By David Burg, Global and Co-US Advisory Cybersecurity and Privacy Leader at PwC
It can be easy to lose sight of the innovation in the cybersecurity industry amid frequent negative news about breaches and increasingly sophisticated hackers. The reality is that many disruptive innovations are beginning to gain traction and could very well change the way business is conducted. Here are five key cyber developments to keep on your radar:
Many people have heard of Bitcoin, a digital cryptocurrency that could change the way payments are transacted. Fewer people, however, know about its underlying technology: blockchain.
Blockchains are shared, tamperproof, peer-to-peer digital ledgers that enable a single, global version of transaction truth.
Some of the biggest banks, along with technology companies and other firms—including PwC— are making significant investments in research and development to see how they can harness blockchain. These efforts could transform many aspects of business, including how we think about security. Historically, the mainstream cybersecurity philosophy was to build a perimeter wall to keep out intruders. Blockchains could make the perimeter irrelevant by ensuring the integrity of a given network. It is akin to securing the metaphorical veins and arteries of the digital world in order to ensure the health of the body that is the network.
Blockchains, once developed, have the potential to be a powerful solution to many of the security problems faced by financial institutions. The transaction-level cryptographic control associated with blockchains could also extend to manufacturing, pharmaceuticals, the transportation industry, or any sector that makes important products that need to be secure. It could be particularly valuable for supply-chain security, a key priority for manufacturers, and the U.S. Defense Department. Blockchain-based technologies at some point could eventually become the backbone for all collaboration and communication that needs to take place in these industries.
2. Cloud security
Another significant shift is businesses moving their data, applications, and infrastructure to the cloud for enhanced security. Hackers are proving again and again that the on-premises data infrastructures employed by many businesses are difficult to secure. The most recent high-profile examples are the string of cyberattacks on hospitals across the U.S. By moving their digital operations off-premises to be managed by companies that are experts in cloud infrastructure and security, businesses can greatly improve the safety of their data and realize many other benefits, including the ability to gain insight about customers.
This will be a genuine shift in the way we think about how businesses operate and keep data safe, since most people think of company data as being most secure when stored in a physical building owned or operated by the business.
3. Machine learning
Artificial intelligence formerly occupied the realm of science fiction, but is now a mainstay in helping businesses better secure themselves. As computing power increases and machine learning becomes more advanced, we can harness ever more powerful analytics tools to forecast where hackers may strike next.
If a company can predict where an attack may focus in the future, it can better prepare for a possible cyberattack, and ideally deflect it. Used in concert with advanced authentication and encryption techniques, analytics can provide businesses with interesting and formidable tools to help keep their data safe.
4. Advanced authentication
Passwords have passed their sell-by date. Increasingly, we’re seeing the adoption of multi-factor authentication across a range of transactions, not just highly sensitive ones. We should see even more in the coming year. The concept is simple: after entering a username and password, or the first factor of identification, the user would receive a text message on their mobile device with a code to enter (the second factor) to confirm that he or she is in fact logging in. This serves the dual purpose of making an individual’s account more secure and providing a way to notify a user of unauthorized use of their credentials.
Other kinds of second-factor identification that might be used could be a pattern that a user must enter, an access card or fob, or biometric information such as a fingerprint or an iris scan. Additionally, having systems automatically reset themselves after failed login attempts can also go a long way towards improving the safety of a company’s systems.
While not perfect, advanced authentication significantly helps bolster data security. This type of technology used to be largely the province of government systems, and then financial institutions adopted it. Now multifactor authentication has extended to social media accounts, and we can expect to see broader adoption in the coming year.
5. Built-In encryption
Encryption, the process of encoding messages or information, is not a new technology, but it’s one that has not been widely used beyond military operations and government agencies until recent years.
In the past year, however, it’s become almost standard in many communications platforms, such as Gmail, messaging applications like WhatsApp, and—most famously—iPhones. Widespread use of encryption will make life harder for hackers — even if information is stolen, it can be worthless to a cybercriminal if it is inaccessible.
Messaging company WhatsApp recently encrypted all messages for its 1 billion users such that only the sender and recipient can view the content. If all businesses did the same for the data on their servers, the added difficulty of decrypting the information could dissuade cybercriminals from taking it in the first place, particularly if a hacker must crack a system that has advanced authentication practices in place.
Stay up to date on these and other cybersecurity and privacy developments here.
Follow @DavebBurg on Twitter.
© 2016 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.