Artificial Intelligence, new encryption alternatives, malvertising, passwords and IoT devices dominate the evolution of online safety
AVG Technologies provides a glimpse into what we can expect in the continuing, rapid evolution of online threats and protections in 2016.
Michael McKinnon, AVG’s Security Awareness Director, has pinpointed five technologies that will change the way we connect with our digital world in 2016:
1. Artificial Intelligence (AI)
It’s not just self-driving cars that are heralding a tipping point in how intelligent software systems are influencing our lives. Advances in AI and deep learning systems are becoming much more accessible, as evidenced recently when Google open-sourced its Tensorflow AI engine project.
And, as AI security solutions start to emerge in 2016, the arms race against malicious actors on the Internet will be given a much needed boost, allowing faster responses to threats and limiting their damage. In the case of AVG, our latest antivirus engine contains a number of sophisticated neural learning and cloud-data collection techniques designed to catch malware earlier and more often.
2. Encryption and the beginning of the end for Certificate Authorities
The need to securely encrypt all website traffic via HTTPS is a growing concern. In 2016, a combination of new open standards and easier, affordable choices for bloggers and website owners will see the start of comprehensive changes.
The monopoly of Certificate Authorities to validate the identity of legitimate websites and issue expensive SSL certificates is coming to an end as news of certificate mismanagement, security mishaps and data breaches have plagued some of these monoliths.
Attractive technical alternatives – like Let’s Encrypt, currently in beta – are bound to flourish as average small bloggers and business website owners no longer have to go through arduous, costly verifications. Google’s Certificate Transparency project will continue to identify rogue SSL Certificates through detections built into modern day web browsers. And exciting prospects, such as the Internet Society’s DANE protocol, offers website owners the ability to validate their own SSL certificate and bypass a Certificate Authority altogether.
3. Malvertising. Ad Networks to shape up or ship out
It’s time for ad networks to shape up before they destroy the digital economy they helped build and before they ruin the websites that rely on advertising revenue for their livelihood.
Malvertising is a new vector being used to instantly infect thousands of victims browsing otherwise legitimate websites. It’s happening all too frequently because of questionable third party relationships and poor security affecting multiple online advertising networks.
At the root of this problem is the ‘attack surface’ of ever-growing, ever-complex advertising and tracking ‘scripts’ provided by ad networks and included by publishers (often blindly) on their websites.
4. Passwords aren’t going anywhere
The vast majority of us use the humble password to access resources across our private and work lives, and it will be with us for many years to come. It’s important to understand that passwords are a free to use concept, not a technology. Any alternative solution will be at a cost in technology or complexity, and that’s why passwords are here to stay.
Weaknesses associated with passwords, such as re-using them or not storing them safely, will no doubt continue. To minimise risks we all need to keep security awareness rising across consumer, business and enterprise.
Here are some of the alternatives starting to enter the picture.
If offered, McKinnon highly recommends the two-factor authentication (sometimes called two-step verification) access control concept.
This year, Yahoo announced a security solution using mobile devices rather than passwords for access, and Google’s Smart Lock features use the presence of other nearby devices to unlock your smartphone.
5. Bad IoT – security by design will reach boiling point Every unprotected device and appliance that is connected to a network is open to hacking – that’s every smart TV and stereo, lighting and home security system, through to newfangled fridges and self-driving cars. Cyber criminals are probing hardware, scanning the airwaves and harvesting passwords and other personal identity data from wherever they can.
McKinnon says: “We’ll continue to see many strange devices being internet connected, and without a conscious effort to include security by design. While it may be amusing to own one of the latest WiFi-enabled kettles that allow you to switch it on using your smartphone without having to put your book down, it has the potential to give up your secret WiFi key.
“Upgrading and updating all your software, devices, gadgets and equipment has never been as critical – and it becomes life or death in 2016.”
Google is pre-empting they will take responsibility for traffic infringements, and also possibly accident and injury claims that their self-driving cars are responsible for – small comfort though if you die in the process because you forgot to update your car to the latest software!
“As intelligent software systems start to pervade our lives in as yet unimaginable ways, that software may make a decision that could potentially put your life in jeopardy. It will become imperative to update software and all your devices. Your life may depend on it – perhaps not in 2016, but certainly in the years to come,” McKinnon warns.
About AVG Technologies
AVG is the online security company providing leading software and services to secure devices, data and people. AVG’s award-winning technology is delivered to over 200 million monthly active users worldwide. AVG’s Consumer portfolio includes internet security, performance optimization, location services, data controls and insights, personal privacy and identity protection for mobile devices and desktops. The AVG Business portfolio – delivered by managed service providers, VARs and resellers – offers IT administration, control and reporting, integrated security and mobile device management that simplifies protection for businesses.All trademarks are the property of their respective owners. www.avg.com
