In this interview we asked our advisor Nick Bilogorskiy, the former chief malware researcher at Facebook to reveal why he believes there will be an uptick in cyber attacks. He also weighs in on the need to deploy a layered defense strategy to reduce risks of breaches.
At Facebook, Bilogorskiy refined his skills in reverse engineering and malware analysis, while helping to keep one billion Facebook users safe and secure. Nick has deep security startup experience, both on technical and business sides.
Q: Password-related attacks and other types of malware/cyberattacks are more sophisticated today and are being enacted on a global scale, e.g., WannaCry. Do you agree with this view and why?
Yes, I firmly believe passwords are the new exploits. In other words, the go-to method to breach a company used to be zero-day exploits, but now it is passwords. As I wrote in this blog post, compromised passwords are the easiest way in; with over one billion owned accounts and the rise of password confirmation tools, it’s easier than ever to successfully infiltrate a network.
Q: Should we be on the lookout for a reduction in the rate of cyberattacks in the coming years, or should we be bracing ourselves for a surge? What factors do you believe will be responsible for the change?
A: I expect we will see more cyber attacks, not fewer. Three factors are contributing to this new paradigm: businesses move to the cloud, the increased use of IoT devices, and the increased popularity of cryptocurrencies, which make cyber attacks trivial to monetize. When previously writing about this paradigm, I urged companies to focus on early breach detection, forensics, and incident response. All enterprises will get hacked sooner or later; what’s significant is the way they respond to the breach.
Q: Where do you see the cyber/information security sector in the next five years, especially with the projected rise in the number of connected IoT devices?
A: I expect things to be quite similar to where they are today: a proliferation of breaches, with some new attack scenarios and an increased attack surface. For example, drones, self-driving cars, and smart homes may start to get compromised and held for ransom. I also expect increased pressure on elections throughout the world from cyber attackers, and more emphasis on cyber weapons in the wars being fought.
Q: Threat detection seems to be a logical approach to avoid being attacked. Does that imply that cyber/information security attacks are avoidable if proper measures are put in place, or is there is an extent to which they can be avoided or at least mitigated?
A: No. The purpose of threat detection is not to avoid attacks. It is used to alert you of an attack in progress, and to provide context to the team responding to the incident, to minimize the damage. I don’t believe security attacks can be completely prevented with any measure. With appropriate motivation, a sophisticated attacker will always find a way to breach the target. Hence the key to this game is not avoiding the breach but deploying a layered defense strategy to reduce the risk of the breach. Similarly, deploying a car theft alarm reduces the risk of theft. Threat detection is part of this layered strategy together with other approaches, such as honeypots, personnel security training, cyber breach insurance, segmenting the network, patching vulnerabilities, etc.
Q: What security challenges do you think can be solved with the solution that REMME are offering?
A: Many network breaches don’t involve a hack in the conventional sense, i.e., the attackers are not exploiting weaknesses in the code. Rather, they’re using phishing or social engineering to compromise accounts. REMME’s solution eliminates the need for a centralized database, so there is no single point of failure. By using a distributed database, certificate centers are removed from the equation. Provided the business safeguards their private keys, there is no way for a hacker to impersonate them, or to trick an unassuming employee into handing over sensitive data or upgrading account permissions. By developing a blockchain solution that is secure but also user-friendly, REMME have made authentication easy while reducing possible attack vectors.
Source:
https://medium.com/remme/securitytalks-edition-01-210bcc6cf233