Cybersecurity threat to the 4th Industrial Revolution
Cybersecurity risks have grown dramatically as more businesses move data to the cloud
THE FOURTH Industrial Revolution (4IR) with its increased connectivity and confluence of the digital and physical worlds is transforming the way we live, do business, operate, interact with customers and deliver value.
But there is a disquieting side to the growing interconnectedness in the form of cybersecurity risks that grow dramatically as more businesses move their operations and data to the cloud.
In 2017, about 360 000 new malicious files were detected every day, resulting in almost 70 percent of large global companies experiencing a breach or attack. In particular, businesses holding customer data, governments, utilities and public services were targeted.
The WannaCry ransomware attack in May 2017 affected some 400 000 computers in more than 150 countries and resulted in major disruptive outages in banking, healthcare and transport.
As cybercrime shifted from computers to the Internet of Things (IoT) and mobile devices, network infection has increased by 63 percent. Every new IoT device or smartphone that connects into a network brings a new vulnerability point. Some years ago, if a user’s computer was infected by a virus or breached, it only affected the particular device. The risk of private data being compromised was small.
But today, with interconnected intelligent homes and smart devices, the risk is exponentially higher. Our reliance on the digital world has made us very vulnerable and easy targets for exploitation by cyberattackers through cybertheft, cybercrimes, cyberattacks, influencing of public perceptions, or even terrorism.
One of the 4IR pillars, namely AI, enables machines to progressively become smarter, thereby increasing the potential threats. In comparison with cybersecurity, AI security is much more critical. Just think of the threats involved in the Russian, American and Chinese exploitation of AI in drone swarms, smart cruise missiles, and unmanned aerial and naval systems.
Unfortunately cybercriminals have also embraced AI, for example, speech recognition. A new start-up company, Lyrebird, has developed a speech recognition algorithm that can imitate any person’s voice after it analysed some pre-recorded audio clips. It can read text with intonation and punctuation.
Visual recognition is just as easily exploited. Computer scientists were able to use AI to modify images to impersonate people online. In combination, audio and video technologies could be used to create fake news to swing public opinions or to produce terrorist propaganda.
In machine learning, pattern recognition algorithms could be exploited by introducing a slight change such as noise to a pattern-learning algorithm. The visual sensors of your driverless car may thus interpret a red light as green, with catastrophic results.
Captcha tools have become a familiar sight to prevent bots from guessing passwords. It usually entails the retyping of a distorted alphanumeric string or clicking on photographs. It was until recently very effective, until researchers from Columbia University were able to deceive Google’s reCaptcha system 98 percent of the time through the use of AI systems.
Phishing attacks, where scammers impersonate real people, businesses or organisations to trick people into disclosing personal information such as their bank and address details, have become well known. Scammers started using AI to examine huge amounts of social media data and tweets of their victims to create more personalised and convincing messages – obviously with a much greater level of success.
Until now, in the information-driven era, cybersecurity has focused on protecting data confidentiality. But as the 4IR is gradually removing the boundaries between technology and humanity, technology is increasingly becoming interwoven into our lives and our businesses to augment our capabilities. Cybersecurity thus needs to move beyond data confidentiality to ensure digital integrity and availability.
According to Samir Kapuria, the general manager of Symantec, cybersecurity solutions should function more like our own brains, processing and analysing data to make complex decisions autonomously. Cybersecurity should sit in the centre between people, technology, property, government, and society to create a safe operating environment for new 4IR technologies.
But it is not just cybercriminals who are jumping on the AI bandwagon.
Machine learning has led to a better understanding of the way hackers operate and consequently to the development of a range of new-generation security measures like the use of honey pots (single hosts left intentionally vulnerable) to attract attackers and keep them away from legitimate network hosts.
Another method, sand boxing, allows malware to run in an isolated and secure environment so its behaviour can be tracked and analysed. These deception technologies help security professionals stay one step ahead.
In addition to AI, cybersecurity also turned to blockchain to counter the intensified cyberthreat. Most people identify blockchain technology with cryptocurrencies such as Bitcoin. Since blockchain is essentially a distributed and encrypted digital ledger it is ideal for recording details of the millions of IoT transactions between machines and the storing of highly sensitive personal data.
Blockchain adds immutability and integrity to automated IoT transactions by offering security – only those with the encryption keys can edit or amend the sections they are entitled to.
Copies of the record are further divided between thousands of places, so no one party has centralised control to manipulate it.
Karin Flieswassert from Topbots, a research and advisory firm that connects Fortune 500 companies with artificial intelligence and bot technologies, emphasises that the combination of AI and blockchain provides a double shield against cyberattacks. Machine learning algorithms can be trained to automate real-time threat detection and to continuously learn about the behaviour of attackers, thereby enhancing malware detection. At the same time, decentralised blockchains dismantle the characteristic vulnerability of centralised databases, necessitating cyberattackers to contest not one but several entrance gates.
Despite all the technologies to counter cyberattacks, understanding security and privacy is a fundamental and critical skill in the 4IR. It is shocking that in this day most people still have very insecure passwords, and do not have even basic virus protection on their smartphones. Keeping data safe is a crucial part of realising the benefits and potential of the 4IR.