In response to George Waters

Cyber-security isn’t just an issue of time and resource for organizations; it can also be one of cost. Indeed, according to Gartner, cyber security will cost businesses $96 billion in 2018.

In addition, organizations are having to respond to increasing customer awareness about the value of their data growing pressure to not only keep it safe from malicious attack, but also use it responsibly, and not exploit it in the way organizations such as Cambridge Analytica have been accused of.

In response to Hanka Lasek

As such, the term ‘know your enemy is key’. From phishing, spear-phishing and whaling, ransomware and malware, to ghostware, blastware and DDoS, keeping on top of threats is increasingly difficult – especially because as soon as a solution to one issue is found, another version pops up.

Cyber-security isn’t just an issue of time and resource for organizations; it can also be one of cost. Indeed, according to Gartner, cyber security will cost businesses $96 billion in 2018.

As such, the term ‘know your enemy is key’. From phishing, spear-phishing and whaling, ransomware and malware, to ghostware, blastware and DDoS, keeping on top of threats is increasingly difficult – especially because as soon as a solution to one issue is found, another version pops up.

When it comes to cyber security and data privacy, there are almost endless scenarios to consider. While cyber-attacks and breaches are often referred to in the same way, there are actually many different types of threat, that all access and attack systems in various ways. Added to this, they are all constantly evolving to stay one step ahead of attempts to thwart them.

Electronic security protocols also focus on real-time malware detection. Many use heuristic and behavioral analysis to monitor the behavior of a program and its code to defend against viruses or Trojans that change their shape with each execution (polymorphic and metamorphic malware). Security programs can confine potentially malicious programs to a virtual bubble separate from a user's network to analyze their behavior and learn how to better detect new infections.

Here are the main techniques used to prevent web server attacks:

• Patch Management
• Secure installation and configuration of the O.S
• Safe installation and configuration of the web server software
• Scanning system vulnerability
• Anti-virus and firewalls
• Remote administration disabling
• Removing of unused and default account
• Changing of default ports and settings to customs port and settings

In response to Sanjeev Jehoram Moriarty

Aside from security incidents and subsequent actions, what are the major cybersecurity challenges experienced by small and mid-sized organizations?

Sanjeev,

I saw this question asked in a recent survey.  Here are the results:

• 28% of respondents say their biggest cybersecurity challenge is that their organization depends upon too many manual or informal processes for cybersecurity.
• 27% of respondents say their biggest cybersecurity challenge is that it is difficult to manage the complexity of too many disconnected cybersecurity tools.
• 27% of respondents say their biggest cybersecurity challenge is that business managers don’t understand or support strong cybersecurity.
• 25% of respondents say their biggest cybersecurity challenge is that their organization doesn’t provide an appropriate level of cybersecurity training for non-technical employees, leading to increased risk.
• 24% of respondents say their biggest cybersecurity challenge is that their organization lacks the right skills to deal with modern types of cyber threats.

Aside from security incidents and subsequent actions, what are the major cybersecurity challenges experienced by small and mid-sized organizations?

One of the most fatal consequences of social media is people getting addicted to it and using it timelessly irrespective of thinking upon the fact that they have only 24 hours in a day. This addiction leads to insomnia, mental stress, time killing and many health adversities in people, specially teenagers who are the future of any nation.

Cybersecurity offers the following job opportunities.

• Information Security Analyst
• Chief Information Security Officer
• Cryptographer
• Forensics Expert
• Security Administrator
• Security Architect
• Lead Software Security Engineer
• Penetration Tester

A scientific approach to cybersecurity challenges could enrich understanding of the existing landscape of systems, defenses, attacks, and adversaries. Clear and well-substantiated models could help identify potential payoffs and support of mission needs while avoiding likely dead ends and poor places to invest effort.

In the early days, the security focus was on protecting networks, servers, and client workstations. Today’s concerns include targeted attacks on electromechanical control systems and mobile devices. Systems of all kinds are becoming larger and more interconnected. Other changes in recent years include the character of the threat, its sophistication, goals and targets.

The cybersecurity task is daunting, and the world continues to change. We see increasing replacement of physical systems with digital ones, increasing use of digital systems by larger segments of the population, and increasing use of digital systems in ways that the designers and developers never intended.

Desktop computers and laptops are commonly targeted to gather passwords or financial account information, or to construct a botnet to attack another target. Smartphones, tablet computers, smart watches, and other mobile devices such as quantified self devices like activity trackers have sensors such as cameras, microphones, GPS receivers, compasses, and accelerometers which could be exploited, and may collect personal information, including sensitive health information. Wifi, Bluetooth, and cell phone networks on any of these devices could be used as attack vectors, and sensors might be remotely activated after a successful breach.

In response to Waclaw Piatek

Online consumers have been victimized by cyber-threats in the form of spyware; malicious computer viruses, worrms, or malware; and fraud or abusive sales tactics that lure consumers to invest in bogus products or services. Online consumers routinely fall victim to identity theft, as well as spam, phishing or pharming attacks.

The process of keeping up with new technologies, security trends and threat intelligence is a challenging task. However, it's necessary in order to protect information and other assets from cyberthreats, which take many forms.

Blockchain is very interesting technology that has became very popular lately. With all this hype around close-related to it cryptocurrencies, in the beginning of 2018 Bitcoin skyrocketed to from 900$ to 20000$ for several months. I think it is very innovative and certainly should be developed more in the future.

I believe “empty-handed” authentication will become the norm. Users won’t need to have a smart card, a one-time password device, smartphone call back or a password and ID to log into devices and services.  Instead, when users log into their PC, the camera on their PC will detect and identify they are the PC owner through facial recognition.

While it's difficult to predict what other developments blockchain systems will offer in regards to cybersecurity, professionals can make some educated guesses.  Companies are targeting a range of use cases which the blockchain helps enable from medical records management, to decentralized access control, to identity management.  As the application and utility of blockchain in a cybersecurity context emerges, there will be a healthy tension but also complementary integrations with traditional, proven, cybersecurity approaches.

Online consumers have been victimized by cyber-threats in the form of spyware; malicious computer viruses, worrms, or malware; and fraud or abusive sales tactics that lure consumers to invest in bogus products or services. Online consumers routinely fall victim to identity theft, as well as spam, phishing or pharming attacks.

In response to Harald Normansson

Prof. Breitner,

Websites and online services that don’t have the latest and most robust security, can effectively leave the information they might hold on you and the data flowing between your computer and a web server, at risk from hackers.

Every user must avoid the websites that are not using the HTTPS protocol and stores user data. This is one of the most important  rules in internet!

In response to Prof. Dr.-Ing. Helga Breitner

Websites using the now-outdated HTTP web communication standard, rather than the more robust HTTPS, lack an encrypted connection between a computer or smartphone and the web site it connects to. This means the data flowing between the two points can be monitored by other companies or potentially snooped on and stolen by hackers for more nefarious purposes.

Prof. Breitner,

Websites and online services that don’t have the latest and most robust security, can effectively leave the information they might hold on you and the data flowing between your computer and a web server, at risk from hackers.

Websites using the now-outdated HTTP web communication standard, rather than the more robust HTTPS, lack an encrypted connection between a computer or smartphone and the web site it connects to. This means the data flowing between the two points can be monitored by other companies or potentially snooped on and stolen by hackers for more nefarious purposes.

Organizations must ensure that all big data bases are immune to security threats and vulnerabilities. During data collection, all the necessary security protections such as real-time management should be fulfilled. Keeping in mind the huge size of big data, organizations should remember the fact that managing such data could be difficult and requires extraordinary efforts.

Listening to you talking about the cyber world reminded me of an acticle I read a week ago. (it is about the Internet compared to the human brain and the universe. it turns out they have much in common)
Also watching you talk about Internet, AI and cyber security is very inspiring to me. We don't see much women involved in such matters!

In response to Anahit Petrosyan

The myriad of firmware and software systems running on IoT devices makes consumers and businesses highly susceptible to cyber attacks.
A lot of this technology is not designed with cybersecurity in mind, nor to be used for commercial purposes – of which it sometimes is. Insecure web interfaces, data transfers, payment and authentication methods can leave users open to attacks.

The most important activity to prevent common cyber attacks is to keep your enterprise technology up to date, and to apply the latest security patches as they're made available.

The myriad of firmware and software systems running on IoT devices makes consumers and businesses highly susceptible to cyber attacks.
A lot of this technology is not designed with cybersecurity in mind, nor to be used for commercial purposes – of which it sometimes is. Insecure web interfaces, data transfers, payment and authentication methods can leave users open to attacks.

The most paranoid computer security practitioners want every network connection they use to be secured. And it all starts with a VPN. Most of us are familiar with VPNs, from connecting remotely to our work networks. Corporate VPNs provide secure connectivity from your offsite remote location to the company network, but often offer no or limited protection to any other network location. 

Biometric authentication gains more and more popularity as an innovative cyber security solution. While some people see biometrics as a new and efficient way of improving the security for enterprises, others see it as a possible problem.

A major issue is that biometric information can still be stolen or duplicated, just like a user’s login and password. However, in contrast to a password, the user can’t change the scans of their iris or get a new face. This creates new challenges for cybersecurity professionals in the future.

In response to Klas Eriksen

Machine learning still needs to deal with a lot of challenges.   It seems to me there are multiple ways cybercriminals can misuse it.

Klas,

You are exactly right.  Artificial Intelligence (AI) and Machine Learning (ML) software can “learn” from the consequences of past events to reach the set goal. While many cybersecurity professionals use AI/ML tools for preventing cyber attacks, there is a chance that hackers will also use these innovative solutions for performing more sophisticated attacks.
AI and ML may be used for performing different types of attacks – from sending vast amounts of spam/fraud/phishing messages via chatbots to AI-powered password guessing to performing cryptographic attacks.

No online regulations can be implemented at this point, because of fast expanding technology world. You can not control a thing you know so little about. If in the future some convention is imposed, I think it wont last long.

Nioh, thank you for the link.  It looks like they picked the top ten challenges to discuss and I fully agree with their selection.

Here is one of the best lists of cybersecurity challenges I have come across that should be on your radar.

Machine learning still needs to deal with a lot of challenges.   It seems to me there are multiple ways cybercriminals can misuse it.

I am also very excited about Artificial Intelligence.  Thank you for discussing the pluses and minuses of AI devices in such detail.