DOROS HADJIZENONOS, Country Manager of Check Point South Africa, gives his security predictions for the coming year.
A year in cybersecurity can seem like an eternity. But despite the rapid changes, many things remain constant. Check Point’s top three predicted security threats for 2015 were the rapid growth in unknown malware, in mobile threats, and in critical vulnerabilities in commonly used platforms (Android, iOS and others). These were fully realised, and are likely to remain a significant threat. The cat-and-mouse game that has typified cybersecurity in recent years continues, with hackers constantly finding new ways in which to attack networks – as this year’s high-profile breaches at Anthem, Experian, Carphone Warehouse, Ashley Madison and TalkTalk showed.
Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked or breached. But by anticipating the next wave of threats, we hope to help businesses stay on top of the evolving tactics and exploits that criminals will use to target them. So here are ten IT security threats and trends that I expect we will see during 2016.
‘Sniper’ and ‘shotgun’ malware
We believe that larger breaches in 2016 will be the result of custom-designed malware designed to get past the defences of specific organisations, such as the attack on US retailer Target. While generic, broad-brush attacks will continue to threaten individual users and small enterprises, hackers will raise their game when attacking larger organisations with more sophisticated security postures. They will use deeper, more sophisticated phishing and other social engineering tricks to gain access to the data that they want.
Moving to mobile
Mobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. Our 2015 Security Report found that 42% of organisations had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise. This year has also seen several high-profile mobile vulnerabilities emerge, including Certifigate on hundreds of millions of Android devices and XcodeGhost, the first major malware infection targeting non-jailbroken iOS devices. We expect to find more major mobile vulnerabilities in the next year.
In the ongoing battle between hackers and security professionals, attackers are increasingly deploying more sophisticated, custom variants of existing malware and zero-days that can bypass traditional sandboxing technology. These new attack vectors require more proactive and advanced solutions that catch evasive malware. CPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
Attacks on critical infrastructure
In December 2014, a steel mill in Germany was hit by hackers who accessed the plant’s production network and caused ‘massive’ damage. Also, the US Department of Homeland Security that ‘Havex’ Trojan infections had compromised industrial control systems in over 1,000 energy companies across Europe and North America. Attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes. And as control systems become increasingly connected, this will extend the potential attack surface – which will require better protection.
IoT and smart devices
The Internet of Things is still emerging and is unlikely to make a big impact in 2016. Nevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT. The key questions users need to ask is ‘where is my data going?’ and ‘what would happen if someone gets hold of this data?’ A year ago, we discovered a flaw in SOHO routers worldwide that could allow hackers to hijack the router to launch attacks on any devices connected to it – and we will see more of these vulnerabilities in connected devices.
You wear it well
Wearables like smartwatches are making their way into the enterprise, bringing with them new security risks and challenges. There are a number of security concerns about data that is held on smartwatches, or that wearables could even be used by hackers to capture video and audio via mobile remote access Trojans, so organisations that permit these devices need to ensure that they are protected with encryption and strong passwords.
Trains, planes and automobiles
2015 saw the emergence of car hacking, in which the vehicle’s software is hijacked to take control of it. In July, Fiat Chrysler recalled 1.4 million Jeep Cherokee vehicles in the US after security researchers found that they could be hacked via the connected entertainment system. With modern cars featuring more gadgetry and connected systems than ever before, we need to apply protection to these in-car systems – and the same applies to the complex systems in passenger aeroplanes, trains and other forms of public transport.
Real security for virtual environments
Virtualisation has been adopted rapidly in the enterprise over recent years, whether it’s through SDN, NFV or cloud computing. Virtualised environments are complex and create new network layers, and it’s only now that we are seeing a real understanding of how to secure these environments. As organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
New environments, new threats
2015 has seen the launch of a number of new operating systems, such as Windows 10 and iOS 9. The bulk of enterprise attacks in recent years have been on Windows 7, since adoption of Windows 8 was relatively low, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to trying to exploit these new operating systems where updates are more frequent and users are less familiar with the environment.
Security consolidation – keep it simple!
To protect against multifaceted threats, security professionals are likely to increase their reliance on centralised security management solutions. With large enterprises having a plethora of different security products on their network, consolidation offers a way of reducing both complexity and cost. Having many point products and solutions quickly becomes unmanageable and can actually impede, rather than improve security, so consolidating security provides an effective way to cut complexity and make for easier management, so that new threats don’t get lost in the gaps between systems.
Why your first self-driving car ride will be in a robotaxi
Autonomous driving will take longer than we expect, and involve less ownership than the industry would like, writes Intel’s AMNON SHASHUA
As we all watch automakers and autonomous tech companies team up in various alliances, it’s natural to wonder about their significance and what the future will bring. Are we realizing that autonomous driving technology and its acceptance by society could take longer than expected? Is the cost of investing in such technology proving more than any single organization can sustain? Are these alliances driven by a need for regulation that will be accepted by governments and the public or for developing standards on which manufacturers can agree?
The answers are likely a bit of each, which makes it a timely opportunity to review the big picture and share our view of where Intel and Mobileye stand in this landscape.
Three Aspects to Auto-Tech-AI
There are three aspects to automotive-technology-artificial intelligence (auto-tech-AI) that are unfolding:
- Advanced driver-assistance systems (ADAS)
- Robotaxi ride-hailing as the future of mobility-as-a-service (MaaS)
- Series-production passenger car autonomy
With ADAS technologies, the driver remains in control while the system intervenes when necessary to prevent accidents. This is especially important as distracted driving grows unabated. Known as Levels 0-2 as defined by the Society of Automotive Engineers (SAE), ADAS promises to reduce the probability of an accident to infinitesimal levels. This critical phase of auto-tech-AI is well underway, with today’s penetration around 22%, a number expected to climb sharply to 75% by 2025.1
Meanwhile, the autonomous driving aspect of auto-tech-AI is coming in two phases: robotaxi MaaS and series-production passenger car autonomy. What has changed in the mindset of many companies, including much of the auto industry, is the realization that those two phases cannot proceed in parallel.
Series-production passenger car autonomy (SAE Levels 4-5) must wait until the robotaxi industry deploys and matures. This is due to three factors: cost, regulation and geographic scale. Getting all factors optimized simultaneously has proven too difficult to achieve in a single leap, and it is why many in the industry are contemplating the best path to achieve volume production. Many industry leaders are realizing it is possible to stagger the challenges if the deployment of fully autonomous vehicles (AVs) aims first at the robotaxi opportunity.
Cost: The cost of a self-driving system (SDS) with its cameras, radars, lidars and high-performance computing is in the tens of thousands of dollars and will remain so for the foreseeable future. This cost level is acceptable for a driverless ride-hailing service, but is simply too expensive for series-production passenger cars. The cost of SDS should be no more than a few thousand dollars – an order of magnitude lower than today’s costs – before such capability can find its way to series-production passenger cars.
Regulation: Regulation is an area that receives too little attention. Companies deep in the making of SDSs know that it is the stickiest issue. Beside the fact that laws for granting a license to drive are geared toward human drivers, there is the serious issue of how to balance safety and usefulness in a manner that is acceptable to society.
It will be easier to develop laws and regulations governing a fleet of robotaxis than for privately-owned vehicles. A fleet operator will receive a limited license per use case and per geographic region and will be subject to extensive reporting and back-office remote operation. In contrast, licensing such cars to private citizens will require a complete overhaul of the complex laws and regulations that currently govern vehicles and drivers.
The auto industry is gradually realising that autonomy must wait until regulation and technology reach equilibrium, and the best place to get this done is through the robotaxi phase.
Scale: The third factor, geographic scale, is mostly a challenge of creating high-definition maps with great detail and accuracy, and of keeping those maps continuously updated. The geographic scale is crucial for series-production driverless cars because they must necessarily operate “everywhere” to fulfil the promise of the self-driving revolution. Robotaxis can be confined to geofenced areas, which makes it possible to postpone the issue of scale until the maturity of the robotaxi industry.
When the factors of cost, regulation and scale are taken together, it is understandable why series-production passenger cars will not become possible until after the robotaxi phase.
As is increasingly apparent, the auto industry is gravitating towards greater emphasis on their Level 2 offerings. Enhanced ADAS – with drivers still in charge of the vehicle at all times – helps achieve many of the expected safety benefits of AVs without bumping into the regulatory, cost and scale challenges.
At the same time, automakers are solving for the regulatory, cost and scale challenges by embracing the emerging robotaxi MaaS industry. Once MaaS via robotaxi achieves traction and maturity, automakers will be ready for the next (and most transformative) phase of passenger car autonomy.
The Strategy for Autonomy
With all of this in mind, Intel and Mobileye are focused on the most efficient path to reach passenger car autonomy. It requires long-term planning, and for those who can sustain the large investments ahead, the rewards will be great. Our path forward relies on four focus areas:
- Continue at the forefront of ADAS development. Beyond the fact that ADAS is the core of life-saving technology, it allows us to validate the technological building blocks of autonomous vehicles via tens of new production programs a year with automakers that submit our technology to the most stringent safety testing. Our ADAS programs – more than 34 million vehicles on roads today – provide the financial “fuel” to sustain autonomous development activity for the long run.
- Design an SDS with a backbone of a camera-centric configuration. Building a robust system that can drive solely based on cameras allows us to pinpoint the critical safety segments for which we truly need redundancy from radars and lidars. This effort to avoid unnecessary over-engineering or “sensor overload” is key to keeping the cost low.
- Build on our Road Experience Management (REM)™ crowdsourced automatic high-definition map-making to address the scale issue. Through existing contracts with automakers, we at Mobileye expect to have more than 25 million cars sending road data by 2022.
- Tackle the regulatory issue through our Responsibility-Sensitive Safety (RSS) formal model of safe driving, which balances the usefulness and agility of the robotic driver with a safety model that complies with societal norms of careful driving.
At Intel and Mobileye, we are all-in on the global robotaxi opportunity. We are developing technology for the entire robotaxi experience – from hailing the ride on your phone, through powering the vehicle and monitoring the fleet. Our hands-on approach with as much of the process as possible enables us to maximize learnings from the robotaxi phase and be ready with the right solutions for automakers when the time is right for series-production passenger cars.
On the way, we will help our partners deliver on the life-saving safety revolution of ADAS. We are convinced this will be a powerful and historic example of the greatest value being realized on the journey.
Professor Amnon Shashua is senior vice president at Intel Corporation and president and chief executive officer of Mobileye, an Intel company.
Sea of Solitude represents mental health issues through gaming
It’s a game that provides a tasteful visual representation of mental health issues. BRYAN TURNER dives into the Sea of Solitude.
Disclaimer: This review is based on four hours of gameplay.
Sea of Solitude, the latest adventure game by Jo-Mei Games and EA Games, takes a sobering look at loneliness. It represents this loneliness visually, using light and dark environmental changes, as well as creatures players must encounter. The main character, Kay, must make it through the sea without finding herself trapped in a sea of loneliness. She meets fantastical creatures along her journey, and she must help them solve their challenges while keeping herself in a sane environment.
The game is systematic in the way it represents its important aspects. It starts with a striking visual art style and a soft storyline, which gives characters a chance to absorb the beauty of the game. As one gets a hang of the controls and used to the art style, the story kicks it up a few notches to reveal the harrowing backstories of the creatures that reside in the sea Kay must travel.
In particular, it features a creature that keeps flying away from Kay. This was frustrating because the previous chapter of the game presents a backstory for the creature that was not only devastating to the main character, but also to the player. Once Kay meets this creature, players must be ready to cry. It’s a brilliantly crafted story and hats off to Jo-Mei Games for being great storytellers.
Cornelia Geppert, CEO of Jo-Mei Games, told EA: “Sea of Solitude centres on the essence of loneliness and tugs on the heartstrings of its players by mirroring their own reality. It’s by far the most artistic and personal project I’ve ever created, written during a very emotional time in my life. Designing characters based on emotions was a deeply personal achievement for our team and we’re so excited for players to soon experience Kay’s powerful story of self-discovery and healing.”
Generally, I steer clear of games that are metaphors about mental health issues because they tend to be crass in how they address mental health. Sea of Solitude is quite different because of its level of relatability. Other games about mental health tend to be about a specific disorder that not many people experience, while loneliness is something that so many of us experience. Additionally, the representation of how loneliness affects Kay in the real world is sharp but tasteful. The combination of relatability and respectful representation is what makes the game’s story so brilliant.
Another great aspect of this game is the music scoring. It uses sound and the absence of sound very carefully to invoke the right feelings expected from players. The game wouldn’t be as good with the sound off and subtitles on, so future players are recommended to turn up the volume or put on headphones.
The game is long for an indie game, at around three or four hours of gameplay until the end is reached. Several sources say there is a hidden ending, so players can look out for that in a second playthrough.
The game’s story isn’t perfect, though. The eventual sameness of creature encounters is a little disappointing. This may be down to the expectation of being extremely devastated by all the stories of the creatures, especially when one is less than devastated by the subsequent stories. One of the most affecting creature stories was also presented at the beginning of the game, which set the bar very high for the rest of the creatures.
One creature, in particular, tries very hard to have the greatest emotional impact, but this comes across as blunt and dampens the meaning of what it was supposed to represent.
While I didn’t mind sharp representation, the perception of themes like bullying, estrangement, and suicidal thoughts may vary in appropriateness from player to player. Prospective players with existing painful mental health issues should consult gameplay videos, like the one below, before purchasing the game, to gauge appropriateness.
Overall, the game is incredible at connecting with what it is to be human and what it means to be lonely. Dealing with issues as physical creatures is a great touch, as the main character tends to resolve the problems of the creature by understanding what the problems mean.