By Ajay Singh, Author of CyberStrong! A Primer on Cyber Risk Management for Business Managers

Artificial Intelligence (AI) has boosted productivity, enhanced the quality of decision making and provided solutions to many complex problems. AI comprises a wide range of algorithms, models, and analytical technologies working in tandem to enable computers and other machines to sense, evaluate, act autonomously and even learn with human-like capabilities. While it is considered among the most disruptive technologies to revolutionize the management and business models of organizations, it has also changed the way we live, work, learn and play. Unwittingly, it has also kick-started a great game in cyberspace between hackers deploying AI for their nefarious goals and defenders who use AI for identifying threats and shoring up their defenses. It may be early days yet, but the AI-driven cyber arms race in cyberspace is truly underway between hackers and defenders and is expected to go on for a long time to come.

Bruce Schneier a public-interest technologist and fellow at the Harvard Kennedy School suggests that ‘artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage. He further goes on to say that ‘Hackers Used to Be Humans. Soon, AIs Will Hack Humanity’(Hackers Used to Be Humans. Soon, AIs Will Hack Humanity | WIRED, n.d.). Is this an extreme view? A closer look at issues around the use of artificial intelligence will tell us that we are well on our way.

To understand the issues involved, we need to examine the role of AI in offensive maneuvers by hackers and how AI can help the defenders.

AI is a powerful weapon for hackers

The weaponization of AI was inevitable. As the defenders got their act together and began to close vulnerability gaps and protect entry points, hackers found AI as a useful way to not only find innovative ways to get past defenses but also to automate a lot of human effort. AI proved a valuable addition to their arsenal which helped them to add speed, stealth, and unpredictability into their attacks. Further advances in the form of Machine Learning (ML) enabled them to even adapt and boost their chances of success of the attacks.

The World Economic Forum in a report(3 Ways AI Will Change the Nature of Cyber Attacks | World Economic Forum, n.d.) suggests that AI-powered cyberattacks are not a hypothetical threat to be dealt with in the future.  They observe that the required building blocks for the use of offensive AI are already in place such as -highly sophisticated malware, financially motivated – and ruthless – criminals willing to use any means possible to increase their return on investment, and open-source AI research projects which make highly valuable information available in the public domain.  They further propose that AI can change the nature of cyber-attacks. Firstly, through impersonation of users by using AI to capture the characteristics of an individual’s behavior and language by analyzing email and social media communications. Secondly, using AI for stealth, timing, and speed. Hackers can use AI to maintain a long-term presence in targeted environments, identify vulnerabilities and attack opportunities by analyzing large volumes of data as well evade security controls and compromise more devices. Thirdly, AI is useful for hackers in incorporating greater levels of sophistication and conducting their operations at great speed and at many times the scale. It is worth mentioning hackers today can cause greater harm by sourcing or renting advanced AI-driven technologies on the darknet and deploying them without having the skill and knowledge to develop them. This easy availability makes the threat for AI-driven attacks a major cause for concern and raises the table stakes in the security game to another level.

Hackers have recognized that AI can boost their efforts and criminal activities in a big way.  It allows them to operate on a bigger scale with the added benefits of speed, minimum effort, and cost. Some of the areas where they have been actively using AI are as follows:

AI-powered Phishing

To be able to harvest credentials and launch mass bespoke phishing attacks was every hacker’s dream. Today, by deploying AI, they can firstly gather, analyze, and use information about companies, employees, and other targets more easily and quickly. This capability enables them to plan and execute targeted mass spear-phishing attacks with greater chances of success on unsuspecting victims.

AI for Deep Fakes & deception

Spoofing and impersonation are techniques that have been used by hackers for some time now by impersonating a company, brand, or known person. Now, they can use deep fakes which combine audio and/or video that is either entirely created or modified by artificial intelligence or machine learning to plausibly misrepresent someone as doing or saying something that the hacker wants to convey. The story of a CEO of a UK Energy based company who was deceived through deep fake audio is an example of the kind of damage a deep fake can cause. In this instance, cybercriminals called the U.K. company’s CEO impersonating the CEO of the parent company and managed to deceive him into making an urgent wire transfer of $243,000.

The threat from this kind of AI-driven deep fakes is set to rise further as cybercriminals are taking advantage of remote workers and a distributed workforce which makes their job of manipulation easier. It also enables them to launch more deceptive phishing campaigns via email or business communication platforms which serve as useful delivery mechanisms for deep fakes. As users are more likely to trust organizational communications from known sources, the hackers’ chances of success are much greater. The next frontier for deep fake technology also known as AI that deceives is to defeat biometric authentication. For now, the answer is that it is possible but fails in the face of a ’liveness’ test which is performed to if the biometric traits are from a living person rather than an artificial or lifeless person. Only time will tell if deep fakes can evolve to defeat this.

AI-powered Malware

Conventional malware is designed to be both deceptive and malicious. Introducing AI into malware can make it much more potent and powerful. A malware that is AI-powered can be capable of adapting to existing protection systems and finding ways of bypassing them. There are experts who feel that AI-powered malware will initially be based on the exploitation of known vulnerabilities and misconfigurations which can be detected through security audits and vigilance and prompt action can neutralize the potential threat from materializing. Hackers are meanwhile exploring ways in which AI can be used to remain untraced in target environments for long periods of time and activate triggers that can be voice or facial recognition driven among others to launch full-scale attacks

AI-driven Vulnerability discovery & Automated Hacking

The use of AI and ML has not only made the discovery of vulnerabilities in IT infrastructure, software, and systems easier but has provided ways of understanding the context, developing risk scores for prioritizing risk mitigation actions, and correlating them to vulnerability trends. However, the same information in the wrong hands can lead to exploitation of vulnerabilities in ways by which hackers can inflict maximum knowledge. Today, many hacking tools are easily available that help in finding exploitable weaknesses in computer systems, web applications, servers, and networks. To develop a clear picture of their target networks and devices, hackers can use programs like Shodan to compile a comprehensive list of internet-connected devices, including web servers, surveillance cameras, webcams, and printers. Once all this information is gathered, hackers use automated hacking tools to minimize human efforts and give them the ability to scrutinize large amounts of information which they can then exploit to their advantage. Examples of automated hacking attacks include brute force attacks, credential stuffing, hacker bots, scraping, captcha bypass, etc. These attacks can vary in scale, timing, duration, and frequency and AI is useful in exercising control over these attacks. 

AI-powered botnets

DDoS attacks, which use botnets or zombie machines, often involve the use of AI to control attacks and make them more devastating. The cyberattack against TaskRabbit in 2018 is a prime example where a large botnet controlled by AI was used to perform a massive DDoS attack where 3.75 million users were impacted. The magnitude of the attack was such that the entire site had to be disabled until security could be restored. This further affected an additional 141 million users.

The above modes of attack powered by AI are not the only ones. Hackers have tasted the power of AI and learned to harness it to make their attacks more effective. On the other hand, the induction of AI in the hacker’s arsenal can lead to wide-ranging consequences for businesses, governments, and society at large. There is a thriving market for tools and services which hackers regardless of their technical capability can access and use. AI-based tools are increasingly available to help hackers identify targets and launch attacks in minutes. A greater worry relates to the use of AI in new malware strains that can avoid detection or evade defenses by modifying their behavior based on their learning from detection mechanisms and controls.

A recent variation of a typical botnet attack was that of bot extortion where hackers threatened to launch an SEO attack on CheapAir, a flight price comparison website. When the company refused to pay the money demanded by the hackers, they unleashed a torrent of negative reviews via bots(Automated Cyber Attacks Are the Next Big Threat. Ever Hear of “Review Bombing”? n.d.).

In the future, we can expect hackers to add many use cases involving artificial intelligence/ machine learning to enable cyber-attacks which will be both dramatic in the way they are crafted and massive in scale to cause unprecedented damage on organizations, mission critical systems, and individuals.

Fighting AI with AI

While hackers can use AI for gaining an offensive advantage, equally defenders can use AI to bolster their defenses. The same advantages of speed, analyzing vast amounts of data, and automating various aspects of cybersecurity hold great promise for the defenders. Security experts and solution providers are actively engaged in harnessing the capabilities of AI and incorporating them into security solutions. The rising frequency of cyber threats and attacks leaves organizations (particularly large ones) little choice but to use AI-enabled security tools and products that can enable them to detect and respond quickly to cybersecurity incidents with limited or no human intervention. 

AI for Security Threat Intelligence

The use of threat intelligence in cyberspace draws its origins from its use by militaries around the world to identify and respond to potential security threats. Cyber threat intelligence refers to information that is collated and analyzed by an organization to identify the cyber threats that they are facing or will face in the future. Threat intelligence today involves the analysis of large amounts of data on an ongoing basis which is where the role of AI and machine learning becomes critical. Several research reports support the view that AI is necessary for making the analysis of threats more efficient as well as in taking preventive and preemptive security decisions and actions.

AI for identifying new threats and malicious activities

Traditional antivirus and threat detection software are based mainly on heuristics and virus signatures for detection. This leaves room for hackers to use new malicious codes which can bypass such protection systems. AI and ML models enable threat detection software to gather, process, and use it to form inferences which can lead to better threat detection and predictions. Deep learning which enables learning by example ability can further augment threat detection abilities.

Emails are the preferred method of hackers to deliver malicious links and attachments for launching phishing forays. Surveys indicate that spam accounts for over half of received emails. Much of this could contain malicious links and payloads. AI-enabled email scanning has proved to be extremely useful in identifying phishing emails and other types of threats and given the volumes of emails involved seems the only way not only for identification of malicious links, messages, and attachments, but also flagging suspicious activities and anomalies.

Threats can emanate not only from external sources (hackers), but from internal sources (insiders) as well. AI is increasingly being deployed to understand and analyze user behavior to identify patterns, trends, anomalies, and gain other insights to implement necessary security controls and enable appropriate security actions.

AI for better Endpoint Protection

As we continue to add more devices connected to the Internet every day, securing these endpoint devices has become critical. The concept of defending a well-defined corporate perimeter is over. Instead, we are faced with protecting a large number of devices distributed across geographies, users, and applications. AI-driven endpoint protection ensures that a baseline for endpoint device behavior is established, monitored, and maintained. Deviant behavior from the baseline can be identified and flagged for further actions.

AI for combating Bots

Combatting bot traffic through manual systems is no longer effective when it comes to dealing with the large amount of bot traffic that is generated today. AI and ML can help analyze vast amounts of data traffic as well as distinguish and categorize the same.

While the above represents a few important use cases for AI in bolstering cybersecurity, there are many more. The Capgemini Research Institute in their report (Reinventing Cybersecurity with Artificial Intelligence – Capgemini Worldwide, n.d.) on the role of AI in cybersecurity found that: 

• The use of AI for cybersecurity is a growing necessity
• The pace of adoption of AI for cybersecurity is increasing
• There is a strong business case for using AI for cybersecurity
• AI enables organizations to respond faster to breaches

Just as the weaponization of AI by hackers was inevitable so is its increasing use by defenders. As networks become larger, distributed, and support diverse devices, data traffic increases manyfold every year and it becomes more difficult to deal with the associated complexities, the use of AI seems like the best way to deal with not only threat and security management but issues such as accountability, transparency, privacy, safety, and fairness.

A peek into the future may show that innovations in AI may lead to AI systems attacking and defending against each other making us bystanders hoping for the best outcome. Before the AI vs AI arms race escalates to this level and we possibly lose complete control over these technologies, we must adopt a hybrid approach that combines the power of AI and human intervention (wherever and whenever) required to identify, analyze, predict, and even resolve new and complex cyber threats.  AI is a great source of innovation in many spheres of our existence. While it can provide immense benefits, in the wrong hands can cause large-scale damage. In times to come, we will see the great game between the hackers and defenders play out with the stakes going up in each round.

No company wants to experience a data breach, but it can happen, and it happens more often than you might think.

Many cybersecurity measures can be used to prevent data breaches. However, malicious actors will still find ways to infiltrate your network, take advantage of employee passwords, and capitalize on other vulnerabilities.

Below, we’ll cover how consumers should react to data breaches and how companies can protect themselves if they’ve experienced a breach.

Consumer Actions to Take Following a Data Breach

Data breaches have increased due to the COVID-19 pandemic, and it’s not expected that they’ll let up anytime soon. High-profile incidents have been reported, including ransomware, supply chain attacks, and hackers exploiting vulnerabilities.

Now is the time to consider preparing for a cybersecurity breach or data loss, as it’s becoming a prevalent issue across various industries. Below are some steps to take immediately after a data breach if you’re a consumer.

1. Find Out What Data Was Stolen

Many states have laws protecting consumers and requiring businesses to inform their customers about data breaches. Now would be a good time to consider seeking identity theft protection services, especially if sensitive data, such as Social Security numbers or banking information, was exposed during the breach.

Consider speaking with the company that experienced the breach and learning what types of data are compromised. Read the details of any reports from the company explaining the breach so you know what steps to take next.

1. Change Passwords

This is a crucial step to take to protect your information from being stolen or sold on the Dark Web. Even if your passwords were not exposed during a breach, it’s best to assume the worst and change it anyway.

Make sure you’re using capital letters and special characters, and be sure to use unique passwords for all the various online accounts you use. This will make a hacker’s job much more difficult and provide you with strong protection. Many people will use an additional layer of security, known as two-factor authentication, to secure their devices and accounts.

3. Check Financial Records

Finally, you should look into your finances and ensure that no money was stolen or if any charges look suspicious. It’s best to alert your bank that a data breach has occurred and look at your statements to check for these potential fraudulent charges.

You can also request a free credit report, which will show you if any new accounts were opened in your name. It’s wise to be proactive during this time to protect yourself and your information adequately.

These three steps will help you manage your financial situation and ensure your accounts are not compromised. Below, we’ll explore some steps that companies should take after they’ve experienced a data breach.

Steps Companies Should Take After a Breach

No company wants to deal with a data breach in the first place, but time is of the essence to lessen the impact of the breach itself.

1. Be Transparent With Employees and Customers

It’s recommended that you adopt a spirit of transparency when a breach occurs. Letting internal employees and your customers know that their data could be compromised will help them take steps to lessen the impact of the breach. Your business reputation could be at stake if you’re not adamant about sharing details of the breach.

Suppose you decide to take an alternative approach and keep breaches a secret. In that case, it could lead to lawsuits, loss of employees, or backlash from customers who had their data stolen or even sold on the Dark Web. This is why it’s vital to be open and honest about the breach that occurred.

2. Secure Systems and Identify Where the Breach Occurred

Preventing more data from being exposed should be paramount for all companies. Be sure to secure your systems, identify what data may have been disclosed, and investigate the circumstances of the breach. Keep track of all the breach details and communicate with your IT department.

It’s wise to change access codes and passwords to prevent further intrusion. Also, consider shutting down remote access for your systems out of an abundance of caution.

3. Implement New Cybersecurity Measures to Fill Gaps

Because a breach occurred, you now know the vulnerabilities and weaknesses in your existing cybersecurity measures. It would help if you implemented new ways to protect against malicious actors.

Now is the time to focus on rebuilding, restructuring, or strengthening your existing cybersecurity practices to prevent future incidents. Patch up the holes in your systems and make a hacker’s job more difficult using the best cybersecurity practices.

4. Build a Disaster Recovery Plan

While many companies take precautionary measures with their cybersecurity, these breaches still happen, and being prepared can help make the breach less likely to harm customers. Following a data breach, the last step you should take is to build a disaster recovery plan.

Here are some steps to take when building a disaster recovery plan:

● Identify potential threats

● Assess your downtime tolerance

● Find viable solutions to use in case of a breach

● Train employees about procedures and what to expect if a breach occurs

Both customers and companies need to recognize the importance of preparing for a potential data breach. Preparedness plays a significant role in lessening the impact of a breach.

Take the Proper Steps Following a Data Breach

If you’ve realized your company has suffered a data breach, some steps must be taken to lessen the impact and damage the breach causes. It’s possible that, depending on your specific case, you may need to take alternate measures to protect your data. However, customers and companies can benefit from following the outlined steps listed above.

The use of VPN vs Encryption is an important topic due to the increasingly remote workforce. For example, at least 4.7 million people in the US prefer working remotely, and Global Workplace Analytics estimates 25-30% of employees worldwide will be remote-based by the end of 2021.

More than 36 million Americans will be working remotely. That said, whether employees are working remotely from home, the airport, or a local coffee shop, they require secure access and connection to organizational networks and resources. In most cases, they may connect to company networks using their home Wi-Fi or local networks, whose security shortcomings leave little to be desired.

For example, connecting mobile devices to a public wireless network connection and transmitting sensitive information like credit card numbers exposes online security risks, such as interception and eavesdropping. In addition, attackers can exploit security weaknesses, such as misconfigured Wi-Fi routers, weak password security, and outdated router firmware to intercept and steal sensitive data. With experts predicting that the number of public Wi-Fi hotspots may exceed 628 million by 2023, hackers will be looking to exploit increasing vulnerabilities. Some of the top wireless network threats are:

1. Personal data interception: Attackers can snoop around wireless networks to intercept web browser traffic/online activity and exfiltrate personal information, such as credit card information, IP addresses, to a remote server. A 2021 report forecasts that theft of personal data will affect at least 250/ million individuals, although more than 310 million people were data theft victims in 2020. Due to this, most organizations urge employees to use a virtual private network (VPN) when establishing remote access to ensure online privacy.
2. Increased attacks on companies: Some employees may use a public network to send sensitive emails without establishing a VPN server connection. The network could be a rogue access point under a hacker’s control. Most organizations have implemented various security measures to protect internal networks from attacks, but connecting to the networks using insecure and unencrypted public Wi-Fi networks may result in cyberattacks.
3. Man-in-the-middle attacks: These are common techniques attackers use to impersonate to eavesdrop on user connections and communications. Essentially, attackers position themselves between a user and a server, enabling them to capture all transmitted information and network traffic. In 2020, man-in-the-middle attackers contributed 16% of all reported network attacks, underscoring the essence of implementing recommended network security measures like VPN services and encryption mechanisms.
4. Network snooping: Network snooping is one of the popular methods that man-in-the-middle attackers use to monitor and intercept outgoing and incoming network traffic. The attacks are relatively easy to launch and execute since adversaries require scanning tools, such as Wireshark, to scan for network security loopholes and exploit them to snoop transmitted traffic. As such, adversaries can easily see and intercept sensitive information, including credit card information, passwords, and crucial business data.

Securing Your Network with Encryption

Numerous organizations constantly suffer unending network security flaws and breaches, threatening the confidentiality, availability, and integrity of essential network resources, applications, and data. Suffice to say, there is no single entity that can achieve the perfect cybersecurity posture to protect data from unwanted access, ward of attacks, and prevent data breaches entirely. In this case, organizational cybersecurity teams and employees must take stringent security actions to protect sensitive information and ensure robust network security.

Securing network communications requires the implementation of recommended security controls, among them being HTTPS encryption, SSL encryption, and consistent use of VPN provider technologies. In reality, strong network security calls for deploying and configuring encryption approaches and VPN services from proven VPN vendors. Some of the vital network security measures to consider include:

1.     HTTPS Encryption

HTTPS encryption protects network communications and information from unauthorized access, tampering, and unauthorized modification by encrypting the HTTP connections. As a result, accessing websites with HTTPS encryption implies that cyber adversaries are less likely to access, read, or modify the contents transmitted between your browser and a web server. However, users are not responsible and do not have control over HTTPS encryption since a website operator is responsible for setting up and configuring a secure HTTPS connection.

Users should note that not all sites contain the essential HTTPS encryption. Websites whose URLs begin with HTTP only mean that users communicate with a web server via an insecure connection since it does not encrypt the transmitted traffic. Accessing websites lacking HTTPS encryption poses significant security threats, such as man-in-the-middle attacks, where hackers can intercept and modify communicated data. Worse, accessing sites without HTTPS encryption can permit attackers to inject spyware and malware on your computer, which may cause an entire organization to be vulnerable to multiple attacks.

For example, one of the greatest threats of accessing websites lacking HTTPS encryption is injection attacks, where hackers can inject HTML and JavaScript payloads into the unencrypted network traffic. Once the payloads execute, sophisticated threat actors may launch devastating attacks, including Denial of Service (DoS) attacks, preventing victim companies from continuing daily business activities. However, it is worth noting that an HTTPS encryption protocol alone does secure your network connections adequately. Other internet activities also require unique encryption mechanisms.

2.     Encrypting Wireless Routers

Wireless connections are susceptible to numerous online attacks since companies don’t require a physical connection to their networks. Attackers can thus target Wi-Fi networks to steal data remotely. For example, an adversary can access and intercept wireless network communications using readily available hacking tools from the parking lot. Luckily, it is easy to secure a wireless network by encrypting a Wi-Fi router.

The highest recommended router encryption method is the WAP2 encryption standard. Companies can access the WAP2 encryption standard by login into the Wi-Fi router’s page and enabling it in the router settings. Turning on the WAP2 encryption standard secures a wireless network by encrypting data transmitted between a wireless device and the Wi-Fi network. Wireless router encryption prevents attackers from eavesdropping on the network traffic transmitted via a Wi-Fi connection, preventing unauthorized access to sensitive information.

In addition, encrypting a wireless router ensures network integrity by enabling an authentication protocol to prevent malicious users from connecting. Unencrypted routers can allow unauthorized users to connect to a wireless network, intercept, and exfiltrate confidential data. Also, malicious actors can connect to unencrypted Wi-Fi networks and use them for illegal activities. Unauthorized access to a network not only poses a security risk but also threatens network performance and speed.

3.     SSL/TLS Encryption

SSL/TLS is a recommended network encryption standard that ensures secure communication between a web server and a client. SSL (Secure Sockets Layer) is an older version than TLS (Transport Layer Security), which experts consider more secure. However, they serve the same purpose – encrypt network traffic to protect data transmitted through an internet or computer network.

Implementing SSL/TLS encryption prevents internet service providers and adversarial actors from viewing, accessing, or tampering with information shared between two nodes – often between an app or web server and a web browser. Website owners and administrators have the prerogative to implement SSL/TLS encryption to ensure an encrypted secure connection for the secure exchange of sensitive information, including payment data, passwords, and personal information.

Specifically, SSL/TLS utilizes symmetric and asymmetric encryption to preserve the integrity and confidentiality of data in transit. Asymmetric encryption provides a secure session when a client requests information from a server. Similarly, symmetric encryption also ensures a secure session to ensure the security of transmitted data. Companies require to purchase and implement an SSL/TLS certificate for their domains and web servers to use the SSL/TLS encryption standards. Upon the installation of the SSL/TLS certificate, a client can communicate with a server securely, as demonstrated in the following steps:

1. The client uses a secure HTTPS URL to contact and connect to a server.
2. Once the server receives a connection request, it uses a public key to send its certificate to the client.
3. The client uses a Trusted Root Certification Authority to verify the server’s certificate to ascertain that it is legitimate.
4. The server and the client then negotiate a strong encryption type that they both support.
5. The client then encrypts a secret key, also called the session key, using the server’s public key, which is then sent back to the server.
6. The server receives the public key and uses its private key to decrypt the traffic or communication received from the client.
7. SSL/TLS uses symmetric encryption (session key) to encrypt data and decrypt it as it is exchanged between the server and the client.

A complete handshake negotiation permits the server and client to use HTTPS (SSL/TLS over HTTP) to encrypt all transmitted data. You can validate that a website is SSL/TLS enabled by checking if it has a lock icon on the browser’s address bar. After a user stops accessing a website, the server and client discard their encryption keys and negotiate a new handshake once a user tries to access a website on the next visit. SSL/TLS encryption enhances security by ensuring the integrity and confidentiality of transmitted data. Nevertheless, cybercriminals can also use encryption to inject malicious payloads. Therefore, it is vital to implement inspection tools like IDS/IPS, secure web gateways, and next-generation firewalls to ensure effective SSL/TLS decryption.

Securing Your Network Using a VPN vs Encryption

HTTPS, SSL/TLS, and router encryption provide important functionalities protecting users’ online activities. Although most users grapple with which is better between network encryption and the use of a VPN service, they are great security tools for securing online communications. In addition, you can use them to complement each other for enhanced security and a more secure browsing experience.

While encryption ensures the integrity and confidentiality of online activities by encrypting network traffic and communications to prevent unauthorized access, a VPN service hides a user’s online identity. As a result, VPN protocols hide data and user activities from snooping governments, internet service providers, and malicious cyber adversaries. In particular, a VPN provides an encrypted secure tunnel between devices like mobile devices, laptops, tablets, desktop computers, and laptops and insecure networks like public Wi-Fis.

Using a VPN requires organizations to acquire VPN clients for employees from a trusted virtual private network provider and install them in devices used to communicate sensitive information. You can also opt to use free VPNs to achieve the same goals but with limited features and capabilities.

Most VPN tools are free and easily accessible from various internet services and internet providers. However, companies should consider commercial VPN solutions that provide advanced services. For example, a commercial VPN supports connectivity to multiple servers from various parts of the world. More importantly, commercial VPNs tunnel all communications and internet traffic transmitted between servers and user devices to prevent governments and internet service provider from tracking it.

Additionally, commercial VPNs mask users’ real IP addresses with those corresponding to a particular server in a given location to give the impression that users are accessing the internet from a different location. It is an essential feature that protects and hides a user’s privacy and area, which is vital in protecting against attacks. For example, a user may be browsing the internet from the USA, but a VPN can tunnel the network traffic to appear as if the user is located in Germany. The benefits of using a VPN to protect the online identity and privacy include:

• Bypassing geo-restrictions: VPN tools come in handy for users attempting to access various services that can only be accessed from a specific location. For instance, some content creators may restrict music or television content to a particular geographical area, implying that only users in that location can access and use it. In addition, websites utilize geo-blocking to restrict access from the blocked region. In this case, an individual in a blocked location can use a VPN solution to connect to a server in a specific region to access the content. A VPN software hides an IP address such that a user can connect and access resources in a restricted area.
• Protect online privacy and identity: Technological advancements permit everyone, including malicious cyber actors, internet service providers, and governments, to monitor and track a user’s online activities. Thus, multiple users are exposed to privacy breach risks and attacks, such as identity theft attacks. Luckily, a VPN can protect and preserve online identities and ensure privacy by ensuring user integrity and confidentiality. VPN programs hide and encrypt online traffic through an encrypted VPN tunnel to prevent harmful actors from breaching user identities and privacy. Thus, it makes it difficult for search engines, ISPs, and governments to track and monitor your online activities.
• Provide secure online connections: VPNs play a vital role in providing a safe online link to ensure users can communicate securely. As a result, a VPN is a handy tool for employees and organizations that prefer remote or hybrid working strategies. Also, VPNs can assist users in bypassing firewall restrictions that prevent them from connecting to a specific service. For instance, countries like China have a large firewall that prevents individuals from using mission-critical services like social media platforms. Implementing a VPN solution enables users to bypass the firewall restrictions and connect to the services. Similarly, as most individuals often connect to unsecured public networks for critical reasons like working remotely and online shopping, a VPN tool encrypts online traffic to protect valuable information. These include login credentials, credit card details, and mission-critical organizational information.

VPN vs Encryption – Similarities

A VPN is a third-party software solution that helps users enhance online privacy and protect their identities when an insecure network. On the other hand, HTTPS encryption is an internet protocol that ensures the secure transmission of sensitive data via the internet by providing a safe, encrypted connection. Third parties offer VPN solutions that do not require HTTPS encryption to function and vice versa, but they can complement each other. The primary similarities and differences include:

• They both encrypt online communications, but a VPN encrypts a whole device, whereas HTTPS encryption encrypts connections between a browser and a server.
• They both cannot protect against malware attacks, and users require additional security tools to prevent attacks when browsing through insecure networks.
• VPN provides additional functionalities, such as hiding a user’s online activities and browsing history, while HTPPS encryption only encodes confidential data that users submit on a web server.
• Users can control and configure a VPN solution to achieve greater online security. Still, users don’t have control over HTTPS since the website owner or administrator is responsible for managing the SSL certificate.

VPN vs Encryption – Which is Better?

Encryption tools and VPN solutions provide different functionalities to prevent unauthorized malicious entities from accessing sensitive network information. Therefore, using both adds enhanced security to online communications to ensure user privacy and prevent unwanted access to sensitive information. However, it is vital to note that HTTPS encryption must be enabled on a website or browser, whereas a VPN solution works anytime once installed. Also, HTTPS encryption may be vulnerable to attacks like root certificate attacks, whereas VPN protects against different attacks. Besides, while HTTPS is only used for end-to-end encryption, VPN encrypts an entire device.

By Ajay Singh, Author of CyberStrong: A Primer on Cyber Risk Management for Business Managers

As we come to terms with the record-breaking statistics and deal with the devastating impact of cyber-attacks and data breaches in the year gone by, we now need to identify, assess, and prioritize the cybersecurity challenges that are ahead of us in 2022. While the focus of the past year (or two) has been on fighting the pandemic, cybersecurity has been another serious threat that individuals, businesses, and governments have had to deal with. The year 2021 was bookended with two of potentially the most devastating cyber threats- SolarWinds and the Log4J vulnerabilities that shook the very foundations of cybersecurity plans and programs. Even though the two incidents from a technological standpoint are somewhat different, both provided warnings of the scale and widespread implications of future cyber-attacks.

The past year has seen unprecedented cyber-attacks in terms of nature and scope- ransomware (CAN Financial, Acer, critical infrastructure (The Oldsmar Florida Water Supply attack, The Colonial Pipeline Attack), data breaches (Bombardier, Domino’s India), and the aforesaid supply chain attacks are just a few. Closer analysis of cyber-attacks in 2021 reveals that hackers have upped their game in terms of tools that they use and their capability to launch targeted attacks and play the waiting game. 

Trend Micro partnered with the Ponemon Institute to investigate the level of cyber risk across organizations and create a Cyber Risk Index (CRI). The index, which is refreshed regularly, measures the gap between an organization’s current security posture and its likelihood of being attacked. Their index currently shows ‘elevated risk’ at the global level. As we step into 2022, this means that governments, organizational leadership, and individuals need to brace themselves for more significant challenges in terms of cybersecurity.

Cybersecurity is full of challenges, some new, some old but continuing, and some emerging. To be safe and secure, we need to deal with them all but prioritize and mitigate the significant risks in terms of severity of consequences and likelihood of the risks materializing. Across organizations and geographies, here are my Top 10 Cybersecurity challenges for 2022.

1. Supply Chain, the weak link 

Supply chain attacks have been a potential cyber threat for some time now, but 2021 saw massive growth in these attacks. Hackers demonstrated the kind of severe damage they could cause by leveraging vulnerabilities in the software supply chain, impacting thousands of organizations. The SolarWinds and Kaseya attacks indicated that hackers could launch different types of cyber-attacks on downstream businesses using their software and services by successfully targeting software vendors. While third-party software is fraught with certain risks, a certain level of trust existed based on the vendor’s pedigree and commitment to cybersecurity. Organizations can no longer blindly trust third-party applications, open-source software, and application interfaces that they use to ensure their security. They must proactively examine their Software Bill of Materials (SBOMs) and take steps to mitigate associated risks.

 2. Ransomware attacks remain a potent threat in 2022

According to the X-Force Threat Intelligence Report, ransomware was the number one threat in 2021, comprising 23% of all cyber-attacks. High-profile ransomware attacks in 2021 included targets like the Colonial Pipeline, JBS Foods, which not only disrupted the operations of the respective companies but impacted the lives of everyday people who had to put up with gas and meat shortages. No industry or firm, regardless of size, is safe from ransomware attacks. Kia Motors, the Korean automobile giant, and Acer, the Taiwanese computer company, faced ransomware attacks in 2021. Even the Washington DC Police department was not spared as hackers locked up data on informants, gangs, and employee data and demanded a ransom of US$ 4 million to prevent data leaks. Keeping ransomware out by implementing measures such as ready-to-use back-ups, encrypting important data, data exfiltration monitoring, early detection, and response through software, timely updating of software, implementing zero trust strategies, and training employees are key in preventing and mitigating risks from these attacks. For organizations facing ransomware attacks, ransom payments may also come under the regulatory ambit, and hence robust prevention measures must be put in place. If your organization doesn’t have a plan to deal with a ransomware attack, this is the time to implement one and enhance your security posture.

3. The rise of edge computing throws up new security challenges.

The concept of edge computing is fast gaining ground. According to Ericsson, by 2023, 5G will make up around one-fifth of all mobile data traffic, where 25% of the use-cases will depend on edge computing capabilities. Edge computing is about gathering, processing, and analyzing data generated by IoT devices at the network rather than transporting it to centralized computing resources. While this provides excellent opportunities for innovation, it also opens IT infrastructure to new security issues. The problem primarily stems from the non-standardization of IoT hardware protocols combined with the diversity of use cases which can throw up several security challenges, including ensuring proper configuration of devices and administering timely updates. The integration and security management related to legacy IoT devices pose another challenge. The challenge from a security perspective is further exacerbated by the fact that not all the edge computing platforms being deployed are readily accessible as they are distributed across enterprise networks making remote management even more difficult. Hence, edge computing shares the same security challenges as the IoT devices, which are usually small, often not built with security in mind, and may not even be capable of receiving updates. All these issues, if not addressed, can provide hackers with easy entry points and ways to gain access to core systems to which the edge devices connect to launch deadly cyber-attacks. Regardless of the type of edge computing platform, organizations are deploying zero-trust IT architectures to secure the entire distributed computing environment better and meet the security challenges of edge computing. As organizations increasingly turn to remote working, employees become the edge. To prevent endpoint attacks and address the need for better-automated threat prevention, detection, and remediation, concepts such as Endpoint Detection & Response (EDR), which were initially deployed, have evolved further in the form of Extended Detection & Response (XDR) and secure access service edge (SASE) solutions.

4. Crisis of trust-privacy and identity management challenges

Every data breach, exploitation/misuse, or illegitimate use of personal data results in an erosion of trust. In recent times, issues of digital trust such as identity theft by cybercriminals through large-scale data breaches, the alleged exploitation of data entrusted to Big Tech companies for-profit, and the misuse of citizen data by Government authorities have been a matter of public debate. Even as the debate rages on finding the right balance between privacy, exploitation, and misuse, all parties to the debate have their concerns. Despite efforts made, a fair, transparent, and equitable regime that encompasses privacy, data protection, and accountability remains unresolved. What has this got to do with cybersecurity, you may well ask? Privacy protection and cybersecurity have been historically considered and handled in different organizational silos. Still, as more and more personal information is processed or stored online, organizations practice effective cybersecurity that can secure data and safeguard personal information. Managing identities across an organization and in the current context across economic, social, and political contexts have become central to online safety and security. Beyond the use of simple strategies like multi-factor authorization, the use of biometrics which represents some basic security approaches, there are bigger challenges like unification (or non-duplication) of identity information (within and beyond organizational boundaries), preventing the misuse of personal information through Artificial Intelligence, Deep Fakes, perpetrating financial frauds, etc. The launch of the metaverse and its related security challenges will need to be addressed early. The metaverse promises a new in-depth virtual experience that is expected to transform the way we work, live, play, and interact with each other. Several technologies which are still evolving, such as virtual and augmented reality, smarter digital devices, and next-generation social platforms, will bring forth several security concerns from device management to personal data privacy issues. The time for convergence of Privacy and Cybersecurity is now to make our digital lives more secure and safe. We cannot afford any further erosion of digital trust to embrace the benefits of newer technology. There will be a huge price to pay. While regulatory frameworks to address security challenges evolve, in 2022, it will require technology companies and organizations to follow ethical considerations taking responsibility and accountability for privacy, data protection, and cybersecurity. Indeed, this is a huge ask.

5. Never seen before 5G Vulnerabilities and mobile malware.

The year 2022 will see 5G rollouts on a large scale in every region of the world, enabling connectivity for appliances, machines, objects, and devices at speeds reaching 10 gigabits per second – up to 100 times faster than 4G networks. For users, such high-speed access will provide great digital experiences. For applications, services, and content providers, this allows the opportunity to develop a whole new generation of feature-rich functionality that users are waiting to lap up. While the opportunities and possibilities offered by 5G technologies are tremendous, they come with a new set of vulnerabilities that hacker groups are waiting to exploit. 5G networks have one big difference compared to previous generations of networks- moving away from centralized, hardware-based switching to distributed, software-defined digital routing. With software controlling the network, cyber vulnerabilities are inherently more complicated and require a rethink of cybersecurity strategies.

A research study by Strategy Analytics says that half the world’s entire population now owns a smartphone as of June 2021. This means that around 4 billion people use a smartphone today. Other reports suggest that by 2021, there will be 35 billion IoT devices connected to the Internet. IoT is about to experience another boost by the 5G technology due to its inherent higher speed capabilities, which enables faster communication and sharing of information. Initiatives in smart cities, smart buildings, smart cars, and similar such efforts to reduce carbon emissions will lead to a proliferation of smart devices being connected to the Internet. Overall, this will result in a quantum leap in the attack surface and could become a hacker’s paradise, warn cybersecurity experts. 

Adding to security concerns could be ‘never-seen-before, malware’ and cyber-attacks using botnets of a size and scale that we have never experienced.

6. Watch out for a sharp increase in attacks on Critical Infrastructure.

A recent research study by Skybox Security found that 83% of organizations suffered an operational technology (OT) cybersecurity breach in the prior 36 months. Critical infrastructure is largely dependent on Operational Technology (OT) to deliver essential services for the public’s health, safety, security, or economic well-being and the effective functioning of government. In 2021, hackers actively perpetrated disruptive attacks on energy grids, water supply systems, and gas pipelines. They are not only aware of lacunae in OT systems which are mostly legacy systems, but that ransomware attacks on critical infrastructure can be lucrative propositions. Reports suggest that Colonial Pipeline company paid the $5 million ransom one day after cybercriminals hacked its IT network, which crippled fuel deliveries up and down the East Coast. 

Even as regulators enhance security compliance standards around critical infrastructure, weaknesses like legacy hardware, lack of unified control across IT and OT platforms, software supply chain vulnerabilities, and investments required for upgrading OT platforms are issues that will continue to bother us during 2022. Smaller companies in power generation and other utilities are more likely to be targeted and will feel the pressure to raise their security standards and processes beyond basic compliances.

7. Misconfiguration and updating- a challenge that continues to haunt us

On the face of it, this appears to be a simple problem that must be addressed by security and IT teams. A study by Productiv, a provider of SaaS management solutions, indicates that the average company has 254 applications. Updates are critical for all technology, but especially IoT devices because they’re often located in the field, on the factory floor, or in hospitals. Employees working from home make this task more complicated. When you consider these facts, what emerges is that this challenge is a far cry from managing updates on a few servers and desktops located within four walls of an organization. It is not an issue that is going away soon if not addressed but will only grow in size, scale and complexity. This security challenge is not new and has persisted over the years, as can be seen from the following statistics:

The Voke Media survey of 2016 observed that 80% of companies who had a data breach or a failed audit could have prevented it by patching on time or doing configuration updates. It further found that even after a breach, or failed audit, nearly half of companies (46%) took longer than ten days to remedy the situation and apply patches because deploying updates in the entire organization can be complex. The situation showed no improvement as an Edgescan study in 2018 found that the average time for organizations to close a discovered vulnerability (caused by unpatched software and apps) was 67 days. As it stands today, the challenge related to properly configuring systems (including cloud configurations) and timely updates is still more daunting, with most organizations having little or no visibility of the applications and devices that connect to their enterprise network. The only way to meet this security challenge is to maintain an up-to-date inventory of applications and devices, implement patch management processes, and use automated patch management tools. 

8. Beware-The weaponization of deep fakes

Human beings are hardwired into trusting their five senses and acting on them. However, Seeing is believing’ is passe as far as the Internet is concerned, and also, hearing on which we rely so much can no longer be blindly trusted. Deep Fake technology advancements today enable the creation of such realistic images and sounds that anyone, no matter how tech-savvy, can be fooled. Hackers are becoming adept at using deep fake technologies to launch phishing and cyber-attacks to meet specific objectives or target particular persons. In 2022, organizations need to be highly vigilant and aware of deepfake-based frauds of various kinds. 

Last year, The Federal Bureau of Investigation had issued a warning regarding the rising threat from deep fakes describing it as “the broad spectrum of generated or manipulated digital content, which includes images, video, audio, and text.” In 2022, this threat is likely to get more potent, and the only counter to it seems to be to ‘verify’ then ‘trust.’ Any critical piece of information that involves or is leading towards a financial transaction or some other critical action must be verified multiple times or offline before it is acted upon. More than technology, the challenge is for human beings to be aware and vigilant to thwart such cyber-attack attempts.

9. The Human Factor- Phishing and Social Engineering Remain Major Challenges

According to the Human Hacking Report published by SlashNext, there was a 270% increase in social engineering threats found in 2021. Phishing attacks rose by 51% over the previous year’s record-breaking. This indicates that social engineering continues to be the preferred method for hackers. It enables them to steal the necessary credentials to cause more significant harm to individuals and organizations. The use of automation by cybercriminals to perpetuate their human hacking and their various social engineering schemes have given their threats an added dimension making them more potent. Besides specific cybersecurity measures to ward off automated attacks, higher awareness and vigilance are required to meet this challenge. Regular awareness, threat simulation exercises, training regarding various forms of threats and scams is key to engaging all employees in cybersecurity and effectively responding to this No.1 cyber threat.

10. Remote/Hybrid working here to stay

The Next Great Disruption Is Hybrid Work—Are We Ready? asks Microsoft in a recent article. At the same time, a Unisys report suggests that while 61% of hybrid and remote workers feel primarily responsible for maintaining their digital security, only 21% are aware of sophisticated online threats. Remote working started as an employee-friendly initiative in the pre-covid era and became necessary as the pandemic spread worldwide. We have since moved to work from anywhere at anytime environment. This has created many security-related challenges for organizations. These challenges include a flexible corporate network perimeter, security issues in managing endpoints and cloud applications, lack of security practices and discipline that existed in office environments, insecure home networks, and other factors that undermine defenses. These are sources of risk to corporate systems and security and have been known for some time now. However, organizations must recognize that the immediate and ad hoc measures they have taken to ensure security from remote working risks will be inadequate in the long run and require a change in strategy and approach. Adoption of strategies like zero trust, implementing EDR & XDR, enhancing cybersecurity awareness among employees, and setting up a baseline for online conduct when connecting to enterprise systems are still measures that are a long way off for many organizations.  

Organizations face numerous security challenges, but addressing key challenges can significantly reduce risks and mitigate any damage in the face of a cyber-attack or data breach. Security is a moving target, but the time to make incremental changes and investments in cybersecurity is over. We have reached a stage where a rethink of enterprise security considerations, controls, and architectures is required, and 2022 seems to be the year when we must recognize the new challenges in terms of cybersecurity and initiate short-term and long-term actions to secure our systems and ourselves from the devastating consequences of a cyber-attack or data breach.