- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
IBM on Future Cybersecurity: Passkeys, Deepfakes, Quantum Computing
“The internet will be a lot safer in five years than it is today, thanks to technological advances that address common problems at scale.”
This prediction by Chris Hockings, CTO of IBM Asia Pacific, might seem a bit ambitious given that AI-powered cybercrime is growing at an exponential rate, deepfake technology is enhancing social engineering attacks, and the power of quantum computing is on the horizon.
But Hockings spoke with TechRepublic about how he believes that technology will accelerate at an even faster rate in the coming years — with the passkey at its core.
The future of digital identity in Australia
Digital identity is a key area where Australia is making significant progress, with passkey technology serving as a core component of this advancement — despite passkey adoption lagging behind in Australia.
Hockings highlighted how digital identity systems are helping to reduce the risk of breaches. Notably, Australia’s myGov is a passkey project that carries national implications. Implementing passkeys can effectively eliminate the main source of fraud for users who adopt them, he said.
“Globally, 16% of breaches have to do with lost and stolen credentials, and it’s the most common initial attack vendor,” Hockings explained. “Digital identity offers an opportunity to reduce the attack surface significantly. The more people adopt these technologies, the less susceptible they will be to cyber breaches.”
Emerging threats: Deepfakes and quantum computing
Elsewhere, other threats are certainly emerging. New challenges such as deepfakes are causing governments worldwide to hastily draft laws to combat them, while quantum computing looms on the horizon. Once quantum computing becomes a reality, traditional encryption techniques could be rendered ineffective.
However, Hockings said that solutions to counter these issues exist.
“Deepfakes are a significant concern, but with the right technological advances, we can create systems that filter out unreliable content at scale,” he said.
Hockings believes the core issue with deepfakes as an attack vector boils down to identity. The internet was originally designed so that content could reach everyone. However, with the implementation of digital identities — including the potential for myGov — individuals are gaining greater control over what content is filtered out.
“We rely entirely on SSL when using websites today,” he said. “I think the response to what is going on is that there’ll be protection mechanisms in place, and the focus will shift from protections and a kind of ‘zero-trust’ approach to the content we experience, rather than the current reactionary approach which is to ‘detect and respond.’”
Meanwhile, IBM is striving to be at the forefront of addressing the challenges posed by quantum computing. Looming on the horizon, the sheer speed and power of quantum computing means that “brute force” attacks could defeat even 2048-bit encryption. It might take a decade or longer for quantum computers to become powerful and error-free enough to achieve this.
With IBM not expecting to deliver its first error-corrected quantum system until 2029, there is still time for organisations to focus on security to ensure their response to quantum computing isn’t reactionary.
A solution to the cybersecurity skills shortage
One of the most pressing issues discussed across Australia is the cybersecurity skills shortage, which Hockings acknowledges, particularly noting its challenge with gender bias — currently, just 17% of cybersecurity professionals are women.
“Even from my own experience — I have teenage daughters who are looking at university, and I’ve seen the options around cyber security trickle through,” he said. “They’re there, and there’s obviously the standardisation of TAFE courses too. But in terms of attracting women into the industry, those efforts need to continue to build.”
However, Hockings also suggested that the extent of the cybersecurity skills shortage — both now and into the future — is “over-inflated.”
“It’s not just about the number of people available,” he added. “It’s also about the technology innovation that can help existing professionals be more effective and eliminate the need for people to do certain parts of those jobs.”
IBM has long recognized the importance of nurturing talent and sustaining innovation. Hockings said.
“We’ve been able to sustain innovation over 30 years, which is a pretty amazing feat,” he explained. “This is reflected across enterprise clients in Australia, with many initiatives involving partnerships with universities, running hackathons, and other activities to build interest and create a pipeline for bringing skills into organizations.”
As security becomes a more personal matter and the “zero-trust” approach to authentication and identity allows individuals greater control over how they access and interact with content, digital literacy is going to be key. This allows people to feel empowered in making decisions about security.
However, Hockings is confident that this shift in mindset around security is going to result in a more secure internet where cyber attacks that rely on a large surface become obsolete.