The security industry has been awash in recent years with a wide array of technology innovations - from the development of IP and high-definition video surveillance solutions to now drones, robotics and even analytic platforms driven by artificial intelligence. While these advancements all present a boon for security professionals and the organizations they work to protect, there are also a number of ways that technologies originally designed for good can be leveraged instead for more sinister purposes.
The unintended consequences of rapid technology innovation and how they will affect the security industry moving forward was one of the central themes of a keynote address delivered on Tuesday at ASIS 2017 by Scott Klososky, the founder and principle of technology consulting firm Future Point of View. Klososky, who is also an owner of cybersecurity company TriCorps Security, told attendees that humans continually create new and more advanced technologies without really stopping to think about how they may be used by malicious actors.
For example, though the internet may have connected everyone on the planet and facilitated a faster exchange of information and ideas than has ever been experienced in human history, it has also unintentionally opened a door for criminals to exploit us to a greater degree. "The internet connected us but we didn't give a lot of thought about who it connected us to," Klososky says.
In addition, the introduction of "smart" mobile devices has put advanced communications capabilities into nearly everyone's hands, but these devices are also equipped with GPS and cameras, enabling governments, companies and hackers with the ability to track and spy on people at will. Even the introduction of e-commerce, which has revolutionized the retail industry, has exposed companies to billions of dollars is increased fraud annually.
While mankind has already experienced several iterations of the Internet-connected world, dubbed by Klososky as Web 1.0 (connected organizations), Web 2.0 (connected people) and Web 3.0 (connected devices) which we're currently in, the capabilities coming down the pike - along with their potential consequences - are almost hard to fathom. Although we've only begun to scratch the surface of what's possible with Web 3.0, according to Klososky, Web 4.0 will see the rise of connected and cognitive platforms while Web 5.0 will result in connected people and technology.
However, we’ve already witnessed significant security vulnerabilities for every version of the internet that has come about – viruses, social engineering, DDoS attacks, etc. – and these are only likely to be amplified as technology becomes more intertwined with the daily lives of humans. In the case of Web 4.0, for example, Klososky says there will be instances of data hijacking with the use of ambient intelligence platforms, whereas with Web 5.0, hackers will probably seek to compromise devices that have been implanted into people to make them more efficient.
In the next 50 to 100 years, Klososky believes it is highly unlikely that people will still be operated on by doctors but rather surgical procedures will be performed through the use of robotics. Along with that, he says there will probably be instances of hackers taking control of such machines and either killing or maiming patients, which shouldn’t come as a surprise to those in the security profession.
“I don’t know why this is going to be news to us,” he says, adding that nearly everything people have ever invented has been exploited by criminals in some manner.
There will also come a time, according to Klososky, when artificial intelligence isn’t quite the niche or bleeding-edge concept it is today but will be something that gets to know us and is part of our everyday lives. This “personal AI,” as Klososky referred to it, will even come to manage many aspects of human life, making it nearly as irreplaceable as smartphones are today to many people.
The downside of this and making other data so intertwined with our lives is that bad actors will also begin to realize the intrinsic value of data and pioneer new ways to steal it, whether it is thieves taking STL files used for 3D printing as a way of making off with another company’s intellectual property or terrorists hacking into a construction firm’s network to look at digital blueprints to find weak spots to attack. One of the biggest problems in trying to stop this online community of criminals that Klososky refers to as Mafia 2.0 is that there aren’t enough uniform obligations or cybersecurity laws on the books.
“You think we’re going to come up with some magical fairy dust to protect our data?” Klososky asked attendees.
In cases such as the recent Equifax breach, Klososky says there needs to be clearly defined consequences for organizations that either manufacture a vulnerable product or allow themselves to be exploited by neglecting good and basic cybersecurity hygiene.
“Everything we invent has a dark side,” he says. “We’ve got to get better at predicting collateral damage.”
About the Author:
Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].
