People and small businesses face the stark reality of a rising cybersecurity threat from AI-adept criminals, experts at an event in Dubai have said.
The Gulf in particular is a growing target as the world's wealth flows in, and with it, the crosshairs of hackers intent on ransom and theft. Dubai is this week hosting a World Economic Forum event that serves as a precursor to Davos in January, with the first day placing the spotlight on the growing cyber threat.
Jeremy Jurgens, managing director and head of Centre for Cybersecurity at the World Economic Forum, told The National: “We are continuously under attack, whether as individuals, as institutions, as countries. And in this environment, there is no default where you don't have to think about cybersecurity. You have to continuously consider it in your actions.”
Once limited to the online world, there is a growing intersection where cyber threats meet the physical world.
“We have autonomous vehicles, robotics, critical infrastructure, supply chains. No matter where we are, where we're interacting in the world, we have to think, 'what is my kind of cyber surface that's exposed here'? It's not to scare people or have them avoid the world, it's just to be conscious of the risks that are there.”
There are concerns that quantum computing, which is thought to be some years away but will be far more advanced than current AI tools, could eventually be harnessed for complex crimes.
The UK cybersecurity agency this year urged all organisations to guard their systems against quantum hackers by 2035. Some believe the technology and the threat may arrive earlier.
Palo Alto Networks said the "strongest encryption may fall short against quantum attacks" and that hacks could be carried out in microseconds.
Governments shouldering burden
Michael Daniel, who was cybersecurity adviser to President Barack Obama between 2012 and 2017, and now heads the Cyber Threat Alliance, said complex logins using a password manager and multi-factor authentication can go a long way.
“There are things that you can do individually to reduce your risk,” he told The National.
“A lot of that, though, has to come at the governmental level, at the policy level, to implement policies that actually reduce the cybersecurity burden that we're expecting individuals to shoulder.”
“We will have to develop ways as a society to cope with those technologies,” said Mr Daniel.
“Certainly, quantum computing poses risks to encryption, but we have already started to develop new encryption technologies that will be resistant to that kind of computing.
"And there's other things that you can do that quantum computing will help with, that will help solve problems, that will help with secure communications.”
States harbouring cyber gangs
One of the hardest issues is how to tackle criminal groups that are based in states with weak control over such gangs, or that turn a blind eye. Well-documented examples include cyber slavery operations on the lawless Myanmar-Thailand border, and sophisticated hacking operations in Russia and China.
Most experts agree that tracing stolen money and disrupting financial networks is more effective than going after physical centres.
“If you disrupt some of the financial benefits to them, you can disrupt their infrastructure, you can disrupt the devices that they're using. There are a multiplicity of ways to impose costs on those organisations,” Mr Daniel said.
“Diplomatically, we need to have the international community come together and start putting pressure on those countries that are harbouring cyber criminals and saying, 'you are acting outside the interests of the common good'. We need to put more diplomatic pressure – more economic pressure – on those countries to not harbour those cyber criminals.”
Since the invasion of Ukraine in February 2022, both sides have sought to use hacking to cause disruption. In Ukraine, there is a nationwide campaign to educate the public, particularly teenagers, about the risks, said Oleksandra Marchenko, head of Ukraine's cybersecurity helpline, Nadiyno. The campaign emphasises that each citizen has a personal responsibility to keep the nation safe.
“Technology will always have two possible ways to be used; something bad as well as something good. And it all depends on us and how we educate ourselves on the ethical use of technologies,” she said.
Leslie Nielsen, chief information security officer at cybersecurity company Mimecast, said the global public must get smart about cybersecurity. “The analogy I tell people is, there are no good neighbourhoods on the internet. That's kind of the bottom line. So just assume that when you're out there, that there is a potential,” he said.
“You're being watched. You're being targeted. Make sure you're protecting your personal devices, because your personal device is probably your key in to your bank account and everything else. If something seems too good to be true, it probably is. And think before you click.”
