The new world of cyber security
From quantum computing concerns to mitigating the risks of 5G, we take a look at some of the emerging trends in security
Cyber crime has been steadily growing over the last few years, with a surge since 2017 and a 37.5% rise in the last year alone. As new and advancing technologies increase the number of ways and amount of time we spend online, the opportunities for cyber criminals to take advantage of these connections also grows. The challenge for cyber security experts is to keep up with the ever-evolving security landscape.
The opportunities for cyber criminals are now everywhere, from taking advantage of the rise in connectivity brought by widescale working from home to the vulnerabilities of rapidly developing technologies such as 5G and quantum computing. All of this means that organisations need to be more vigilant about their cyber security practices and make sure they are giving it the proper time and investment to ensure all bases are covered.
The risks of remote working
UK workers are used to working in an environment where they don’t have to think too much about cyber security. Most office company networks are carefully protected and firewalled, and most company-issued devices will be kitted out with adequate endpoint security. But the widescale uptake of remote working has changed that. Now, employees are relying on their own networks and may not always be using company-issued devices to complete work tasks and access critical company data. Plus, cyber criminals are ready to exploit vulnerabilities as both employers and employees rush to adapt to new working arrangements and inevitably leave gaps. Not only are the risks greater, but the solutions in the event of an attack are trickier. Employees working from home can’t simply walk into the IT office to sort an issue, and the level of requests for home support that many IT departments are getting means that responses may be slower.
Despite these increased risks, according to Gartner’s 2020 “The Urgency to Treat Cyber security as a Business Decision” report, growth in cyber security spend is slowing. Whereas cyber security spend grew at 12% in 2018, it is projected to decline to only 7% by 2023, and a lot of this can be attributed to a lack of engagement and understanding by company boards. This is a key challenge for cyber security experts and company IT decision-makers alike, who need to work together to ensure organisations are taking threats seriously.
More than ever, organisations should take a proactive approach to security and developing security policies specifically designed for home working – ensuring devices have enhanced endpoint security and pathways to company data are protected. Organisations should also ensure that employees are educated on both how to spot threats,such as that dodgy email pretending to be an update on COVID-19, and how to mitigate them – e.g. ensuring that they only use devices approved by their company and take precautions such as updating the WiFi password on their home network.
Trusting the Internet of Things
The Internet of Things (IoT) is already making huge waves across many industries. It is set to revolutionise our lives, enabling exciting concepts such as smart cities and driverless cars. However, there are serious concerns about the security of any device connected to the internet, and the way each one could be uniquely targeted by cyber criminals. So, naturally, a smarter, more connected world brings about as much concern as excitement.
With so many everyday ‘things’ connected to the internet, it’s not just company information that’s at risk. What happens if the driverless car is hijacked by a bad actor? What if the medical robot is compromised and unable to complete a vital operation? What if the smart city platform that holds all of your personal information is hacked?
Cyber security experts are now developing solutions to the IoT security minefield, for example, Reply’s Advanced Security Testing methodology. Using a framework that thoroughly embodies the hacker perspective, Reply has devised a solution which satisfies all the security needs of IoT developers from concept sketching to production, performing specific IoT penetration tests focusing on both hardware and software analysis and attacks.
Quantum computing concerns
Like many emerging technologies, quantum computing brings both new opportunities and new challenges. While fully functioning quantum computers aren’t quite a reality yet, technology companies are starting to produce quantum computing offerings such as algorithms which can speed up business processes.
The main benefit of quantum computing technology is its ability to carry out tasks much faster than a traditional computer. Last year, Google announced that its quantum computer offering, Sycamore, had achieved ‘quantum supremacy’, which means proving a quantum device can solve a problem that no normal computer can solve in a reasonable amount of time. Specifically, Google claimed that Sycamore had supremacy over IBM’s Summit, the most powerful supercomputer in the world. While IBM subsequently cast doubt on this claim, it’s clear quantum supremacy is no longer just a theory and well on its way to becoming a reality. This technological breakthrough could revolutionise industries, from speeding up the development of medicines to optimising transport scheduling.
But that same capability could render some of the most cutting-edge security technologies useless. With an ability to solve problems much faster than classical computers, quantum computers could also quickly break the most commonly used encryption, RSA, which relies on a mathematical problem of prime numbers that regular binary computers cannot easily process. This encryption, which could take a traditional computer hundreds of thousands of years to break (or possibly couldn’t be cracked at all), could be broken instantly by a quantum computer. While this is a concern right now, it could ultimately be a good thing for the progression of cyber security. Computer scientists can use quantum technology to develop more secure offerings that even the mighty quantum computer cannot crack.
Due to its speed, there are also concerns about whether quantum computing could affect the security of Blockchain. To keep Blockchain reliable and safe for the era of quantum supremacy, it must be re-designed in a post-quantum perspective.
Security for 5G
5G has some big promises. It is set to deliver faster data transfer speeds and low latency that will really make concepts like IoT possible on a large scale. As a new and improved generation of connectivity, 5G will also in many ways enhance network security. It will feature the latest in encryption technology, enhanced secure roaming and secure identity management systems to name a few.
But, despite this, the rollout of 5G has also been one of the biggest topics of conversation in the security world and beyond, with the Huawei saga making headline news. Why? Not only is there concern that some of the security flaws of previous mobile generations might be inherited by the new standard, but there’s also plenty of room for new flaws and vulnerabilities in 5G infrastructure and devices. And, given that the end goal is for 5G to be the standard of connectivity across the globe, keeping it secure is paramount.
Ensuring 5G infrastructure and devices are secure is set to be a huge trend in cyber security going forward, especially as other technologies develop alongside it with the potential to carry out more advanced attacks. For example, 5G will eventually support advanced cryptographic algorithms with 256 bits, ensuring that these algorithms are sufficiently resistant to threats from quantum computers when used in the 5G network.
With so many new areas to protect, the cyber security sector is constantly growing and is expected to be worth over $50 billion by 2023, according to IDC. This growth is creating a whole host of jobs and new skill opportunities for cyber security professionals across the globe. It’s very important that this includes training specialists who can help businesses address cyber security-related issues. This is something Reply knows only too well, which is why the organisation hosts the annual Reply Cyber Security Challenge.
If you’re a cyber security professional or looking to get into the cyber security industry, you might be interested in Reply’s 2020 Cyber Security Challenge, which opens on 9 October and will be taking place online. Held as part of the European Cyber Security Month, the competition is for young professionals and cyber security enthusiasts from all over the world, and focuses on the identification of vulnerabilities purposely hidden within software and computer systems.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now