The Infosecurity ISACA North America Expo and Conference got off to a suitably heady start today with its opening keynote, given by the noted cybersecurity expert and visionary Theresa Payton. Payton provided a lively analysis of the current state of security, practical advice for coping with threats and predictions for the year ahead.
In between stories about exploring the Dark Web and tracking down cyber-criminals from her kitchen table, Payton shared observations about what she believed to be the top priorities for security professionals.
Firstly, every organization’s incident response playbook needs a new chapter to include IoT-related issues, she said. The technology’s relative immaturity and complex set of threat surfaces represent a new frontier. Payton noted that, at this point in time, every “thing” in the IoT represents a potential vulnerability – including smart lightbulbs. Her suggested priority actions for reducing IoT threats included network segmentation for effective containment of breaches and strategically placed kill switches to disable compromised applications.
Payton also explained that AI/expert systems are now in common use, but there is no international code of ethics for designing applications to make sure they don’t reflect the designers’ conscious and unconscious biases. A related hazard lies in the fact that most AI engineers don't have a good grasp of the business they are writing the code for, or the clients who will be using it.
According to Payton, one of the simplest but highly effective security measures a CISO can implement is to segment their organization’s identity, creating a completely different one from its public-facing domain name and other services to support financial activities and other critical transactions. This should include a completely different set of email addresses reserved only for people involved in the sensitive activities conducted under the alternate identity.
Payton concluded with several predictions for the 2020-2021 timeframe:
- The human element remains a major vector for attacks but it will be taking a new turn with the increasingly common use of deep fake voice simulations
- A surge in ransomware attacks – both in terms of frequency and in maliciousness. Payton predicted that there will be a shift from simple ransom to extortion and that most companies will experience attacks once every 11 seconds by the end of the year
- In 2015, Payton, predicted the election hacking of 2016, and now she feels that the misinformation tactics used so effectively then will also be used to destroy companies and institutions for financial gain
- Blockchain technology will be cracked in the near future and AI-powered bots will evolve to become autonomous, and more dangerous