Two-thirds of large UK firms were targeted by cybercriminals in 2016. As the number of attacks continues to rise, what skills will the next generation of professionals need to protect us from AI hackers, rogue self-driving cars and financial ruin?
The global cost of cybercrime is predicted to reach £4.9 trillion annually by 2021 and new cybersecurity trends are emerging. To fight future threats, society must develop the next generation of cyber skills. But how do businesses identify weaknesses in their cybersecurity before they’re hacked? They hire ethical hackers. After all, to beat a hacker you need to think like one. That’s why businesses are training their employees in ethical hacking techniques. Having researchers who can get into the minds of cybercriminals and look for security vulnerabilities is a crucial part of protecting against a breach.
Ethical hackers use the same tools and techniques as malicious hackers, including social engineering techniques to crack company defences. If that requires dressing up as a pizza boy to infiltrate a secure server room, so be it. Also known as penetration testing, these skills are now essential for organisations to defend themselves from real hackers. If even the smallest flaw goes undetected, businesses risk hacker-inflicted chaos. That’s why Facebook recently awarded an ethical hacker £32,000 – its largest ever payout – for reporting a flaw in its servers.
But a critical lack of cyber skills in the UK – currently a deficit of one million trained workers – means businesses are struggling to get the ethical hacking knowledge they need. As more businesses migrate sensitive data online to public and private clouds, there are now more targets than ever for enterprising hackers. Without learning how hackers think, businesses and consumers will fail to protect themselves. The demand for ethical hacking skills will spike, especially as intelligent cyber threats begin to emerge.
Scrutinising systems to find vulnerabilities or sifting through data to find abnormalities after a breach takes time and effort.
To speed things up, artificial intelligence is now being used to perform cybersecurity tasks, instead of error-prone and expensive humans. According to Darpa – a US Department of Defence agency – the world’s growing dependence on computer systems demands the creation of smart, autonomous security systems.
MIT is working on teaching its AI2 system how to stop cyberattacks. The AI, developed to review data from millions of lines of code every day, identifies potential threats using machine learning. AI2 relies on human input to respond to any threats identified, so whilst it cannot yet replace human analysts, this human-AI combination already correctly identifies 86 per cent of attacks.
Widely used AI cyberdefence systems are an inevitability and by 2025, human input may not be needed. If AI cyberdefence systems are widely adopted, we can expect to see a demand for professionals who can support these infinitely powerful machines as they scan tirelessly for vulnerabilities.
AI cybersecurity systems will become a valuable tool in an organisation’s armoury, but intelligent systems will also be used to attack. At the Def Con hacker gathering last year, Darpa ran a competition that pitted seven smart computer programs against one another to see which was the best at defending itself. “Fully automated hacking systems are the final frontier. Humans can find vulnerabilities but can’t analyse millions of programs,” said Giovanni Vigna, professor of computer science at University of California Santa Barbara.
The abundance of vulnerable businesses means more easy targets for hackers. In 2025, one AI hacking tool could do the dirty work of 100 hackers, continuously scanning thousands of networks for flaws to exploit. If society is unprepared for intelligent hacking programs, we’re in for serious trouble. Hackers lead the way in cybersecurity ingenuity, so we should expect to encounter an offensive AI system before we can develop an effective and scalable defence. The next generation of cybersecurity professionals must be expected to both defend against relentless AI hackers and develop intelligent systems of their own.
Internet of Things
The number of Internet of Things (IoT) devices is set to hit 15 billion by 2021, according to research from Juniper. As businesses and consumers accelerate the adoption of internet-connected devices, we’re now on the cusp of an IoT revolution. The benefits of IoT are massive and we’re only scratching the surface of its potential. From wearable healthcare devices that monitor vitals to intelligent heating systems, consumers and businesses are already reaping the benefits.
This surge in connected devices has created an easy opportunities for cybercriminals, though. A carefree approach to IoT security in this nascent industry resulted in the largest DDoS attack in history, dragging Reddit, Twitter and Netflix offline. The malware behind these attacks, Mirai, continues to mutate and threaten vulnerable connected devices.
IoT security skills are seriously lacking and connected devices with poor cyber defences are routinely hijacked. Whilst damaging to businesses, these attacks haven’t yet endangered human life – but it won’t be long. Automated vehicles are as hackable as your smartphone and connected cars could become a weapon for black-hat hackers as early as 2017. “It usually takes about two years for the best weaponised code to move from government to any entity with enough zeros in their bank account,” writes Alec Ross, a former adviser to US Secretary of State Hilary Clinton. How long before we become accustomed to assassination by connected vehicle, and would we even know it had occurred? An estimated 1.3 million people die every year in road accidents, so this method could be less noticeable than other tools for political assassination.
But assassinations are small scale compared to the damage that could be inflicted by unsecure IoT devices. Internet-connected medical devices could be the security nightmare of 2025. Researchers have already found security flaws in cardiac defibrillators, meaning that right now vulnerable healthcare devices could be accessed by hackers. Hospitals are also the perfect target for ransomware. Such attacks tripled in 2016 and hackers are now starting to target networks that hold sensitive data.
High-stakes cases of hospital ransomware attacks saw hackers hold patient data hostage, directly endangering the lives of patients. Now with the rise of internet-connected healthcare devices, what happens when hackers gain access to life-sustaining devices like pacemakers? As dystopian as it sounds, this is a very real scenario that cybersecurity professionals and society as a whole must prepare for.