Cybersecurity will become “baked-in” to all layers of intelligent systems, writes Charles Eagan, CTO at BlackBerry, looking at 2021 and beyond. The “Netflix” effect will force security providers to differentiate themselves with AI and ML-based solutions, he suggests.
Over the past 12 months we have seen huge changes in the way we live, socialise and work. The pandemic and shift in work habits has unfortunately presented opportunities to cybercriminals who take advantage of confusion, uncertainty, and rapid change. The big shift to remote working has saved many jobs and businesses, but also poses a massive cybersecurity risk.
The pandemic has seen a rise in online scams globally, which shows the necessity of advanced cybersecurity solutions now more than ever. Recent security incidents around the COVID-19 vaccine roll-out have shown that hackers don’t shy away from attacking organisations that are vital for public health – everyone is a target.
The world has changed and so must organisations’ approach to cyber security. Here, I look at how the cyber security landscape will change this year:
With more than 6,000 security vendors providing a range of solutions, the signal-to-noise ratio has become a significant issue within the cybersecurity industry. As organisations look to bolster their defences, the sheer volume of providers and technologies is simply overwhelming.
For prospective customers, it’s the Netflix dilemma: when you open Netflix, you’re bombarded with so many choices that it can be difficult to decide what to watch. Your leisure time is limited, so you want to make sure you enjoy what you select. In cybersecurity, customers have budgets, and they need to make sure that their choice of security vendor is the right one for them. And while you can easily pick a new series or movie, you can’t simply leave a security vendor – particularly, if there is a comprehensive solution in place.
The challenge for us, the security providers, is to justify our claims and differentiate ourselves from our competitors. In this sense, 2021 must be the year of results. We must prove the efficacy of our solutions – instead of talking about how it works, we must show customers that it works. The entire industry must demonstrate how to measure security success, and then hold ourselves accountable to that standard.
Many businesses and industries struggled in 2020. To borrow a term from the President-elect, these organisations are now plotting how to “build back better.” There are over 1 billion pieces of malware in the world today, trying to exploit countless attack vectors – all in the midst of a global pandemic that has caused unprecedented disruption in the common work landscape. With a holistic AI/ML approach, backed by true data science, we think we can help organisations fight the multi-front war, and build back better.
Effective AI
There’s no doubt that AI is advancing into our connected lives, changing the way we work and communicate. That change is sometimes slower than we might expect, but it’s continuously advancing, and building momentum. While the potential in the AI space hasn’t shrunk, the noise around AI has distracted attention away from security solutions like BlackBerry’s, which leverages true AI.
To a certain extent, AI has become a victim of its own success – it’s being used as a corporate buzzword, slapped on products and marketing collateral like it were a new coat of paint. But it’s important to remember that, in the cybersecurity realm, AI and ML are not quick fixes. When used appropriately with data science to build out models and examine biases, AI and ML are second-to-none.
However, when a simple automation of manual tasks is branded as AI, it negatively affects the perception of AI’s value – especially in the cybersecurity space. Most of the problems that have been purportedly solved by AI aren’t as challenging as the ones the cybersecurity industry is trying to solve. In this sense, organisations not only have to look to AI, but have to look to authentic AI – it’s why BlackBerry utilises data science as a strategic tool.
Authentic AI is about empowering human intelligence, not replacing it. The constant talk of automation and the rise of the robots is wildly misplaced; 2020 reminded us just how important people are. AI can’t replace human intelligence where it’s needed most: we must choose the right problems to solve, and react to unforeseen sudden changes in the landscape – changes like a global pandemic. But, if we can use AI to do some of the heavy lifting of security, and teach it to be flexible in the face of rapidly-changing circumstances, we can give employees back some valuable time to focus more on what they do best: creative thinking, problem solving, running the business, and getting on with their own lives.
WFH
Knowledge workers and the overall service sector, which are the biggest parts of our economy, are likely to employ a mixed or hybrid environment moving forwards. If you work with your hands, or if you’re in a factory, working remotely or behind a screen just isn’t an option.
For sectors that can work remotely, organisations are realising significant real estate savings by having employees work from home. While COVID-19 might have sent thousands to their home offices, the economic benefits for an employer might keep them there long-term.
However, home offices can leave businesses and employees more vulnerable to cybersecurity issues – from unintentional human errors, to aggressive threat vector attacks. This is an opportunity for security vendors like BlackBerry, who are now endeavouring to make remote work more secure – even as connected endpoints grow and multiply at an astonishing rate.
Cybersecurity is, in all too many ways, an after-market add-on. But this kind of model can become a roadblock to comprehensive security – like plugging the sink while the faucet is already on.
Take, for instance, the connected vehicle market: vehicles continue to make use of data-rich sensors to deliver safety and comfort features to the driver. But if these platforms aren’t built with security as a prerequisite, it’s easy to open up a new cyberattack vector with each new feature. In many cases, the data that drives Machine Learning and AI is only useful – and safe – if it cannot be compromised. Cybersecurity must become a pillar of product and platform development from day one, instead of added on after the architecture is established.
From criminals looking to make a quick buck, to state-sponsored actors, criminals are targeting COVID-19 research with alarming frequency. As the pandemic’s effects rage on across the globe, that trend will only continue to grow. For this life-saving research to continue unfettered, the inherent threats on this research simply cannot be ignored. Healthcare has always been an attractive target for cybercriminals, and cybersecurity needs to be as much a part of the cure as research into the virus itself.
There are multiple reports that nefarious actors have attempted to steal COVID-19 vaccine research from multiple organisations in Canada, the United States, and the UK. The recent vaccine announcements from Pfizer and Moderna will only raise the risk of attack, particularly since the candidate vaccines have demonstrated a 90 per çent-plus efficacy rate in preventing COVID-19 infections.
For these vaccine makers, it’s a maze of security and logistics challenges – from storing the vaccine at the required temperatures, to malicious behaviour at every point of the production and distribution journey. The IP value of these vaccines are higher than any like them before, and there are bad actors everywhere who would stop at nothing to hold hostage this holy grail of public health. All eyes are on the healthcare industry, and on the various firms seeking to take their vaccines to market. Cybersecurity has a critical role to play in the year ahead.
The cybersecurity industry will play a huge part in helping the world return to normality this year. However, some things, like flexible and remote working, are here to stay. Technological advances and the continued adoption of AI will allow organisations to operate in the new world in which ever way they build back. What has become more obvious to us all over the past year is that humanity is adaptable, but also vulnerable to sudden change and volatility. The tech and cybersecurity sector must continue to innovate and support organisations to help build robust and well-prepared businesses, public services and societies.
