The Future of CyberSecurity and Top 10 Predictions
•Descargar como PPTX, PDF•
0 recomendaciones•170 vistas
Top 10 predictions for CyberSecurity in 2021 and beyond as presented to Middle Georgia University March 2020.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a The Future of CyberSecurity and Top 10 Predictions
Similar a The Future of CyberSecurity and Top 10 Predictions (20)
Último
Último (20)
The Future of CyberSecurity and Top 10 Predictions
- 1. The Future of CyberSecurity and YOU Caroline Dunn VP of Alexa Dev Group 4th Annual Cybersecurity Seminar
- 2. Criminals have always existed AND ADAPTED TO CHANGE 4th Annual Cybersecurity Seminar
- 3. CyberSecurity Affects Everyone • Hackers attack every 39 seconds, on average 2,244 times a day. (University of Maryland) • In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax) • IoT devices experience an average of 5,200 attacks per month. (Symantec) Estimate 31 billion IoT devices in 2020. • 94% of malware was delivered by email. (Verizon) 4th Annual Cybersecurity Seminar
- 4. My Identity Has Been Stolen … At Least 7 times As a Consumer • AOL credit card charge • Netflix • Equifax / Target / Home Depot At Work • Duplicate IRS tax filing • Malware attack • $25 tip on a $15 pizza on my corporate card 4th Annual Cybersecurity Seminar
- 5. About the Speaker – Caroline Dunn • Georgia Tech Bachelor & Masters Electrical Engineering • MBA in Marketing • 22K subs - YouTube.com/Caroline • Gold & Silver Medalist for Team USA 4th Annual Cybersecurity Seminar
- 6. 4th Annual Cybersecurity Seminar Top 10 Predictions for the Future of CyberSecurity
- 7. 10. CYBERSECURITY WILL BECOME UBIQUITOUS • Every innovation will be evaluated for security and privacy. • CyberSecurity Training will become mandatory for employees. 4th Annual Cybersecurity Seminar
- 8. 9. GDPR comes to the US • More legislation to address privacy and security concerns • California Consumer Privacy Act (CCPA) 4th Annual Cybersecurity Seminar
- 9. 8. Deep Fakes • Hackers will use more sophisticated technology to dupe employees and consumers. • Voice fakes could emulate the voice of your boss. 4th Annual Cybersecurity Seminar Source (WP:NFCC#4), Fair use, https://en.wikipedia.org/w/index.php?curid=61555724
- 10. 7. The CLOUD will only get BIGGER • Business will NOT revert to on- prem technology to protect data • 31 billion IoT devices growing to 75 billion IoT devices by 2025 4th Annual Cybersecurity Seminar
- 11. 6. 2020 will be the year of 5G rollout • More IoT devices on 5G vs. WIFI. • Hackers will focus on hacking IoT devices on cellular. 4th Annual Cybersecurity Seminar
- 12. 5. More AI on both sides •Offensive AI: Hackers will utilize AI •Defensive AI: AI at the edge 4th Annual Cybersecurity Seminar
- 13. 4. Hackers will attack more Small Businesses •Utilize AI -> Volume Business •Big Companies are finally spending on CyberSecurity 4th Annual Cybersecurity Seminar
- 14. 3. HACKERS WILL FOCUS ON HEALTHCARE …and Banking Your health data is worth more than your financial data. Financial fraud is here to stay. 4th Annual Cybersecurity Seminar
- 15. 2. MULTI-FACTOR AUTHENTICATION • More 2-factor authentication • Perhaps 3-factor authentication based on: • What Your Know (Password, Security Qs) • What You Have (Devices) • What You Are (Face ID, Touch) 4th Annual Cybersecurity Seminar
- 16. 1. INCREASE IN CYBERSECURITY JOBS • Job Opportunities for YOU! • Create AI • Develop Standards & Protocols • White Hat Hackers 4th Annual Cybersecurity Seminar
- 17. Bonus Prediction • The next Cold War will be fought without bullets or bombs but rather with information, on both sides. 4th Annual Cybersecurity Seminar
- 18. WHAT THIS MEANS FOR YOU • CyberSecurity is more than money and data. Your physical safety could be in danger. • We must be vigilant at home and at work against cyber attacks. 4th Annual Cybersecurity Seminar
- 19. 4th Annual Cybersecurity Seminar Caroline Dunn
Notas del editor
- I’m so honored to be here today. Thank you for having me here at Middle Georgia State University Dr. Spangler and Dr. Sandoval and everybody affiliated with this event. Thank you to our sponsors. We wouldn’t be able to have these events without you. My talk today will be about innovation, CyberSecurity and how it affects you and me both professionally and personally.
- Let’s start at the very beginning. Why is cybersecurity such a hot topic these days?
- I was looking through my credit card charges and I noticed a $19.99 charge for my AOL subscription. When did I sign up for dial-up service? What was truly confusing was that I never lost my credit card. I call my credit card company and I say, I haven’t lost my credit card, it is in my hand, but I noticed a $19.99 charge a few days ago and I don’t see any other unauthorized charges. What should I do? Their response was, cancel the card right now. Turns out that my credit card information had been stolen from a retail transaction from months ago and the AOL charge was simply to test if the card was working or not. Last summer, I receive an email from Netflix that I had changed my password, then a few seconds later, I receive another email that I had changed my login email address. Come to find out that I had been locked out of my Netflix account and I had upgraded my subscription to the top tier plan with 4 simultaneous streams. They say that my Netflix account is worth about 25 cents on the black market. And yes, I was one of the almost 150 million people in the Equifax breach. I have shopped at Target and Home Depot at some point in my life, and thus my financial data was stolen. The good news is that I have years of free credit monitoring ahead of me. Before one credit monitoring service expires, there’s always another breach and I’m offered more free monitoring services.
- I’m not claiming to be an expert in CyberSecurity. The true experts in this field are busy trying to break into your online bank account right now, so you got me instead. But Seriously, our presentation is based on my industry knowledge through meetings, interactions, and my observations. The true expert in CyberSecurity would be someone like Charles K. Edwards, former acting Inspector General for the US Department of Homeland Security. Unfortunately, he couldn’t make it today as he’s in prison under indictment for conspiracy to commit theft of government property and to defraud the government, theft of government property, wire fraud, and aggravated identity theft. When I attended Georgia Tech I was in a population of about 12% women in the school of Electrical and Computer Engineering. If you’d like to hear more about what that was like please catch me at lunch, I’ll be happy to share. Some day I’m going to make t-shirts that say, “There’s no heavy lifting Electrical Engineering.”
- All new technology innovation will need to be evaluated for security risks. Today as an employee of a company, we have new hire orientation, sexual harassment training, and if your company doesn’t already have CyberSecurity training, your company probably will require CyberSecurity training in the near future. We already saw this with mobile apps that unnecessarily collect personal information. I just saw an article on Forbes where Google deactivated 600 apps in the Google Play store. The article highlighted one app in particular that recorded every website a user visited including Private browsing. I spent a lot of time working with Alexa and Google Home. I’m constantly asked, is Alexa recording everything I say? I saw an article where employees or contractors of Amazon paid to review recordings for the purposes of making Alexa understand our speech better, were forwarding funny or embarrassing recordings to each other. On your Alexa, you can say, send a message to, John Doe, and then record a message for him. One couple accidentally sent a private conversation to the husband’s employee because Alexa thought they said, “alexa, send a message…” VR and AR are cool, but cyber criminals are going to figure out how to hack those as well. Imagine you’re at a nursing home providing some vr therapy The headset is to help them relax and see Hawaii, what if a hacker reprogrammed to see a haunted house?
- More legislation will be passed to protect consumer privacy and levy higher fines for cybercriminals. As there are more cybersecurity crimes, consumers and businesses will start pressuring the people they elected to pass more legislation. The state of California has been know as a leader in consumer advocacy, and the California Consumer Privacy Act went into affect in early 2020 and is somewhat similar to GDPR in the EU. Will new legislation be effective in preventing cyberattacks? I doubt it considering very few cyberattacks get reported today. But it could help a politician get re-elected as this problem is only getting bigger. This is something I would say most voters can agree on, Cybercrime is bad and we’d like to see cyber criminals brought to justice.
- I think I saw my first deep fake video last year and it was pretty sci-fi for me. If you're not already familiar with a deep fake video, it is essentially a video created for the purposes of deception of someone saying something they did not or would not say on their own. Imagine if you saw a video of your company CEO announcing layoffs or shutting down the company? Deepfake videos are very sophisticated. Now, let’s take it down a notch and imagine that you get a call from your boss at work asking you to send sensitive information to a vendor or send money to vendor. How do you know it’s really your boss? My previous CFO would ask his boss, the CEO to confirm their email interactions with a text message. My prediction is that we’ll start hearing about voice fake technologies. How many of you have received calls from the “IRS” saying that you owe money and need to pay in the form of gift cards? Even if you haven’t been fooled by these scammers, believe it or not, this has been a very effective scam to the tune of over 1,500 victims and millions of dollars. And that's just one group that got caught. I'm sure there are many other scammers that haven't gotten caught yet. This IRS scam is one example. I'll link to an article in the description below that somewhat quantifies how successful the fake IRS gift card scam is.
- The main point of entry for a cyber criminal is to hack into your cloud server. The simplest way to stop attacks from the cloud is to take your data offline, but that’s completely unrealistic. Your customers expect to have access to their data. You need access to your data. Your customer is not going to drive to your office to transfer files offline, the 90s are over! Plus if you switched to an offline method and stored all of your data on premises, then you’d be creating a single point of failure for your entire company. One fire, and your company data is gone. The cloud is only growing bigger day by day. Additionally, the number of devices on the cloud is also growing exponentially. We estimate today that we have 31 billion IoT devices online and project that number going up to 75 billion devices in 5 years.
- What does that mean for cybersecurity? Before 5G, most IoT devices connected via WIFI. With the 5G rollout, you'll see a lot more IoT devices connecting over cellular. In my last point, I said that there is projected to be 75 billion IoT devices within the next 5 years. A good chunk of these devices will be on 5G. That means that cyber criminals will shift their focus to hacking IoT devices on cellular. These IoT devices are more than just smart plugs and smart switches. The killer app for IoT devices is sensors that are collecting data where there aren't people to monitor physically. One example would be that you have a fleet of ice cream trucks and you need to keep the ice cream at a certain temperature. What if someone hacked your system and said they would melt all of the ice cream at your plant and on your trucks if you didn't pay them in bit coins?
- First, we'll see cyber criminals using AI to accelerate their efforts. Along with my last point about using AI to create deepfake videos and voice fakes, we'll see cyber criminals leverage AI to create intelligent malware apps and mount stealth attacks. These criminals commonly use command and control tactics. This term was derived from C2 military tactics, and what they do is penetrate networks undetected. They will embed data in DNS requests and bypass your firewall. On the flip side, companies will have to develop their own AI to battle these attacks from cybercriminals. Also consider that scanning the network constantly with a human is virtually impossible for any decent size network. Companies will employ AI tactics to scan for suspicious behavior and report on exceptions and alerts. Hackers will use more AI (offensive AI) and companies will have to create defensive AI at the edge of their networks to combat hackers.
- With cyber criminals using more AI, they will be able to attack smaller companies with less security. Cyberwarfare could turn into a volume business vs. just attacking the big players, Target and Home Depot. Big companies are taking this cyber security thing very seriously, hiring professionals and pouring money into their cybersecurity. This leaves small to medium sized businesses prime targets for the next round of attacks from cyber criminals. AI - write an algorithm that goes to the login screen, pauses, types in login - pauses, mimics human login - cybercriminal Criminal has the correct password, but is taken to hacker location where transactions don't work. Fake online banking.
- Did you know that your heath data is worth more on the black market than your financial data? Criminals are stealing health data and setting up fake clinics to scam the insurance providers out of millions of dollars in either fake procedures or as a pharmacy to illegally obtain opioids for the black market. And if you’re a legitimate doctor with a legitimate practice, you’re probably not a cybersecurity expert. Doctors studied tissues and bones in med school, not how to fight cyber attacks! But a lot of doctors are head of their own practice, and as I mentioned in my last point, criminals are shifting to attacking smaller business. Easy targets for cybercriminals could be small doctor's offices without sophisticated technology implemented. And of course that doesn't mean that hackers won't go after hospitals where they could hold your medical records hostage, purposely mix up prescriptions, or even worse yet, procedures and operations for patients. Someone I interviewed for this talk said that a child’s health data is worth about $1200 on the black market. The under 18 market pays the best. And identity theft and stealing money from your credit card or debit card isn’t going away anytime soon. That’s table steaks for cyber criminals.
- Are you managing 50 to over 100 passwords? The good news is gone are the days of hacking with just a login and password. 2-factor authentication has become table stakes and we could see 3-factor or multi-factor authentication very soon based on your password, Face ID, fingerprint, mobile verification, location, and/or a security question. Verifying your identity is based on what you know, what you have, what you are, and where you are. For example, if you logged in in New York and then 5 minutes later logged in again in Africa, unless you also perfected teleporting, that probably wasn't you. Unfortunately, for a dedicated cybercriminal, they might try to bypass this by calling your call center and ask for a password reset with a voice fake. That means that call center employees will need further training to spot these voice fake actors. I see banks starting to employ location based authentication, meaning that your mobile phone has to be in the same location as the ATM machine you're trying to use to withdraw money.
- The good news is that this creates a lot of new jobs in CyberSecurity. If you're a student or just someone looking into a new career path with job longevity, CyberSecurity isn’t going away anytime soon. Cybersecurity jobs average at $100,000 per year and here are a few sample job titles: Security administrator, security analyst, security architect, security auditor, security consultant, security engineer, security manager, security software developer, security specialist, security code auditor, vulnerability assessor and the list goes on and on. Network admin hired on the security team, internally for more money, but left a hole in his previous role. According to the Bureau of Labor Statistics, the rate of growth for jobs in information security is projected at 37% from 2012–2022—that’s much faster than the average for all other occupations. Cybersecurity Ventures’ prediction that there will be 3.5 million unfilled cybersecurity jobs globally by 2021, up from one million positions in 2014. Harvard Business Review shared our report, and summed up the plight: “The majority of chief information security officers around the world are worried about the cybersecurity skills gap, with 58 percent of CISOs believing the problem of not having an expert cyber staff will worsen.”
- And those are my top 10 predictions for the future of CyberSecurity. And I’m not just talking about jobs in the private sector, our next cold war could be fought on the cyber battlefield. There’s been a lot of speculation that Russia meddled in our 2016 presidential election. Do you think that the US isn’t trying to influence elections of countries where they have an interest.
- My big takeaway from this is that without trained cybersecurity professionals in place, not only would our financial future be compromised, but also our physical health could be in danger. Imagine someone hacking into a nursing home or hospital and purposely changing all of the drugs and doses for every patient. If you'd like to get started training yourself on CyberSecurity, I'd recommend downloading Kali Linux.