In a world of growing cyber security threats, history tells us that it pays to test and explore new technologies rather than ban or resist them.
There’s no doubt that we need to understand how these technologies can be used for malicious purposes, but it’s just as important to find out how they might be harnessed to help our customers, improve our business processes, and bolster our defensive cyber security capabilities.
Today we’re engaging with three new technologies which are changing the face of the cyber security threats we face today and into the future:
1. Deep Fakes
We know that digital photos can be manipulated or airbrushed, but deep fakes take it to the next level.
Technology has emerged to allow bad actors to create highly convincing manipulated images, audio and video, while the intersection of machine learning and video editing software has reduced the cost and complexity of creating these deep fakes.
So far, the technology has largely targeted high profile individuals – such as the Pope, Tom Cruise and Barack Obama – but there’s a growing expectation that it will become more widely used by organised crime.
Deep fake images and videos can sometimes be identified by blurred or meaningless background, or strange looking body images where fingers and hands jut out at odd angles. Technology solutions to counter deep fakes are under development. For example, content credential watermarks work by certifying real, geo-located images and videos as authentic.
In financial systems, callbacks for transactions are still an excellent defence against deep fakes, especially for high value or unusual transactions. Internally, shared secret solutions can also be deployed, whereby a rotating secret ID or codeword is set up within a group or organisation, which can be used to authenticate voice or video interactions.
2. Generative AI
Generative Artificial Intelligence is set to become more prominent in all our lives. As we’ve seen with ChatGPT, it can create new original content which is almost imperceptible from traditional human output, rather than directly copying or replicating existing data. This holds potential to transform and accelerate all kinds of business processes.
For example, a recent experiment by Westpac’s software developers showed that their productivity in writing code could be enhanced by an average of 46 per cent through the use of generative AI. Academic studies in the US have produced similar results.
Engines such as GitHub’s Copilot work essentially as an auto-complete for code. You start writing some software and the engine suggests what might follow, using its library of much of the code that exists on the Internet today. The end result usually needs a clean-up, but it’s generally 90 per cent there to being workable code, and that’s a major benefit to developer productivity.
This is also true for security software – the code that we write to protect systems, detect attacks, and rapidly respond – and so it will increasingly be a key tool in our arsenal. There are also early signs that rapidly improving AI technologies will help teams like mine protect our organisations and customers through better analysis of the massive amounts of data we collect about our systems and how they behave.
Unfortunately, criminals are also already tapping into the potential of generative AI.
Think back to our GitHub Copilot example: the machines don’t know if the code is being written by good or bad guys. And it can help them accelerate their malware development, as much as it’s helping us accelerate development of software that helps customers.
3. Quantum computing
Quantum computing is still in the development phase. If it turns out to be practical, it has huge potential to solve complex problems which traditional computers just can’t take on.
University of New South Wales Professor Michelle Simmons won the 2023 Prime Minister’s Prize for Science for her groundbreaking work in quantum computing. Her team is racing to develop the first commercially viable quantum computer by 2028.
The technology has the potential to transform almost every industry that uses data, from logistics and supply chain management to product design to financial market analysis. It can also help major corporations strengthen the security of their systems by enabling sophisticated cryptography.
Unfortunately, quantum computing will likely also have unhappy side-effects. The biggest potential future threat comes from its ability to use algorithms to break traditional encryption techniques, and so it’s important that we are prepared for this.
The good news is that increasing our resilience against quantum attacks is largely already possible. Controls that keep encrypted data away from attackers – like network security controls, and good application security – limit the opportunities for even a quantum-equipped attacker to have an impact.
Similarly, rotating encryption keys more frequently makes the attacker work harder to achieve their goals. And the process of standardising new, quantum-computing-resistant encryption technology is progressing well, shepherded by experts at the US National Institute of Standards and Technology (NIST).
With the rapid development of new technologies, the challenges faced by cyber security professionals are coming thick and fast. The key is not to panic but lean in and learn what these new technologies have to offer – and how we might use them to protect our customers and the community.
October is Cyber Security Awareness Month, a global initiative to raise awareness about cybersecurity, so everyone is empowered to protect themselves online. In Australia, this initiative is led by the Australian Cyber Security Centre (ACSC) and Westpac is a proud supporter.
For more info visit westpac.com.au/security