How emerging technologies are changing the security landscape [Q&A]
The cybersecurity world is a constantly evolving one. In recent years though we've seen the rise of new technologies like AI and quantum computing that, while they may revolutionize legitimate businesses, also have worrying implications for security.
We spoke to Kevin Kennedy, vice president of products at detection and response company Vectra AI, to find out more about the risks and what organizations can do about them.
BN: Are things like ransomware going to become more of a threat because of the use of AI and machine learning?
KK: Today what we've seen is you don't need AI and machine learning from an attacker standpoint to do a ton of damage. Most attacks are using simple things, like finding a VPN or stealing credentials and using that to gain access, then just running through organizations really fast.
One of the trends that we've definitely seen is it's causing more complexity for defenders because it's bigger attack surface and they have to worry about a lot more than they did in the past. We're still in the nascent stages of understanding how cloud services will be attacked and how the power of the cloud will be used to attack the cloud, native services and so on.
The other thing is that the tools to attack things, which used to be techniques used only by nation states, are now automated in tool kits that anyone can use. So it doesn't take a ton of skill to use what would have been considered very advanced techniques a few years ago. Take that further and someone who doesn't know a whole lot can ask tools like ChatGPT questions. It will tell them how to do these things that, again, five years ago only nation states could do.
BN: Is there a risk that we get into a technology arms race?
KK: I think if you look at the history of security product management for about 15 years it's always been this cat and mouse game. Defenders get better and the attackers find new ways. So I think as as defenses get better as we get better both at prevention and how to detect and stop attacks, they'll raise their game again and I think AI is one of the one of the tools that will be available to them. So absolutely, we could get into more into cat and mouse but I don't see if you're a defender today solving today's problems you can do it without using AI.
BN: Commercially quantum computing is probably still a few years away, why should we be worried about it now?
KK: That's a great question because if you look at most of the experts say the point at which there will be the 4,000 cubits phenomenon is five to 10 years out and, and that five to 10 years is an eternity. Yet it's going to take us a while to be able to implement some of the resilient cryptography and actually get all of the stuff that needs to use it to move over to new standards once the standards are available.
One of the really major considerations for organizations today is, when you think about protecting data, the threat to national and economic security from nation states. Specifically stealing IP and the need to protect innovation, so that when our companies invest in developing novel technology they can take advantage of it in the market to generate economic returns to keep the whole engine going. Encryption is a core aspect that we use today to keep that data safe. So you assume even if data is stolen, it may not be usable. In a few years it may be that data stolen today can be easily decrypted and we have to assume that nation states, including China, will be at the forefront of the ability to use quantum to be able to decrypt and that it changes the perspective on on what you have to do to secure and protect innovation.
BN: Is there a real risk that the data stolen today is going to be stored away for a few years until it's possible to decrypt it?
KK: Absolutely. I've read quite a bit of coverage on the idea that ransomware gangs would use it for exploitation. I think that's less of a risk than nation states who are going to have earlier access to quantum and more of a vested interest in stealing our intellectual property and using that to move their businesses forward and really hurt our economy and our national security.
BN: What does a post-quantum world look like in terms of defending the enterprise or defending a critical infrastructure?
KK: I think we're going to have to get to a place where Quantum resilient encryption is in place and the privacy of communication the privacy of data needs to be re-established in that world. Because it's really hard to do security if you can't trust any of your communication, if anyone can listen in on those secrets. You need a balanced approach, you need to think about your data, securing that data, you think about the preventive aspect and how you keep attacks from getting in. You're going to have to think about how to detect and respond at speed.
I don't think it fundamentally changes the basics of security. It just means there's going to be a massive transition required on the crypto side to get quantum resilient encryption technology. From the defender's side you have to think about how quantum can be applied to bring ML and AI forward. We've seen how the increase in available compute and storage has fundamentally shifted what we can do, what were principles and theories 10 years ago are now in common practice applied AI today.
I do think there's a view that, "Hey, my data is encrypted, therefore, I don't have to worry about it being stolen." Given what we know now that is a naïve perspective, you do need the balance of keeping people from ever getting hold of it, because even if it's encrypted that will not necessarily keep you safe. That is a shift in mindset that really the security industry and security practitioners need to grasp.