As tech companies build blocks for Metaverse, like everything else touched by technology it will need security.
Although the virtual world promises fun and creative opportunities for all, Anna Chung, Principal Researcher – Unit 42, Palo Alto Networks’ global threat intelligence team, said it could be the new playground for cybercriminals.
“While we cannot know exactly how the security implications of the metaverse platforms will be, we can expect the next phase to involve protecting virtual assets such as virtual currency and continuing to maintain virtual identity ownership from a security perspective.”
In this interview, she also talks about how quantum computing has great potential to revolutionise cybersecurity, and shares her advice for women who want to start a career in cybersecurity.
Excerpts from the interview:
What are the top 3 cyber threats a business faces today?
Ransomware is the top threat we expect to gain momentum in the coming years. As threat actors are actively developing new malicious tools and business models, like Ransomware-as-a-Service, cybercriminals are recruiting more attackers – even those who are less tech-savvy – to join their ransomware campaigns.
In addition, we have learned more about the mature underground supply chains, enabling malware developers, and how malicious attackers and initial access brokers (IAB) work together and maximise their ransom demands.
The next leading cyber threat is the increasing attack surface due to an increasingly remote workforce. Since the pandemic, businesses have become more flexible on where employees can work. This means the boundaries between office networks and home networks and public devices and personal devices have become blurry, and the attack surface has drastically increased, leading to more opportunities for malicious attackers.
According to Palo Alto Networks The Connected Enterprise: Internet of Things (IoT) Security Report 2021, 91 per cent of Middle East IT organisations have seen a rise in the number of connected devices on their organisation’s network in 2021, including devices such as baby monitors, pet feeders, gym equipment and even kitchen devices.
Cyber hygiene is another major threat that can allow attackers to access corporate systems and internal networks. Therefore, it is crucial to increase security awareness throughout the workplace — regardless of an employee’s position or line of business. Training employees and sharing best security practices will help them spot threats such as phishing emails and suspicious domains and help them think twice before clicking a link.
Will IoT devices remain a popular target among hackers? What are common weaknesses in IT security strategies?
IoT devices remain a popular target among hackers, mainly because IoT devices usually don’t have security features and come with basic functionality such as default passwords that are not changed. In addition, IoT security awareness and education are not as prevalent as they should be, and the number of IoT devices continues to grow exponentially.
IoT devices are targeted for several reasons, such as cybercrime and cyberespionage. When executed successfully by cybercriminals, these types of attacks can compromise a large number of IoT devices and give long-term access to confidential information without even being detected.
Organisations need to have the proper security measures to ensure complete visibility over the corporate network and each device connected, allowing for the ability to respond to every malicious incident spotted. CIOs and their IT teams need to think with a zero-trust strategic mindset, understand what is critical to the business, and build a cyber response strategy to limit as many vulnerabilities as possible.
Will quantum computing transform cybersecurity?
Quantum computing has great potential to revolutionise the cybersecurity space, particularly using quantum-proof data in decryption. By implementing a quantum-proof solution, stolen and compromised data can still remain secure in the future. In addition to that, quantum computing also can break public-key cryptography in seconds, which would take a regular computer many years to crack an RSA encryption.
While Machine Learning (ML) technology has revolutionised how unknown cybersecurity attacks are detected and blocked, the exciting and emerging field of quantum machine learning is bringing a lot to the table when it comes to advancing ML development. Quantum ML has the potential to enable exponentially faster, more time- and energy-efficient machine learning algorithms that can identify and defeat novel cyberattacks.
Will the Metaverse usher in new security challenges?
Yes, with every new business opportunity comes new security challenges. In the initial phase, social engineering, digital identities, account security, and virtual assets will be the main targets.
A recent BBC article defines the metaverse as games and experiences accessed through virtual reality headsets. Previously confined to gaming, the technology will likely be adapted for use in many other areas – from work and play to concerts and cinema.
With the metaverse being a new world, today’s threats may still exist in the metaverse era and require new security solutions. It is a platform for both opportunity and challenge, allowing many to commit fraud and scam others.
For instance, an attacker can manipulate the environment allowing the metaverse to play to our senses directly.
While we cannot know exactly how the security implications of the metaverse platforms will be, we can expect the next phase to involve protecting virtual assets such as virtual currency and continuing to maintain virtual identity ownership from a security perspective.
We’ve all read the statistics about burnout in the security industry. What do you recommend for leaders who want to better retain their talent?
Burnout does not always have physical signs, and it is essential to show compassion and support your team from a leadership perspective. Good leaders need to encourage time for rest and ensure a healthy work-life balance is in place. This helps with performance and growth in the future.
It is important to set boundaries and good examples for your team by taking time off, recognising signs of fatigue, and using only professional communication tools to contact the team during office hours.
Another vital part of encouraging a healthy work-life balance is to create clear communication boundaries and not contact employees outside work hours and during those times of rest.
What advice would you give to women starting their careers in technology?
My advice for women looking to start a career in technology or cybersecurity is not to be put off by the scientific image sometimes presented. When people hear the term cybersecurity, they think about mathematics, coding and engineering. This can create an assumption that there’s a high barrier to entry; however, a job in technology demands a much more robust and diverse skill set, including both hard and soft skills.
At Palo Alto Networks, we offer many learning programs for women. For example, Partners in STEM Education – in collaboration with Girl Scouts of the USA (GSUSA) – is a company programme that provides access to cybersecurity education for girls and eventually priming female candidates to fill vacancies in the technology, IT, and cybersecurity fields.
Palo Alto Networks also provides free online training on many cybersecurity topics and skills to help young females protect their digital ways of life and provide access and hands-on industry experiences at no cost.
In addition, I have also been coaching young women on a one-on-one mentorship basis for several years to understand their career progression, dreams, and goals to reach their desired next step. One of my primary coaching goals is to inspire young women to respect all elements within the industry, regardless of the hierarchy, as each role brings a unique value to the table.
If you liked reading this, you might like our other stories
