With the ever present threat of increasingly sophisticated cyber attacks, the need for sophisticated cybersecurity increases as well. But this isn’t as simple as creating more difficult passwords and regular password resets. In fact, passwords may even become obsolete, as numerous security researchers (including Microsoft) point out that mandatory password resets offer very low value mitigation.
The problem is that modern hackers have built password dictionary with millions of word combinations, including symbols. Furthermore, modern graphics card processors, such as Nvidia’s RTX 2080 Ti, are able to crack 102.8 billion hashes per second. This means that 8 to 12 character passwords can be cracked in a matter of hours.
Numerous research papers also predict that quantum computers, though not available for a number of years, will be able to crack 128 and 256 bit encryption keys in virtually no time.
In this article, we’re going to look at how cybersecurity is evolving alongside cyber threats, and what the team at Antivirus Best believes the future of cybersecurity will look like.
Public key cryptography is a crucial element that provides security for transactions on the blockchain. Secure private keys for digital assets: Private and public keys are digital assets that, when combined, form a digital signature for an individual, thus enabling the secure transfer of data, money or information. This is how private and public keys work together: when combined, they unlock secured data.
Advances in artificial intelligence and machine learning are creating a future where companies will be able to use smart tools as a primary defense against cyber attacks. For example, in the current day, a company needs to rely on the IT team to create firewall policies, backup schedules, event monitoring, and incident response.
Future generations of firewall will have machine learning capabilities built into them, which means the AI will be able to recognize patterns of attack, and perform the appropriate countermeasures. Furthermore, AI systems will be able to pinpoint where cyberattacks originate from, by scanning large portions of data across the internet.
The current dilemma is that security products built on AI framework are inherently expensive, which leave SMBs unable to afford the technology – and SMBs make a large percentage of ransomware and data breach attacks. Fortunately, hybrid tools are a viable option that already exist on the market, it’s a matter of hiring IT personnel that possess the necessary skills.
Goodbye passwords – sort of!
A major trend in security is moving away from passwords, which has been developing for numerous years. Of course we haven’t yet gotten rid of passwords entirely, and are simply adding layers of protection such as two-factor authentication, biometric recognition, encrypted password managers, or zero login (being asked to confirm your identity when logging into your bank from a new device, for example).
However, in the future, passwords will likely become a final resort of verifying a user’s identity, and will only be asked if a login attempt is deemed suspicious. This will be thanks to a number of things, including artificial intelligence, and more sophisticated methods of user recognition.
For example, Amazon recently experimented with user behavioural characteristics, such as typing speed and pressure applied to the touchscreen as vectors for user recognition.
Uri Rivner, Chief Cyber Officer at biometrics firm BioCatch, explained it thusly:
“[…] Behavioral biometrics looks at digital end users – anyone accessing their account via PC, smartphone, tablet, etc. The data that the system collects is how the user interacts with the application: they way they hold and touch the device, the way they move the mouse or type. So it’s all digital.”
An example of this technology you can try for yourself is TypingDNA’s two-factor authentication. It is a browser extension that watches your typing pattern as you enter your password, and learns how quickly you type, your average mistakes while typing your password, etc. Thus, even if another person learns your password, they cannot emulate how you type your password.