How will cyber security evolve and impact machine learning?
Machine learning is increasing in popularity – its intuitive nature lending itself to new ways of working that are both easy to set up and user-friendly. It is critical, however, that the right security measures are in place, particularly around identity and access management (IAM), to make sure the data involved is kept safe.
Corporate security teams across multiple industries and sectors are using machine learning to collect and find patterns in data related to log-in times, locations and device footprints. This enables them to efficiently spot normal vs. abnormal user behavior, and to autonomously identify the types of tasks a person is doing and therefore what type of access they should have.
This will be based on the concept of adaptive authentication, which is built around the idea that you can assign a risk score and adjust the level of access a person gets based on the task they are performing and the assurance level of the user’s authentication method. Any deviation from the norm could raise the user’s risk score. The more abnormal the circumstances of a log-in, or the more access a specific task requires, the more authentication factors will be required.
It should additionally be noted that frictionless authentication concepts like zero log-in and implicit authentication are being increasingly sought after. The next few years are key to these concepts being implemented effectively, finding the right balance of convenience, security and privacy.
How cyber security expertise can help businesses in the Middle East navigate digital transformations?
Digital transformation is definitely the hot talking point of the moment and it goes hand in hand with data protection. This is now referred to by a lot of IT and cybersecurity vendors for different types of technology, but only one of which is truly data centric: Encryption. In fact, in 2017, only 1% of the 2.6 billion records stolen were encrypted according to Gemalto’s Breach Level Index findings.
In the first four months of 2018, the Telecommunications Regulatory Authority (TRA) recorded 155 cyber-attacks on the UAE. While the cases of cyber-attacks have declined year on year, it is clear that hackers are becoming more sophisticated in their approaches, always finding new ways to undermine data security.
Data protection, or encryption, is moving from a “best practice” to a business necessity with the digital transformation and the changing regulatory environment. Data breaches and new generation regulations such as GDPR are all over the news and they all point to data encryption as the only way to keep sensitive data secure.
Data security incidents have real impacts on organizations’ ability to do business. The recent data breach of the local ride-hailing app Careem, where personal details of up to 14 million customers across the Middle East region, is one example of that. That’s why Gemalto continues to protect the region’s digital transformation by securing connections, transactions and ensuring data privacy for people to truly enjoy the convenience of this new digital world.
With organizations extending their business to being cloud- and mobile-first, their attack surface and likelihood of accidental data exposure continues to grow. These trends all point to a consistent theme – security needs to be attached to the data itself and the users accessing the data. Only then can companies maintain control of their data in the cloud, manage user access to cloud apps, and keep it secure when it falls into the hands of adversaries. By implementing a three step approach – encrypting all sensitive data at rest and in motion, securely managing and storing all of your encryption keys, and managing and controlling user access – companies can effectively prepare for a breach.
How will AI & Blockchain shape the future of cyber security?
With blockchain technology, a world of possibilities has opened up to both businesses and consumers. Blockchains, both public and private, provide an accessible peer-to-peer platform that enables economic empowerment, greater efficiency, and secure and tamper-proof information distribution. What’s clear is that the blockchain is the start of a digital turning point, and a crucial step in the way value and opportunity are created and distributed.
With that in mind, the UAE government recently announced the Emirates Blockchain Strategy and announced that, by 2021, over 50 per cent of the UAE’s federal transactions will be powered by blockchain technology. The widespread adoption of blockchain technology will have far reaching effects on almost every industry. Indeed, in the financial service industry, some far-sighted banks in the Middle East are already exploring how blockchain might change their approaches in trading, investments and capital assets management. These entities realise that blockchain could become a differentiating factor, enabling them to process transactions with more efficiency, security, privacy, reliability and speed. Financial entities in the UAE are already playing a lead role in fostering innovation and setting the stage for blockchain adoption for the wider region.
In the future, we may see IoT devices at home, such as heating systems or entertainment systems, use a private blockchain to make decisions. Through the Dubai IoT Strategy, Dubai’s goal is to build the world’s most advanced IoT ecosystem through a smart transformation of the Emirate. To truly achieve this, data from IoT devices must be trustworthy. The way this is solved today is to collect all of the trust requests into a single location, which acts as a ‘central authority’ for trust decisions. This aggregation into one location creates a single point of security intelligence that has at times compromised IoT security, leading to Mirai-style botnet attacks. In these attacks, IoT devices are not able to adapt their behaviour because they are not considered ‘smart’ enough to make security decisions without the help of the central authority.
Blockchain removes the single point of decision making that leads to this failure, by enabling device networks to protect themselves in other ways. One way is by allowing the devices to form consensus as a group about what is normal within a given network, and to quarantine any nodes that start behaving unusually.
Also, there are essentially five primitives of any type of digital security: availability, auditability, accountability, integrity, and confidentiality. Blockchain technology addresses the first four of these primitives directly, through its design.