Cybersecurity in the future: Security 'by PlayStation' and IoT asbestos
HELSINKI, FINLAND: Social dependency on internet connectivity, the toxic hell stew caused by vulnerable Internet of Things (IoT) devices, and "walled garden" devices will all feature heavily in the future of cybersecurity, an expert has predicted.
During the SPHERE cybersecurity conference on June 1, WithSecure Chief Research Officer (CRO) Mikko Hyppönen told attendees that several themes are likely to heavily impact future generations' security alongside how consumer and enterprise devices are managed and protected.
Dependence on connectivity
"We are living in a technological revolution, although it can be kind of hard to see just how big," Hyppönen told reporters. "The internet is the best -- and worst -- thing to happen during our time."
ZDNET Recommends
The cybersecurity expert believes that future generations will be just as dependent on connectivity as we are on electricity today. If the electricity grid fails due to a solar storm, for example, Hyppönen said many countries would feel the sting and potentially collapse due to how reliant we have become on this power source.
One prediction he offered is that while the internet is important today, it has not reached a stage where it is considered crucial for society to function -- unlike electricity. However, the day may come when connectivity powers everything in society, from the economy to food production. So without it, society "wouldn't be able to function."
This also has huge ramifications for security, as internet-connected systems are constantly under attack, new vulnerabilities are discovered, and threat actors continue to evolve their tactics.
"The more advanced a nation is, the more vulnerable it is," Hyppönen commented.
Internet asbestos
"In 15 to 20 years, we will look at the decisions today, scratching our heads, and wondering what the hell were we thinking when we decided to connect everything to the same public internet," said Hyppönen.
The executive is, of course, talking about the millions, if not billions, of IoT devices connected to the internet today.
Internet of Things
Hyppönen highlighted the trouble brewing when you have a future filled with devices containing outdated firmware that cannot be updated -- a scenario he calls "IoT asbestos."
While we've considered it a good idea now, we also once thought asbestos was fantastic building material.
Consumers look at the price tag rather than security when it comes to IoT, and unfortunately, the cheapest products also often lack basic security standards. As a result, we could see a toxic blend of devices connected to the internet, unable to be updated, riddled with security holes for attackers to exploit to create botnets, and more.
Cybercrime becomes a booming business
According to Hyppönen, over 98% of malware samples scanned by WithSecure daily originate from money-making cybercriminal gangs.
The "enemy" base has evolved far beyond the development of floppy disk viruses. Threat actors now make a fortune from ransomware and cryptocurrencies, leading to a current -- and future -- scenario when you have wealthy criminals able to invest in their attacks.
"This changes the game," Hyppönen said. "The wealthiest and most powerful cybercrime gangs, [for example, Conti] have the manpower to do large-scale attacks."
These so-called "cybercrime unicorns" can afford to invest "serious money" into hiring skilled staff and new technologies for their weapon portfolios.
Fighting in the artificial intelligence arena
Now that cybercriminals have the cash to spend, the next stage in their progress is to adopt artificial intelligence (AI) and machine learning (ML) technologies.
In the future, Hyppönen believes that threat actors will move on from hiring cybersecurity experts to professionals in the AI field -- and the only reason they haven't already done so is the severe lack of talent in this emerging field.
Artificial Intelligence
However, as more people enter AI as a career, barriers to entry come down, and it becomes easier to utilize AI frameworks. But "criminal groups can also start competing for these skills," as they have the wealth required to do so.
As a result, AI will take over the manual labor currently conducted by cybercriminals, turning the cybersecurity battlefield from a fight between the manual labor of threat actors and automated defenses to a clash between the "automatic and automatic."
"The only thing able to stop a bad AI is a good AI," Hyppönen noted.
Security "by PlayStation"
Another shift in the tech world of note, which is already happening but has room to grow, is what the executive calls "Security by PlayStation."
When you purchase a gaming console, like a PlayStation 5 or an Xbox, you buy a computer but do not have the right to customize it or launch programs that the vendor has not approved. Sure, it is possible to jailbreak a PlayStation and run unsigned code, but this is a difficult task and not one the average gamer will undertake.
A gaming console, in itself, is a computer used for a narrow set of activities. The enterprise is already beginning to issue staff with devices that are controlled when it comes to program deployment -- including the Apple iPad, Google Android handsets, and Chromebooks. According to Hyppönen, we should expect to see end user-restricted, "walled garden" computing systems become a common method for improving security.
What the future holds
Suppose we follow the current trajectory of technologies becoming faster, more powerful, and cheaper. In that case, Hyppönen expects that one day -- although not necessarily in our lifetime -- humans will have access to "limitless computing" for something very close to free.
These computers will have something akin to unlimited power, storage, bandwidth, and memory that will cost basically nothing.
"What would you build if you had no limits?" he asked. "That's a liberating thought, and I do think we are heading toward a bright future. And that's [from] someone who has spent his life seeing the dark side and fighting the scum of the internet. I'm still an optimist."
Disclosure: Attendance at SPHERE was sponsored by WithSecure.