The State of Engineering: Online Security and Cybercrime

The realm of online security and cybercrime is an interesting space to watch. After the Hollywood limelight sensationalised them for years, the two topics are now moving away from popular culture. Lately, they’re located either in midst of socio-political debate or spread across the world’s media headlines. Yet, at the same time, the field is a cornerstone of innovation.

Rapid developments and the application of these innovations are paving the way forward for society. Funding continues to increase, and the perception of engineers in this area remains positive.

The 2017 Create the Future report shows that 82% of international respondents see engineers as crucial to online security. As such, what is the state of engineering in this cybersecurity? Are advancements progressing as a self-contained endeavour, or are they more tightly interwoven with other processes? While the battle between engineers and cybercriminals rages on, where does the public fit?

We will delve deeper into specific problems and solutions in cybersecurity later this month but, given the complexity of the landscape, we will outline some of the statistics, the innovations, and the interplay with the public for context.

Cybercrime: The Figures

Unfortunately, the statistics around cybercrime aren’t comforting. In fact, by the time you’ve read to this point, at least 3-5 cyberattacks will have occurred in the US. What's more:

• Large-scale distributed denial-of-service (DDoS) attacks increased by 53% in Q1 2018.
• The average cost of a single data breach in two years’ time will exceed $150 million USD

Current trends in cybercrime are also worrying. New tools and methods used by attackers are not only more effective, they’re also less detectable.

• The Ponemon Institute found that newer, ‘fileless’ attacks — attacks that don’t need you to open malicious.exe files to work — are bypassing typical security measures.
• What’s more, cryptojacking — where your computer’s processing power is secretly hijacked to mine cryptocurrency — increased by 8,500% in 2017.

For context, all this is occurring while the engineering skills gap continues to grow. In the cybersecurity space, it’s estimated that by 2021 there will be 3.5 million unfilled jobs.

Online Security Innovations

Thankfully, engineers are developing a plethora of new cybersecurity measures. From more ‘simplistic’ measures such as multi-factor authentication to more complicated tools such as biometric authentication — think fingerprint scanners, deep vein scanners, iris scanners, and Face ID — newer, more secure methods now secure our devices. Additionally, next-generation blockchain platforms form the basis of more and more transactions, messages, and stock exchanges, and Artificial Intelligence (AI) is detecting security breaches far quicker than humans can.

In encryption, engineers are working on a range of methods and applications. For example, new, hypothetical encryptions are being constructed in anticipation of quantum computers. Next, there are methods that allow for external data processing without ever needing to decrypt. As a third example, encrypted updates for autonomous vehicles will prevent someone from driving you off the road. However, while these developments function well in a vacuum, problems can arise when you introduce a human element to them.

Power to the People

Engineering, in general, has a significant impact on daily functioning. However, most engineering fields don't have to assume such a level of knowledge and competency from the average person. Because the internet is so decentralised, control over security is also more widespread. As such, the online security space finds itself in an unusual situation where the success of innovations isn't solely based on engineering prowess. There is a rapid rate of advancement, with new smart devices, smart technology, and software developed almost daily. Yet, while companies market these technologies as being secure, they are often only secure in isolation.

For these innovations to work as intended, the public needs to have a grasp of what to do with the technology (and what not to do). Public education on cybersecurity helps to ensure that, for instance, your household full of secure smart devices isn’t based on an unencrypted, password-free Wi-Fi network. You can have an individually-secure smart appliance, but if you connect that to an unsecured network...The public’s knowledge of online security best-practice is low. Very low.

A survey by Pew Research Centre found that 70% of people don't know how using a Virtual Private Network (VPN) would benefit them. 71% of respondents also couldn't identify what multi-factor authentication was. Somewhat ironically, this lack of knowledge can, at times, benefit engineers. Human error is a big component in security breaches, but this can play an important role for engineers in highlighting security weak points.

Going Forward

So, what's next? Well, work needs to continue (and quickly). Not only do we need to innovate, to stay ahead of hackers we need to increase the number of engineers working in cybersecurity. Developing new services and refining current ones helps to keep our devices, data, and public systems secure. However, to achieve this do engineers need to restrict the amount of control that users have over their own data, or is a combination of behind-the-scenes security and public responsibility the way forward? What’s more, while the public needs to pay more attention to their own actions to preserve the integrity of these systems, should we be questioning our preference for usability and convenience over our security?

So, what else needs to happen, and who else can help? If you know of a good strategy for either businesses or individuals, or you've got a story to share, then let us know on Twitter!