At the recent annual Kaspersky Next event, speakers from Kaspersky Lab, Oxford University, Cyber Security Capital, Titania, the Electronic Frontier Foundation and the Serbian Information Comissioner’s Office came together in Barcelona to discuss what’s next for the industry and for technology.
Experts discussed what’s next for the industry, and for technology, looking at topics that ranged from women in cyber security, digital privacy and the evolution of industrial cyber attacks.
Here are eight of the most interesting insights from this year’s conference, including the range of uses for stolen data, the international agreement not to use autonomous weapons, the growing skills gap, hacking brains for memory manipulation and more:
1. Stolen data has more than just one use for cyber criminals
Stolen data has a very limited resale value, David Jacoby from Kaspersky Lab estimates you are only worth about $50 on the black market – so why do our accounts and identities remain an attractive target for cybercriminals? David explained how trading in stolen accounts is an easy way for criminals to launder money for more sinister criminal activity such as drug dealing, human trafficking and the selling of arms.
2. Nation states are beginning to use publicly available tools
Christian Funk from Kaspersky Lab has been seeing that, to avoid attribution, Nation State threat actors have started using publicly available tools for pen testing, network administration or just Windows Powershell. Then, during incident response and analysis, it is impossible for researchers to find the code similarities between distinct samples that would usually a sure-fire way to attribute the attack.
3. By 2022, the skills gap between available cybersecurity professionals and unfilled positions will be 1.8 million
Jane Frankland, author of IN Security, explained how by developing a more diverse workforce and recruiting people with diverse skills in communication, creativity and management can help us get ahead of the cyber criminals by challenging conventional thinking. She reminds the industry that simply by interacting with people who are different forces us to prepare better, anticipate alternative viewpoints & expect that reaching consensus will take effort. Ilijana Vavan, Managing Director of Kaspersky Lab Europe, then also joined Jane on stage to talk about her approach to getting more women into a cyber security career, and how Kaspersky’s CyberStarts initiative is the company’s commitment to diversifying talent.
4. Hacktivists modified the chemical mix of a water company’s supply by accident.
In her talk on the evolution of attacks on industrial control systems, Noushin Shabbab gave us examples of when cybercriminals have successfully carried out attacks on these systems, reminding us that it is a real threat that is already underway. In 2016, a Swiss water company using a 1980s IBM server was hacked by a group who managed to modify the application settings affecting the chemical balance of the water with apparently very little knowledge of what they were actually doing.
5. To ensure the physical safety of a patient, security is ignored
In their ‘Memory Market’ presentation, Dmitry Galov, Kaspersky Lab; Denis Makrushin, independent researcher and Laurie Pycroft, Oxford University, told the audience about the conflict for medical implant developers as brain implants become more sophisticated and connected. Since such an implant needs to be controlled by physicians remotely in emergency situations, it needs to be fitted with some sort of software ‘backdoor’, therefore opening the risk of being manipulated by threat actors.
6. Within 30 years our memories could be completely controlled by others
Dmitry and Laurie predict that by the 2020s, it will be possible to electronically record the brain signals that build memories, then enhance or rewrite and reinstall them in the brain. By the 2030s, the first commercial memory boosting technology will be available and, by the 20140s, this technology will be able to give extensive control over our own, or others’, memories.
7. There is a global agreement never to use autonomous weapons
Nicola Whiting from Titania took the audience through the good and bad of AI. She revealed that the European Parliament passed a resolution calling for an international ban on lethal autonomous weapons systems (LAWS) on the grounds of their “potential to fundamentally change warfare by prompting an unprecedented and uncontrolled arms race,” as well as “fundamental ethical and legal questions of human control.”
3,000 A.I. and robotics researchers, including 116 founders of leading robotics and artificial intelligence companies, influenced this resolution, warning about lethal autonomous weapon systems, and pledging “never to develop, produce or use lethal autonomous weapon systems.”
8. Privacy is not dead
Marco Preuss from Kaspersky Lab, Eva Galperin from the Electronic Frontier Foundation and Nevena Ruzic from the Serbian Information Comissioner’s Office discussed the realities of protecting privacy in today’s age of data promiscuity. Each came from a different background and angle on the topic but agreed that with the GDPR, tools like the new Privacy Audit and sites like haveibeenpwned.com, it’s possible to get a control of where your data is to start regaining control of it.