But perhaps that’s only the tip of the iceberg, and despite our best efforts, this interconnected future to which we’re headed might require a bit more on our end.
ICT, Privacy, Security and Intelligence Lawyer Stefano Mele outlined the potential dangers we will be facing in the future vis-à-vis the ever-increasing reliance on all things digital.
The Internet was not created with security as its main objective, but had been designed to be open with distributed control and mutual trust among users. Therefore, the future of digital security is not so “bright”, and the so-called “Internet of Things” will complicate the cyber-security scenario very soon.
So how can people and companies protect themselves from theft of sensitive data and invasion of supposedly secured systems? Will investing in new cybersecurity software and hardware pay off? Apart from passwords, there is one other method of authentication which is becoming increasingly commonplace – and it’s almost always used by banks which provide online services to their clients. One of its names is “two-factor authentication”, and essentially it’s a password complemented with a security code which is sent by the system being access to a physical device possessed by the client – typically, their phone. Unfortunately, there are ways even this system can be compromised – by simply stealing the phone, for example.
Dr. Tony Coulson, Director of The Information Assurance & Security Management Center of the CSUSB, points out some of the flaws of what we previously thought would be the future of authentication – take for instance, fingerprint scanning.
Biometrics has not been as significant as we thought it once was. We used to say “Everybody has a unique fingerprint.” That is true, biologically, but the sensors that read fingerprints, as much as the assurances of many companies saying that can read multiple points and so on… there’s been many attacks and proof of concept to show that that part of biometrics doesn’t necessarily work well.
Dr Coulson also believes the question of “what’s next?” cannot be answered easily.
There’s a lot of research being done right now, we’re actually doing some research right here, with an EEG reader that you can put on your head. People can “think their password”, if you will. It emits a certain brain wave that allows them to log in. Is that the future of authentication?
It’s very hard to say what it’s going to look like. What we do know in today’s world is that your identity is very precious. We need to come up with creative yet convenient ways to access the information and to verify who they are.
So, how should we prepare for the troublesome future? Here’s what Mr. Mele suggests.
In my opinion, the most relevant cyber-security problem is between the keyboard and the chair. Awareness is the answer to this problem. But this should be a very wide awareness program, because the civilians – all the State’s citizens – are the weakest ring of the cyber-security chain.
People, for example, should strive to protect themselves by always choosing strong cryptography, complex passwords and multi-step authentication, using only security-by-design software. However, those are very important technical cyber-security remedies that can boost cyber-security, but, again, awareness is the real key to success.
It all boils down to this – users should not only be aware of available methods of digital protection, but also be responsible with information they possess. But will our information that third parties possess remain secure? Time will tell.
