Skip to main content

Security boss: "We could be in for some big and nasty surprises"

Home automation, connected objects, e-health and quantified self, bio-informatics and Web 4.0... All these are part of the emerging trends of the future, and innovation is constantly progressing.

But the security of these new technologies is not always anticipated.

At the International Forum for Cybersecurity (opens in new tab) (FIC), an elite panel formed of industry-leading experts from the top cyber security companies in the world seeks to answer the question: How can we consider the security and uses of the future?

Christophe Auberger, technical manager at Fortinet, shared with us his predictions, fears and hopes for the future of security.

Are we struggling to cope with the new range of malware that's out there?

Today we've reached the limits of traditional security systems, most of which are based on traditional recognition parameters. We've got an average detection rate of 70-80 per cent of infiltrations and penetration attempts etc. So that's pretty efficient, but there's still 20 per cent to be secured.

We can't rely on users to institute security, since it's usually a hassle. users end up forgetting passwords, and copy-pasting them from elsewhere and so forth. So security has to be handled on another level, or it simply won't be implemented at all.

How are our methods of detecting malware evolving?

In terms of botnets, there are a lot of rootkits that can't be detected by traditional malware. However, they all have one thing in common: they all send a communication back to the control centre. That means you have a 99.9 per cent chance of detecting a botnet simply by spotting its behaviour , and determining the existence of those data connections.

There's collaboration among antivirus companies, sharing information about attacks (opens in new tab), and also between the research centres. If a lab discovers a weakness, we patch the hole and then give the information to the other solution advisers, so any provider is ale to produce the patches to protect their product. There's no conflict of interest there.

But our collaboration with our customers actually needs to be better. We need to increase security in general without scaring people.

Are companies and businesses prepared for what's coming?

The problem, I think, is that there's about 5 years between where the security industry is now, and where most SMEs are in terms of security. That's a big gap, and in my opinion we could be in for some big and nasty surprises.

What we might see in the future is also cyber warfare, which means states and not individual attackers, could seek to damage important companies. The idea of putting defences in place for this kind of onslaught might be Utopic, but we have to work to minimise the potential damage.

What can companies do to protect themselves?

No matter how well-made a system is, if it's not properly implemented, it's not going to be effective. Enterprises are ashamed of revealing losses of data due to the loss of reputation that can arise from data breaches (opens in new tab). Information is very valuable. Companies work in information, they trade in information, and if they lose some it, it can seriously damage their reputation.

As we all know, security is not just about technology - it's about everything around that. We have to create collaboration with enterprises.

While this does happen, it's not organic, it's not natural right now, and that's something that needs to change in the future.

More from FIC 2014:

Prominent lawyer: Does the cloud have international borders? (opens in new tab)

US Navy professor defends PRISM, calls Internet "a lawless frontier" (opens in new tab)

French defence minister calls for unified front against cyber crime (opens in new tab)

Estonian IT security chief: "I don't want to use American encryption anymore" (opens in new tab)

Palo Alto director: "We could see AI in antivirus in the next 5-10 years" (opens in new tab)

Paul Cooper
Paul Cooper

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.