There is no such thing as 100% security. A lot has happened in the year 2018. We had the rise of malware like ransomware where an attacker infects a machine and most likely encrypts the data inside it. They ask for money (typically bitcoin) in order to restore it back. Other time hackers use our machines to mine bitcoins. This is called crypto-jacking. Hence the need for ad-blockers, software patches, and backup. There were many malwares like WannaCry, Zeus, Kovter, SamSam, Mirai, etc. which made the headlines. Hackers typically target vulnerabilities in software or hardware to intrude into your space. Phishing is a common form of attack. But zero-day exploits (the weakness of a software exploited by a hacker as soon as it’s released) remain the favorite type of attack. For example, just a month back there was a massively co-ordinated on all WordPress Sites. This was accomplished by exploiting a loophole within one of its plugins. We really can’t predict what will happen next.
But there is help coming. With the rise of AI (Artificial Intelligence) the scanners and other malware detectors are getting their smarts. This is made possible because of an abundance of data. By the year 2020, almost all anti-malware product will run on AI algorithms to detect the next threat. Unusual activities, fraudulent logins, compromised passwords and all other weakness in the system will be tracked by these intelligent bots. To catch a thief, you have to think like a thief. Hence this sophisticated software will work like a GAN (Generative Adversarial Network) where one neural network is pit against another. The bad v/s the good where the good tries to thwart as much of threats produced by bad. The bad in turn increases the difficulty level, and the good keeps on learning while protecting our network. Machine Learning holds a big promise of making our systems secure. (mostly)
However, the bad guys also have this technology in their hands. Hence, they will make intelligent malware which avoids detection and spreads fast. Hackers typically don’t go after individuals. They like to attack organizations, as the payout is higher. Most of these nut cases have money as the primary motive that drives them. It has been estimated that SamSam ransomware made the attacker USD 330,000 per month from enterprises and public sector organizations. Hackers would not want to use AI if they can attack vulnerable systems and networks easily. The weakest link is human. We forget to configure our security, use loose passwords, do not take backups, do not update our machines with the latest software and do not actively read security software logs. There are many precautionary measured that we take to thwart an attack. Like for example – we can close all unused ports; use HTTPS and not HTTP; use SHA-512 encryption and so on. Everything boils down to the most important thing in our possession – our data.
Data is perhaps the oil of today’s generation. There are 300 hours of videos are uploaded to YouTube in a minute. Sites like Facebook / Amazon also harvest a lot of data. Recently the Avengers Movie – End Game was getting pre-booked at 70 seats per second. Welcome to the world of Big Data. AI relies on good data, for it to make predictions and take corrective actions. Data needs to be protected (say by encrypting) and personal/corporate data should not be shared without the permission of the individual or the organization. General Data Protection Regulation (GDPR) act has been enacted in the year 2018. This prohibits EU (European Union) vendors from sharing data without the user’s permission. Likewise, California Consumer Privacy Act (CCPA) applies to California state. It has privacy laws but is not as strict as the GDPR. Data is like words. Once they get out, they lose their virginity. In other words, data shared is data that is not private. With firm rules and regulations in place (at a global scale) we will see a new world emerging. One where you have no worries about your data and can sleep like a baby in the night.
God Bless !