The changing nature of cybersecurity
It’s not just the best VPNs that are changing privacy and security online. With technology having come to dictate our global economy, it’s important to consider how it’s going to develop in the coming years. That’s especially the case in cybersecurity, which protects us from the multitude of dangers that new technologies pose.
It’s a rapidly evolving landscape, and there are more technologies out there that will change the face of cybersecurity than we have time to learn about.
So, to get you up to speed we’ve put together a list of the 10 most important technologies that are changing the face of cybersecurity forever.
Securing your digital lifestyle doesn’t have to be a tedious or expensive process. You can achieve that in the next 60 seconds by downloading a trial of CyberGhost VPN here, risk-free.
1. Cloud computing
We should all be familiar with the cloud. It’s the ubiquitous yet nebulous data storage alternative that companies can’t seem to get enough of, even if they’re bad at keeping the information in it secure.
Because the cloud uses remote servers to store files that are often confidential, it’s going to have an impact on the way we approach cybersecurity. Right now there are some impeccable efforts being made in terms of local encryption; cloud storage encryption, on the other hand, still has a ways to go.
For many years now the industry standard has been to encrypt all cloud data with 256-Bit AES encryption. In early 2023 Amazon S3 confirmed that moving forward all cloud data will be encrypted by default.
But there’s a flaw in this approach: if a bad actor can access the part of the cloud where those encryption keys (sometimes called PMK or ‘Platform Managed Keys’) are stored, your data is at risk.
That’s why providers like Google Cloud and Azure offer advanced client-side encryption : in other words data in the cloud can be encrypted using a hardware or software key management system on the user’s end. This means not even the cloud provider can read your data. This is sometimes known as BYOK (Bring your Own Key) and promises a much higher degree of security.
This in turn has led to an explosion in the number of KMS (Key Management Solutions) offering to protect your cloud passwords such as Egnyte. Proceed with caution.
2. The internet of things
Ransomware is an increasingly prevalent type of malicious software (malware) that will typically lock your computer or files, with the creator offering to unlock them in exchange for money. Ransomware is a very real threat.
It’s a growing problem in the context of the internet of things (IoT), where vulnerabilities are only now beginning to become apparent. Smart home devices, which can include everything from refrigerators to thermostats, are very easy targets for ransomware and other attacks right now, and it’s an area where the cybersecurity industry will be focusing its efforts in 2023.
As of the end of 2022 there were some 17 billion IoT devices in the world. According to Microsoft’s 2022 Defense Report, IoT devices are a key entry point for many attacks:
“While the security of IT hardware and software has strengthened in recent years, the security of Internet of Things (IoT) … has not kept pace,”
Some flaws are easily fixed: for instance many IoT devices use simple hardwired passwords to make for an easy setup. These could be made stronger and randomised by the manufacturer. People running multiple IoT devices could also have more support in segmenting different parts of their home network, so for instance, a bad actor who hacks into your “smart” home doorbell won’t also be able to access your smart thermostat.
With hope 2023 will be the year that the cybersecurity industry develops a universal set of standards for IoT devices introducing measures like these.
Everyone from celebrities to startups to celebrity startups is trying to position themselves to profit from the cryptocurrency craze, and it’s not hard to see why.
Mining virtual currencies such as Bitcoin and Ethereum has created such a high demand for the best graphics cards that games and others who want them for conventional purposes are struggling to get their hands on them.
Although graphics cards often sell for way over the manufacturers’ retail prices, throughout 2022 the GPU shortage has gone down and graphics cards now cost more reasonable amounts.
This may be a reflection of recent events such as the collapse of FTX, which reveals that some of the issues reflecting newly-minted crypto-exchanges are the same as those of old : accumulating vast amounts of digital wealth simply increases the chance every day that they’ll be a victim of an online heist. There’s no quick and easy technological solution to this : it’s down to each user to keep their crypto-assets in an exchange only as long as it is necessary to purchase them and transfer them to a safe place.
The gold standard for keeping your crypto-assets safe is a hardware wallet from a trusted provider. If you don’t already have one, check our guide on the very best hardware wallets.
4. Machine learning
Commonly confused with AI, or artificial intelligence (which we’ll talk about later), machine learning is the idea that computers and systems can become capable of learning on their own, without programmer input. For more information, see our guide What is machine learning and how it differs to AI..
Organizations from NASA to Google are trying to get a jump on machine learning. It’s used to help power Uber’s dynamic pricing model, as well as help them calculate how long journeys will take and where to send drivers.
In terms of cybersecurity, machine learning is being researched for use in e-mail monitoring to prevent phishing and credit card fraud. This involves the software training itself to recognise spam emails, some of which can look extremely authentic as they steal images and templates from legitimate companies.
Machine learning also has exciting applications for malware monitoring :while conventional antivirus programs simply match suspicious apps against a known database of threats, ML algorithms could be developed to spot them in general based on their size, behaviour and so on.
We have multi-step verification on nearly all of our accounts now, from our bank accounts to social media. What we need more of is hardware authentication that does away with the generic password solution – passwords can be easily guessed by the aforementioned machine learning software.
Microsoft and Apple have made great strides in biometric log-in technology: Microsoft has Windows Hello in Windows 11, which can be configured to log you into your computer or tablet by facial recognition or by Apple’s “Touch ID” fingerprint scan. Mobile devices from the iPhone X onwards have also introduced Face ID. Models from the iPhone 12 and later even support Face ID whilst wearing a mask.
None of the solutions out there at the moment are perfect though. Face ID security has been foiled in the past by similar looking people such as twins. In 2017 Vietnamese Security Company Bkav also managed to fool Face ID with a cheap mask. Still, this involved taking multiple pictures of the real iPhone owner from various angles and 3D-printing a mask. A thief would also need to stop the real owner from simply remotely locking the iPhone over the Internet before it went missing.
In 2021 cybersecurity researchers also managed to bypass Windows Hello by impersonating a privileged user account. This bug has now been fixed in Windows 10 and 11.
Still, until we start adopting hardware authentication that doesn’t require a backup password, cybersecurity organizations have their work cut out for them.
6. Remote browsers
Don’t be alarmed, but your web browser isn’t as secure as you probably think it is. In fact, the web browsers we use every day are the most common route of entry for malware. That’s where a remote browser comes in handy.
Many enterprise users, especially those using the best Chromebooks, are probably familiar with the concept of a remote browser. If you have to log in to a server to access the web every time you open Google Chrome, you’re using a remote browser. This is notably more secure than a local browsing session, as you can always reset the server to a previously working state should anything go awry.
This is sometimes known as RBI, or “Remote Browser Isolation”. It can be useful, particularly for big organizations who would otherwise have to check each device that connects to their network, install antivirus and so on.
In January 2023, Cloudflare announced that its new e-mail security tools could automatically open all suspicious links via remote browser, protecting the machine used to access them. This could show a shift towards a “zero trust” network model where organizations assume that even their own employees can’t be trusted not to open suspicious emails.
7. Multi-factor authentication
As we touched on earlier, requiring a single password to access a company account is an open invitation for hackers. In Verizon’s data breach investigations report from last year, it was confirmed that 63% of data breaches occur as a result of weak, easily crackable passwords being exploited.
Companies, then, have a duty to more strictly enforce multi-factor authentication in the coming years. After the fallout from 2017’s Equifax data breach, research conducted by BitDefender suggests the general public is finally starting to care more about identity theft and its consequences.
This may lead to more people adopting 2FA (two factor authentication)/multi-factor authentication throughout 2023. Microsoft’s official documentation suggests “nudging” users to set this up. Apple has required 2FA sign-in for certain services like Apple Pay and “Sign In with Apple” for years but this doesn’t apply across the board.
8. Quantum computing
It’s a concept that’s existed since the 1960s, but quantum computing is still in its infancy.
Whereas a regular computer works with bits, or a combination of ones and zeroes, a quantum computer can use ones, zeroes and any quantum superposition of both of those values to process data infinitely faster than the machines we use today.
Since they’re able to handle complex situations that even a normal supercomputer wouldn’t know what to do with, quantum computers will play a big role in the future of healthcare, politics and – you guessed it – cybersecurity encryption.
In 2023 IBM issued a report entitled “Security in the Quantum Computer Era”. The company went so far as to say that quantum computing represented an “existential threat” to conventional encryption techniques.
The reason for this is very simple : the strength of existing encryption protocols comes down to how long it would take to break them through “brute force” techniques : that is to say how long a supercomputer would take on average to try different combinations of keys until it hits upon the right one.
A Quantum Computer doesn’t have the same limitations : traditional encryption algorithms rely on factoring large numbers, which a quantum computer can do in a matter of minutes, not centuries. This means no one’s data is safe.
9. User behavior analytics
There are serious security concerns surrounding the field of analytics. For one, privacy can be betrayed by websites that simply collect data in order to tailor advertisements more directly to individuals. But user behavior analytics (UBA) can be genuinely beneficial.
Legally, an organization can’t pry into someone’s computer to find out who they are, where they live and what they do for a living. What they can do is identify users based on behavior profiles.
Whenever you swipe a certain way on a touchscreen or make a repeated typo, for instance, UBA technology is there to document and make use of that information.
This data can then be used to forecast security breaches before they happen, should any peculiar user or system behavior take place.
10. Artificial intelligence
10. Artificial intelligence
Most of us have some experience of interacting with artificial intelligence thanks to its implementation in video games or in Siri/Google Assistant. What you might not be aware of is the critical role of AI in cybersecurity.
Firms have already started building tools that can patch security holes before they can be exploited by cybercriminals – but the same time, hackers are adapting to the new ecosystem, and trying to create systems that are smarter than anything a company or government can deal with. AI will only become more powerful as a result of this cybersecurity arms race.
Since its internet debut in Nov 2022 the ChatGPT AI bot (Generative pre-trained transformer) has been impressing the internet with its extremely realistic conversations and behaviour, such as inventing song lyrics and simulating chatrooms. There are limits to its artificial intelligence though, as it can often supply plausible-sounding answers which are in fact gibberish. The implications for cybersecurity are huge however, given that these bots can help to review code for bugs and proactively learn about online threats.