IEEE recently had an interview with one of their senior members about the future of cybersecurity. Here’s their short article.
I’m going to Fisk with commentary.
IEEE Transmitter: What are the biggest cybersecurity trends right now?
Beheshti: An increasing migration of services, data storage and operations to cloud-based platforms has now made them a prime target for cyber attacks. It is not only the cloud infrastructure that needs to be protected, but attackers also can target legitimate API, Application Program Interface, calls to the cloud. These calls can be multiplied in number to the point of saturating the cloud platform, hence accomplishing a successful DDoS attack.
As more and more devices become “web-enabled,” the Internet of Things (IoT) is providing an exponentially larger attack surface. Home automations, wearable devices, automotive connected devices, as well as remotely-accessible components within the critical infrastructure, provide for an abundance of opportunities for takeover of one single device to launch an attack on specific targets.
I think that the key is going to have to be increased isolation. Networks will likely be isolated and only receive data from trusted Ip’s. Cloud customers will only be able to contact their files and can isolate them so that if their computers were infected the cloud files remain untouched.
Beheshti: 1. Avoid password reuse. Once a large data breach has been accomplished, the attackers use the discovered passwords on other well-subscribed web accounts, counting on individuals’ tendency to reuse the same password on multiple accounts. This will inevitably lead to an avalanche effect after a single data breach.
2. Be vigilant in firmware, software, and security patch updates. All devices connected to one’s network must run the latest and safest version of the software. The majority of attacks start with an exploit taking advantage of a known vulnerability for which an update has been released.
Backup, backup, back up and keep in a disconnected drive. Along with using different passwords and strict password use protocols That’s the only way to be certain.
IEEE Transmitter: How are biometrics playing a role in combating technology?
Beheshti: Biometrics will have an increasingly significant role in cybersecurity. Close to a billion smart mobile devices will be equipped with an integrated fingerprint sensor in 2017. It is likely that fingerprint technology will be complemented –not replaced — with additional biometric sensors such as iris scanning. Practice of the principle of “depth-in-security,” i.e. use of multiple complementing techniques to authenticate a user, will be a focus for device manufacturers in the years to come. Software that implements facial recognition and or voice authentication should be added to devices.
Biometrics are just another password with the disadvantage that you can’t change your fingerprints. Fingerprints can keep a device locked, but not protect the data.