Large-scale, customized and personal attacks among recent trends in cybersecurity
Tiffany Bao is an assistant professor in the School of Computing and Augmented Intelligence at Arizona State University (ASU), where she teaches an undergraduate course called “Introduction to Cybersecurity” and a graduate-level course called “Software Security.” She is also the associate director of research acceleration at the Center for Cybersecurity and Trusted Foundations.
With her work divided between educating people about cybersecurity and researching its unknown elements, Bao understands her role in this field is all-encompassing.
“My teaching is about telling people the existence of those attacks, the existence of those kinds of vulnerabilities, so that people will be more aware of the impact and how to defend themselves. In my research, my job is to proactively find those vulnerabilities. We want to find those vulnerabilities earlier than the people with malicious intentions.”
In the Q&A below, Bao explores recent trends and expresses optimism regarding the future of cybersecurity.
Question: October is Cybersecurity Awareness Month. What is top of mind for you in the current state of cybersecurity?
A: This year, we’ve seen a lot of news regarding large-scale attacks.
This is the reality. This is the world. The world has so many different kinds of cyber devices and cyber services. Even just industry services that are implemented through cyber means can contain vulnerabilities and really impact our life. With those vast numbers of connected devices and cyber services, no one can confidently say that they are immune to any of the vulnerabilities. If we are saying this is a fact, then how are we going to protect ourselves?
Q: How are things going in that regard? Are we ever going to get to a point where we are ahead of the attackers?
A: A good indicator of our being ahead of attackers is that we discover some vulnerabilities that no one else has discovered before. Our team has discovered dozens of those new vulnerabilities, and we report them responsibly to the associated vendors.
Q: Given that much of your work is research-related, how do you think of the future of cybersecurity and cyber attacks? How will that relationship evolve over time?
A: In my research, we’re trying to use and create more modern techniques for the sake of defense. But this also means that any malicious attackers can also leverage those modern techniques and advance their attack. This is the most horrifying part, to be honest.
What I see is there will be more attacks scaled out through artificial intelligence. Don’t be surprised if you receive a call (from someone) pretending to be a close family member or relative. They’re totally fake, but the voice sounds like it is coming from a close one.
Those attacks can be scaled up, meaning they are not just targeted at you but also everyone in an organization. This can be especially bad for ASU because ASU is a public university, and part of our job is to provide public service to the students. We see a lot of videos and interviews online of ASU personnel because we want them to talk about things publicly. However, this also provides attackers with material for impersonation. That can really be a problem in the future.
Q: Are you optimistic or terrified about where this is all headed?
A: I feel rushed because we're always in a competition. This is a cat-and-mouse game. It's good that there is new technology, but also, (attackers) can use that new technology. I’m not terrified because I know that we are working ahead. But I also feel rushed because, at any moment, they can catch up.
Q: We asked each expert to provide a practical tip. Check out Michael’s response below: