October Is National Cybersecurity Awareness Month: Week 4
This week’s theme: “The Future of Connected Devices”
The subject of the future of connected devices is a complex discussion. In this fifth and last blog of our series for National Cyberecurity Awareness Month (NCSAM), I will be referencing several cybersecurity studies and experts. According to statista.com, the total installed base of “Internet of Things” (IoT) connected devices is projected to amount to 21.5 billion units worldwide by 2025.
To support those 21.5 billion connected devices, according to the US National Institute of Standards and Technology (NIST), it will require something known as “Edge Computing.” Edge computing comprises artificial intelligence (AI), computing hardware, networking capabilities, and standard protocols. Cloud-based AI coupled with real-time data processing allows AI to handle high-demand tasks. The growth in adoption and deployment of 5G wireless and Wi-Fi 6 can also help drive the secure adoption of increasingly complex systems of connected devices.
The advent of 5G technology might impact consumers and business in their online experiences (i.e., faster speeds and data transmission, larger attack surface for hackers). According to CEO and Principal of Agile Cybersecurity Solutions (ACS) Carlos Fernandes, “Consumers should apply ongoing pressure towards 5G infrastructure providers to heavily scrutinize the suppliers of 5G technologies—demanding diversity of technologies by requiring product-agnostic and vendor-agnostic solutions for consumers to choose from. Using a single supplier for a carrier's 5G infrastructure is unacceptable and should be avoided at all costs. Promoting a competitive landscape based on generally accepted standards is always preferred, ultimately benefitting the consumer.”
Quantum computers are believed to be able to solve computational problems, such as integer factorization (which underlies RSA encryption), substantially faster than traditional computer processing technologies. NIST is already evaluating new methods for what it calls “post–quantum cryptography.” NIST expects to have a draft standard by 2024, which would make recommendations for improving the Cybersecurity of web browsers and other Internet applications and systems.
Current quantum computing technologies have too little processing power and are error-prone when cracking today’s strong encryption codes. The future encryption code-breaking quantum computers would need 100,000 times more processing power and error rates 100 times better than what the best quantum computers have achieved to date. Some experts predict that we are five to ten years away from encryption code-breaking quantum computers.
When this happens, the potential for harm is enormous. If the current encryption methods are broken, people will not be able to trust the data transmitted or received over the Internet, even if encrypted. Adversaries will create bogus certificates, questioning the validity of any digital identity.
Cryptography is just one piece of a much larger puzzle. Encryption does not prevent someone from a successful spear phishing campaign (e.g., clicking on a malicious link, or opening a malicious file attached to an e-mail). Encryption also cannot defend against inevitable software coding errors, or the witting/unwitting insider threat who misuse their access to data.
Since quantum computing technology poses a significant Cybersecurity threat and the reality that adopting new standards will take years, it is wise to begin planning for this inevitability now.
In 2018, the US Department of Commerce estimated that there were around 350,000 cybersecurity jobs currently unfilled. The US Cybersecurity analytics and research company Cybersecurity Ventures released data that indicates 3.5 million cybersecurity jobs are likely to go unfilled globally by 2021.
A November 2019 report by the International Information System Security Certification Consortium, (ISC)², found that while there were approximately 2.8 million security professionals working worldwide at the time, another 4 million trained professionals are still needed to close the cybersecurity skills gap. That’s an increase of 145%. It begs the question: Are we going to be ready for the future of connected devices?
Finally, as the experts begin the endeavor of planning for what could be a seriously disruptive state of successfully controlling the security of our cyberspace, we lowly every-day citizens need to stay aware of the threats that persist among us in an ever increasingly connected world and remain diligent with our online communications behaviors. With the increased rate of ransomware attacks raging among all market segments today, businesses need to educate their workforce through consistent social engineering simulation training. The idea of implementing a “no click” e-mail policy as part of their security and acceptable use policies (AUPs) is no joke.
Security is a journey, not a destination, so I leave you the ACS credo of “Predict, Prevent, Persist.”
To get involved with the NCSA and NCSAM, click here.
My mentor and cybersecurity guru Carlos Fernandes, CEO and Principal of Agile Cybersecurity Solutions, contributed to this article.
Get Caught Up