00:00:00
this year has been a tough one for cyber
00:00:02
security especially if you were one of
00:00:03
the folks that got hacked and even if
00:00:06
you weren't you might have been and you
00:00:07
just don't know it yet
00:00:09
that happens
00:00:10
so let's take a look at what kinds of
00:00:12
things have we seen overall Trends in
00:00:15
the past year in cyber security so we'll
00:00:18
take a look back
00:00:19
and then we'll take a look forward into
00:00:22
the future what can we look forward to
00:00:24
in cyber security threats as well as
00:00:27
hopefully good things that can occur I
00:00:29
think there will be a mixture of good
00:00:30
news and bad news with both
00:00:32
so first of all looking back one of the
00:00:35
things that continues to plague us is
00:00:37
this notion of data breach
00:00:41
that is the bad guys get into your
00:00:43
system they dump your customer database
00:00:46
they use it to mine for information that
00:00:49
they can later use identity fraud
00:00:51
scenarios with they steal the secret
00:00:54
sauce the plans this sort of stuff and
00:00:56
the business is compromised as a result
00:00:59
the IBM ponderman survey that we run
00:01:03
each year on the cost of a data breach
00:01:05
shows that the cost of a data breach
00:01:08
continues to be in excess of four
00:01:10
million dollars per incident
00:01:12
that has been the case for a number of
00:01:14
years and it continues to be the case
00:01:16
we've got to do a better job on this
00:01:18
it's almost become so commonplace that
00:01:21
we're numb to it and that can't be the
00:01:23
case
00:01:24
what's the cause of a lot of these data
00:01:25
breaches well it turns out ransomware
00:01:30
is at the core
00:01:32
of many of them not all but many and
00:01:35
ransomware is costing people individuals
00:01:38
all the way up to the large
00:01:40
organizations and even nation states as
00:01:42
its effect is resulting in data loss
00:01:46
it's resulting in extortion a lot of bad
00:01:49
things happen here so those are a couple
00:01:52
of bad trends that we see how about
00:01:54
something good A little bit of good news
00:01:56
for last year I'll say multi-factor
00:01:59
authentication is one it's not a new
00:02:02
idea but the idea that I can
00:02:05
authenticate prove my identity to the
00:02:07
system based upon something I know
00:02:09
something I have and something I am
00:02:12
those three things
00:02:14
put all of those together or some
00:02:16
combination maybe even get rid of the
00:02:18
something I know the password it's a
00:02:21
better user experience and it can lead
00:02:23
to better security and what we've seen
00:02:25
is more and more widespread adoption of
00:02:28
multi-factor authentication that's going
00:02:31
to be a good thing for us all and we've
00:02:33
seen that start to take more hold in the
00:02:37
past year now how about looking forward
00:02:39
what kind of things have can we expect
00:02:41
to see well I'm going to say it's going
00:02:44
to be a little bit of Groundhog Day what
00:02:46
we've seen in the past we're going to
00:02:48
keep seeing in the future until we learn
00:02:50
how to solve these problems data breach
00:02:53
ransomware multi-factor authentication
00:02:56
hopefully we'll continue to see more and
00:02:58
more widespread use of that
00:03:00
so the past continues to play into the
00:03:02
future and influence the future
00:03:05
but what are some other things that
00:03:06
we'll see I think we're going to see a
00:03:09
rise in attacks for Internet of Things
00:03:13
internet of things or iot is basically
00:03:16
the notion if you follow along with me
00:03:18
turn everything into a computer
00:03:20
your car becomes a computer that takes
00:03:22
you places your refrigerator is a
00:03:25
computer that keeps your food cold
00:03:27
your DVR is a computer that shows you
00:03:29
movies
00:03:30
and in the iot trend everything becomes
00:03:33
a computer and what we know from cyber
00:03:36
security is that every computer can be
00:03:38
hacked so if everything can be a
00:03:41
computer and every computer can be
00:03:43
hacked all of a sudden everything can be
00:03:45
hacked your car your refrigerator your
00:03:48
insulin pump your implantable
00:03:50
defibrillator these are things that are
00:03:53
going to be pretty scary when we start
00:03:54
thinking about the whole world around us
00:03:56
is potentially hackable that's an area
00:03:59
that we have got to give more attention
00:04:01
to
00:04:02
another one that could come back to
00:04:05
haunt us is the use of artificial
00:04:07
intelligence by the bad guys
00:04:09
on the positive side we've had the good
00:04:12
guys using AI for some number of years
00:04:14
we can use this to do a better job of
00:04:17
security analysis of root cause analysis
00:04:20
looking for what all of these indicators
00:04:23
of compromise ultimately mean and
00:04:25
figuring out what we need to do the good
00:04:27
guys are using this to analyze and
00:04:29
investigate the bad guys I think are
00:04:32
going to start using it more and more to
00:04:34
do things like develop attacks that are
00:04:38
specific to an AI an artificial
00:04:41
intelligence system would be able to
00:04:44
maybe design new types of attacks to get
00:04:46
into systems
00:04:48
we could also as our businesses become
00:04:51
more and more dependent upon artificial
00:04:53
intelligence we are dependent upon the
00:04:55
Corpus of knowledge that's in those
00:04:57
systems so therefore if someone were
00:05:00
able to poison the Corpus of knowledge
00:05:02
then the AI would be giving advice and
00:05:05
making decisions based on bad
00:05:07
information so that's a different type
00:05:09
of AI based attack all of these go into
00:05:11
what we refer to as adversarial AI
00:05:15
so there are a number of things that the
00:05:16
bad guys could be doing where they're
00:05:18
going to start using AI more which just
00:05:21
means the good guys are going to have to
00:05:22
start using our AI more still and
00:05:25
another one that is very new and will
00:05:28
continue to grow is the notion of a deep
00:05:30
fake that is an audio or video file
00:05:33
where we have a a person maybe a
00:05:37
well-known person saying something that
00:05:40
they never said and we tend to believe
00:05:42
what we see and if it goes out on social
00:05:44
media everyone will believe it before
00:05:46
anyone has a chance to refute it imagine
00:05:48
what happens if a video is leaked on
00:05:51
Election Day showing a candidate saying
00:05:54
something that they never said that was
00:05:56
terrible
00:05:57
it could be too late before we get the
00:06:00
news cycle the next news cycle to
00:06:02
correct the error
00:06:04
it could also move the stock market if
00:06:06
we had a CEO seeming to say certain
00:06:08
information that would look bad about
00:06:11
the company and cause the stock to crash
00:06:14
even though they never said those words
00:06:16
but we have an AI that can do that sort
00:06:18
of simulation we're going to have to get
00:06:20
smarter about how to detect a deep fake
00:06:23
from an authentic video as an example
00:06:26
other things that we'll see
00:06:28
quantum computers
00:06:31
are very useful in solving problems that
00:06:35
traditional computers have not been able
00:06:36
to do to do simulations and things of
00:06:39
that sort that we just don't have the
00:06:41
Computing capacity to process with a
00:06:44
conventional computer
00:06:46
so a Quantum system could solve those
00:06:48
problems in record time
00:06:51
also a Quantum system could potentially
00:06:54
attack the cryptography that we have the
00:06:57
asymmetric crypto algorithms that we
00:07:00
rely on every day for all of our secure
00:07:03
Communications could potentially be
00:07:05
broken in what we thought would have
00:07:08
taken decades or hundreds of years now
00:07:11
with a well-tuned Quantum system in the
00:07:13
future maybe being able to be broken in
00:07:16
a matter of minutes
00:07:17
so that means we're going to have to do
00:07:19
some good work to make Quantum safe
00:07:21
algorithms for cryptography and the good
00:07:24
news is we've got these things in fact
00:07:27
the National Institute of Standards uh
00:07:29
recently this year came out with four
00:07:32
algorithms that they published as being
00:07:34
Quantum safe these are the algorithms
00:07:36
that will protect against a quantum
00:07:38
computer trying to crack our encrypted
00:07:41
messages and databases and the like
00:07:44
and four of those algorithms that were
00:07:47
accepted of those four three of them in
00:07:50
fact had IBM contributions to them so
00:07:52
we're very proud of our work that we've
00:07:54
done in this space and trying to protect
00:07:57
people going forward into the future
00:08:00
and then another Trend that has
00:08:02
continued for a number of years and it
00:08:04
shows no signs of letting up is a skills
00:08:07
Gap in cyber security
00:08:09
there's one website called cyberseek.org
00:08:11
that says currently as I look at the
00:08:13
website there are about
00:08:16
770 million unfilled cyber security jobs
00:08:19
in the U.S alone
00:08:21
that's right now and there's only about
00:08:23
a million or so people working in the
00:08:25
field so it's almost one-to-one for
00:08:27
every job now there uh is an opening and
00:08:31
we can't make cyber Security Experts
00:08:33
that quickly with current technology we
00:08:36
can create a new human in about nine
00:08:38
months but if we're going to turn them
00:08:40
into a cyber security expert it's going
00:08:42
to take a few more years
00:08:43
there's not anything that looks like we
00:08:46
can suddenly start minting new Cyber
00:08:48
Security Experts to fill the Gap but we
00:08:51
can do some things to help and we can do
00:08:54
things by working smarter using AI that
00:08:58
I mentioned here to guide our security
00:09:00
efforts using good tools to automate the
00:09:04
responses that we have for security to
00:09:07
do better analysis and become Force
00:09:10
multipliers for the people that we do
00:09:11
have also we need to do a lot more
00:09:13
training for the people that are out
00:09:15
there not only our end users so that
00:09:17
they don't put us in such a bad place to
00:09:19
begin with but also Security
00:09:21
Professionals and create more Security
00:09:23
Professionals so it's going to be a
00:09:26
multi-pronged approach but these are the
00:09:28
things that I think we're going to be
00:09:29
able to see both on the positive and the
00:09:32
negative as we start looking forward to
00:09:35
the future of cyber security
00:09:39
foreign
