That's all the time a pro hacker needs to infiltrate a company. And, unlike what you've seen in the movies, this isn't some hacker with extraordinary skills. Cybercrime statistics show us that 88% of pro hackers can boast the same level of efficiency. When that countdown starts, your company runs out of time fast. Unless you have a lightning-fast response time, your company could face serious reputational risk.
For the past few years, we've shared predictions each December on what we believe will be the top ten technology policy issues for the year ahead. As this year draws to a close, we are looking out a bit further. It gives us all an opportunity to reflect upon the past ten years and consider what the 2020s may bring. As we concluded in our book, Tools and Weapons: The Promise and the Peril of the Digital Age, "Technology innovation is not going to slow down. The work to manage it needs to speed up." Digital technology has gone longer with less regulation than virtually any major technology before it. This dynamic is no longer sustainable, and the tech sector will need to step up and exercise more responsibility while governments catch up by modernizing tech policies. In short, the 2020s will bring sweeping regulatory changes to the world of technology. Tech is at a crossroads, and to consider why, it helps to start with the changes in technology itself. The 2010s saw four trends intersect, collectively transforming how we work, live and learn. Continuing advances in computational power made more ambitious technical scenarios possible both for devices and servers, while cloud computing made these advances more accessible to the world. Like the invention of the personal computer itself, cloud computing was as important economically as it was technically. The cloud allows organizations of any size to tap into massive computing and storage capacity on demand, paying for the computing they need without the outlay of capital expenses. More powerful computers and cloud economics combined to create the third trend, the explosion of digital data.
Spam! That's what Lorrie Faith Cranor and Brian LaMacchia exclaimed in the title of a popular call-to-action article that appeared 20 years ago in Communications.10 And yet, despite the tremendous efforts of the research community over the last two decades to mitigate this problem, the sense of urgency remains unchanged, as emerging technologies have brought new dangerous forms of digital spam under the spotlight. Furthermore, when spam is carried out with the intent to deceive or influence at scale, it can alter the very fabric of society and our behavior. In this article, I will briefly review the history of digital spam: starting from its quintessential incarnation, spam emails, to modern-days forms of spam affecting the Web and social media, the survey will close by depicting future risks associated with spam and abuse of new technologies, including artificial intelligence (AI), for example, digital humans. After providing a taxonomy of spam, and its most popular applications emerged throughout the last two decades, I will review technological and regulatory approaches proposed in the literature, and suggest some possible solutions to tackle this ubiquitous digital epidemic moving forward. An omni-comprehensive, universally acknowledged definition of digital spam is hard to formalize. Laws and regulation attempted to define particular forms of spam, for example, email (see 2003's Controlling the Assault of Non-Solicited Pornography and Marketing Act.) However, nowadays, spam occurs in a variety of forms, and across different techno-social systems. Each domain may warrant a slight different definition that suits what spam is in that precise context: some features of spam in a domain, for example, volume in mass spam campaigns, may not apply to others, for example, carefully targeted phishing operations.
A recent Sophos study found that almost half (48 per cent) of Australian businesses were hit by ransomware attacks last year, highlighting the need for security vendors to continuously innovate, and more importantly, stay ahead of the cybercriminals. As such, innovative technologies such as artificial intelligence (AI) have become imperative to cybersecurity. There is a misconception that these technologies are the same and can be used interchangeably; while they leverage the same AI principles, machine learning and deep learning are fundamentally different. So what is the difference and how does it work in relation to cyber security? AI is now a widely understood technology, mostly it has been made famous by Hollywood movies (although its application in security does not involve a robot attacking a hacker).
After two decades as a digital forensics expert Hany Farid has come to know the telltale signs of a fake image. The shadows are often a dead giveaway. "They tell you a lot about the scene," he says. "The nature of the light in the scene, where it was coming from." Forgers often get them wrong, putting shadows in improbably locations or omitting them altogether.
No company is immune to cyber criminal activity. In 2013, Target was hacked despite receiving as many as 10,000 security alerts per day. While Target is a Fortune 100 retailer, even medium-sized companies have to sift through hundreds of thousands of alerts each year. Alerts are investigated before being categorized as false positives and ultimately ignored, but most alerts are idiosyncratic to a product or application with little context of the overall business impact. To prevent financial and reputational loss, security teams are driven to find the most critical needles in an ever-growing haystack of security information.
This week on the premiere of Mr. Robot, the hacktivist collective fsociety made good on its threat to bring down the evil E Corp. With a few strokes of the keyboard, a USB stick and a little social engineering, the anarchists infected the corporate giant's banking division with ransomware, locking up thousands of files and closing it for business. As the character Darlene prepared her malicious code, real hackers watching no doubt chuckled at the familiar words on her screen: "Hack the Gibson…and remember…hugs are worth more than handshakes." Like so much about the hacking on Mr. Robot, that detail was for them. When these episodes air, I don't watch the episodes, I keep my eye on Reddit and Twitter and see what people are saying about it.