Friend and Foe: The little-known pact at the heart of cybersecurity

0

The cybersecurity industry is based on two types of competition: that between security vendors and cybercrime attackers, and that between the vendors themselves.

What is unusual about the situation is the way these two battlefields are linked; to prevent threat actors from infecting devices malware and infiltrating corporate networks, cybersecurity vendors are often forced to strike a temporary truce.

This balance between competition and cooperation features Jaya Baloo, CISO virus protection Company Avast, as a “friendly rivalry” that allows all the biggest players in the market to work hand in hand when it matters most.

In conversation with Tech Radar Pro at MWC 2022, Baloo spoke about the unconventional relationship between vendors in the industry. She insists that the cybersecurity community’s primary focus is on protecting people from attack and that making profits is secondary.

“I don’t care what antivirus you use, as long as you use one,” she told us. “We’re still seeing so many people being attacked on so many different devices that our biggest concern is people who are completely unprotected.”

Sharing is caring

The coming years are expected to see a fusion of diverse emerging technologies that will lay the foundation for new digital experiences for consumers and businesses.

For example, at MWC 2022 there was much talk about the interplay of 5G, AI, IoT and edge computing, a heady mix that will enable use cases ranging from driverless cars to autonomous factories and more.

However, this level of interaction between technologies is bound to cause headaches for security professionals, Baloo noted, especially when new products and services are not developed with security in mind.

“There’s an organic and orgasmic coming together of technology right now,” she said. “But with that, complexity will increase, and complexity is the enemy of security.”

In such a scenario, cybersecurity companies have the best chance of protecting customers from attacks by sharing information about new vectors, vulnerabilities, and cybercriminal groups.

Toyota

The blending of technologies like 5G, AI, and edge computing will enable use cases like driverless cars, but create new challenges for security professionals. (Image credit: Toyota)

Baloo highlighted the work of the Avast Threat Intelligence Team, which regularly publishes reports on its discoveries. A last report For example, analyzed an increase in phishing attacks on Ukrainian companies in the run-up to the Russian invasion, and the previous rate covered the increase DDoS hacktivism.

When the threat intelligence team discovers a new malware strain or attack vector, Avast not only builds protections into its own services where possible, but also provides support to victims and makes its findings known to the wider community, Baloo said.

“We work with all the people you think we would fight against. There’s a very healthy level of dialogue throughout the ecosystem,” she told us.

“That’s why it’s so much fun; We team up with like-minded people to take down the bad guys. I love our threat intelligence work.”

When asked if there were instances where Avast would not share information, such as when withholding information had the potential to confer a competitive advantage, Balu shook his head disapprovingly. “When it comes to information about the bad guys, we share it. As simple as that.”

go in blind

For the past year, the cybersecurity news cycle has been dominated by the SolarWinds attack and the Log4J vulnerability, both of which highlighted the dangers of the software supply chain, a source of risk often overlooked by organizations.

Despite the excitement surrounding both incidents, Baloo said she expects to see more of the same in 2022 as the necessary lessons have not yet been learned.

“Supply chain attacks are going nowhere,” she said. “The biggest problem is that we don’t fully understand our potential vulnerabilities.”

“We’ve reached a certain level of maturity in terms of the technologies we’re using, but we don’t understand how they link together to create vulnerabilities.”

This is an issue that affects open source software as much as it affects proprietary services, notes Baloo. The fact that code is available to everyone doesn’t necessarily mean that someone has done it with due diligence, as Log4j has demonstrated.

Here's how to see Biden's inauguration day 2021

New guidance in the US requires software vendors to provide a comprehensive SBOM as part of the government procurement process. (Credit: ANGELA WEISS/AFP via Getty Images)

However, Baloo is optimistic that regulations requiring companies to better monitor their software bill of materials (SBOM) could play a role in mitigating risk for their customers.

After the SolarWinds attack, for example, US President Biden has one supreme command that led to new ones guidance This requires software vendors to provide a comprehensive SBOM as part of the public procurement process.

The US has stopped requiring vendors to provide SBOMs to all customers, but there is hope that this practice will become more widespread and that new regulations will at least raise the profile of supply chain-related risks.

The Next Frontier

Not only are cybersecurity companies tasked with anticipating the types of attacks that might threaten customers in the near term, they also need to look further ahead and into the distance.

Another emerging technology field that is expected to have a significant impact on the cybersecurity landscape is quantum computing, which happens to be an additional area of ​​expertise for Baloo, who advises the World Economic Forum on the topic.

Quantum computers solve problems in a completely different way than classical machines, exploiting a phenomenon known as superposition (where subatomic particles exist in multiple states simultaneously) to perform certain calculations many times faster than is currently possible.

Although the most powerful in the world quantum processors currently provide too few quantum bits (qubits) to provide a meaningful advantage over traditional supercomputers, the maturation of quantum computing will create various problems from a security perspective.

Most importantly, large quantum computers have enough horsepower to break modern cryptography. It is therefore a mistake to assume that information protected by encryption today will remain secure for years to come. Government-sponsored threat actors may already be collecting large amounts of encrypted data in hopes of one day being able to access it.

Microsoft quantum computing

A closeup of a quantum computer. (Image credit: Microsoft)

“Quantum computing will answer fundamental scientific questions like a needle-in-a-haystack,” Baloo noted. “But we’re screwed once we have a quantum computer capable of cracking the current encryption.”

“To reap the benefits of quantum computing, we need a new set of cryptographic algorithms that are unbreakable even with a quantum computer. As a cybersecurity community, we need forward-thinking defenses, so we are prepared for these types of challenges.”

Again, this is an issue that will require security firms to work closely together in the years to come, both to develop new quantum-proof algorithms and to push for regulation that ensures the most vulnerable parts of the economy are “quantum-ready”.

In a scenario where quantum-secure technologies are not evolving as rapidly as quantum computing, the foundations of modern cybersecurity will be jeopardized.

And the clock is ticking, Baloo warned.

Share.

About Author

Comments are closed.