Darktrace’s Toby Lewis spoke to SiliconRepublic.com editor Jenny Darmody about the evolving landscape of cybersecurity and what the future holds for a more connected world.
For well over a decade now, we have been seeing the rapid advancements of technology in our everyday lives. More internet-of-things devices in our homes are connecting to each other and each of these devices are known as endpoints, which is often a concern for cybersecurity experts.
This is not new information, but as we move into the future and more of the world’s critical systems and government agencies go online, cyberthreats become a bigger concern.
Some examples in the second half of this year alone include the Moveit attack on Dublin Airport and the NHS cyberattack that targeted two ambulance services both in July, the UK electoral commission cyberattack in August and the ransomware attack on the US arm of one of China’s largest banks just last week.
Toby Lewis is the global head of threat analysis at UK cybersecurity company Darktrace. In an in-depth interview with SiliconRepublic.com, he said there’s a “crossroads” of the greater use of tech, particularly by companies looking to deliver better services to people, and the need to keep sensitive data safe.
“One of the challenges we have with the internet of things is they are inherently tricky to secure, they’re not necessarily built secure by default. But also, they’re not something that many users can just open up a window on their laptop and just say ‘install security’, that feature doesn’t exist,” he said.
“From a consumer perspective, there’s a real challenge for vendors to make sure these are secure from the get-go. From the attacker perspective, you’ve got the potential of this massively distributed network of internet-connected things that can be exploited and used for whatever you want, whether that’s for launching an attack somewhere else, or maybe it’s an entry point into a much more sensitive network.”
Getting bang for their buck
Before Darktrace, Lewis had spent some of his career in the UK government’s cybersecurity threats response unit, including as the UK National Cyber Security Centre’s deputy technical director for incident management.
And while he said nation state attacks are a concern that has never really gone away, a much newer and perhaps larger trend is the growth of cybercriminals that are looking to take a much greater advantage of the interconnected world.
This is seen in particular through the proliferation of ransomware attacks, notably in schools in the US and the attack on the Colonial pipeline in 2020. “What that shows is actually you’ve got a criminal attacker who has the ability to bring down some really significant disruption onto a really broad community. And they can do that and then say, ‘we’ll do it again, unless you pay us some money’,” he said.
“[Ransomware is] here to stay, it’s not going anywhere. For as long as it’s profitable, for as long as the attacker can make money from it, they’re only going to keep doing it.”
‘If an organisation has a boring day, from a cybersecurity perspective, that’s a good thing’
Not only is ransomware here to stay but the future is likely to see the growth of a franchise model of cyberattacks – ransomware-as-a-service. This enables cybercriminals to change tactics that will increase their return on investment while allowing them to lower their own costs.
And from the company’s perspective, when major cyberbreaches happen, they often make headlines. Thousands of customers having their data compromised is never a good news story for an organisation. But Lewis cautioned that these headlines are usually the end result of “a long process that organisations are going through every single day”. Comparing it to goalkeepers in football, he said they’re often better remembered for the goals they let in rather than the ones they saved.
“I think in reality, organisations are putting a lot of time and effort into hopefully preventing from ever getting there. If an organisation has a boring day, from a cybersecurity perspective, that’s a good thing.”
Generative AI’s impact on security
As well as cyberattacks making headlines, generative AI has also been making strong waves across the media for the last year in particular. Amid the explosion of large language models such as ChatGPT and Bard, many have flagged concerns around what this emerging tech will do for cybercriminals and how it may increase our vulnerability to attacks.
Lewis said the biggest concern he sees is the advances in social engineering it can create – a tactic that is well-known and well-used in the cybercrime world. “The area that that we focus on the most is around, how could generative AI be used to exploit the human? How could generative AI be used to create something so convincing that the most aware security user would still fall for it, would still click on the link or select the attachment?”
With this impact in mind, he added that the responses to social-engineering attacks have often been about increasing security training for the users – usually by teaching them not to click suspicious links. But that puts a lot of the onus on the end user who often has to click links or download attachments.
“I think we have to recognise that we can no longer just 100pc put all our eggs in one basket and say, ‘it’s up to you users, please don’t click on stuff’, we have to make the environment safe enough around it so when they do click on something, it shouldn’t be the worst day in the world.”
A biometric future?
While advances in technology create more metaphorical windows for cybercriminals to break into while also giving them better tools to use against us, hope is not totally lost when it comes to security.
There’s a commonly used phrase in cybersecurity where a lot of tools and tech can be double-edged swords. What works as good protection can also be flipped and used as a weapon. But one area Lewis feels optimistic about is the area of biometrics, which he said serve as “a really powerful way of genuinely improving security”, particularly when set up properly.
“I’ve always been an advocate of multifactor authentication, whether it’s biometrics or something. I think also convenience, my head is full of stuff, I am useless at remembering my own phone number let alone anyone else’s so actually another password is not very useful for me. So, if I can use biometrics, whether that’s a fingerprint or a thumbprint or face ID, that just makes my life easier.”
A concern around biometrics is usually one of privacy – especially when it comes to storing personally identifiable data because you can’t get much more personal than a fingerprint or a face ID. Lewis said the onus is very much on the vendors who are implementing facial recognition or other biometric data but that while users might have concerns, transparency and consent around how their data is used will help them feel more secure.
“I can tell you now the security companies and the security set-ups are probably protecting the information a lot more than the privacy settings on social media sites,” he said. “I think there has to be a natural threshold between the security benefits and the convenience.”
You can hear more from Toby Lewis on the first episode of Future Human: The Series, where we explore the future of cybersecurity in more detail with a number of cybersecurity leaders.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
