SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Technologies to change how we connect with the digital world
Fri, 4th Dec 2015
FYI, this story is more than a year old

Online security firm AVG Technologies had outlined what enterprises and consumers can expect in the ‘continuing, rapid evolution' of online threats and protections.

Michael McKinnon, AVG's Security Awareness director, has pinpointed five technologies that AVG expects will change the way people connect with the digital world in 2016.

1. Artificial Intelligence (AI)

“It's not just self-driving cars that are heralding a tipping point in how intelligent software systems are influencing our lives,” McKinnon says. “Advances in AI and deep learning systems are becoming much more accessible, as evidenced recently when Google open sourced its Tensorflow AI engine project.

And, as AI security solutions start to emerge in 2016, the arms race against malicious actors on the Internet will be given a much needed boost, allowing faster responses to threats and limiting their damage. In the case of AVG, our latest antivirus engine contains a number of sophisticated neural learning and cloud-data collection techniques designed to catch malware earlier and more often.

2. Encryption and the beginning of the end for Certificate Authorities

The need to securely encrypt all website traffic via HTTPS is a growing concern. In 2016, a combination of new open standards and easier, affordable choices for bloggers and website owners will see the start of comprehensive changes.

The monopoly of Certificate Authorities to validate the identity of legitimate websites and issue expensive SSL certificates is coming to an end as news of certificate mismanagement, security mishaps and data breaches have plagued some of these monoliths.

Attractive technical alternatives – like Let's Encrypt, currently in beta - are bound to flourish as average small bloggers and business website owners no longer have to go through arduous, costly verifications. Google's Certificate Transparency project will continue to identify rogue SSL Certificates through detections built into modern day web browsers. And exciting prospects, such as the Internet Society's DANE protocol, offers website owners the ability to validate their own SSL certificate and bypass a Certificate Authority altogether.

3. Malvertising. Ad Networks to shape up or ship out

It's time for ad networks to shape up before they destroy the digital economy they helped build and before they ruin the websites that rely on advertising revenue for their livelihood.

Malvertising is a new vector being used to instantly infect thousands of victims browsing otherwise legitimate websites. It's happening all too frequently because of questionable third party relationships and poor security affecting multiple online advertising networks.

At the root of this problem is the ‘attack surface' of ever-growing, ever-complex advertising and tracking ‘scripts' provided by ad networks and included by publishers (often blindly) on their websites.

4. Passwords aren't going anywhere

The vast majority of us use the humble password to access resources across our private and work lives, and it will be with us for many years to come. It's important to understand that passwords are a free to use concept, not a technology. Any alternative solution will be at a cost in technology or complexity, and that's why passwords are here to stay.

Weaknesses associated with passwords, such as re-using them or not storing them safely, will no doubt continue. To minimise risks we all need to keep security awareness rising across consumer, business and enterprise.

Here are some of the alternatives starting to enter the picture.

If offered, McKinnon highly recommends the two-factor authentication (sometimes called two-step verification) access control concept.

This year, Yahoo announced a security solution using mobile devices rather than passwords for access, and Google's Smart Lock features use the presence of other nearby devices to unlock your smartphone.

5. Bad IoT - security by design will reach boiling point

Every unprotected device and appliance that is connected to a network is open to hacking – that's every smart TV and stereo, lighting and home security system, through to newfangled fridges and self-driving cars. Cyber criminals are probing hardware, scanning the airwaves and harvesting passwords and other personal identity data from wherever they can.

“We'll continue to see many strange devices being internet connected, and without a conscious effort to include security by design,” adds McKinnon.

“While it may be amusing to own one of the latest Wi-Fi-enabled kettles that allow you to switch it on using your smartphone without having to put your book down, it has the potential to give up your secret Wi-Fi key,” he says.

“Upgrading and updating all your software, devices, gadgets and equipment has never been as critical – and it becomes life or death in 2016.

McKinnon says Google is pre-empting they will take responsibility for traffic infringements, and also possibly accident and injury claims that their self-driving cars are responsible for – “small comfort though if you die in the process because you forgot to update your car to the latest software,” he says.

“As intelligent software systems start to pervade our lives in as yet unimaginable ways, that software may make a decision that could potentially put your life in jeopardy,” says McKinnon.

“It will become imperative to update software and all your devices. Your life may depend on it - perhaps not in 2016, but certainly in the years to come.