ITProPortal sat down with cybersecurity expert Antoine Jebara, Co-Founder and CEO at decentralized, identity and access management startup Myki, to talk online security and identity management.
2017 has stood out as one of most memorable years to date when it comes to online attacks and data theft of all kinds across governments, businesses and individuals.
From the US elections and the Panama Papers, to the recent MacOS Sierra Hack, Antoine discusses the importance for businesses and people to think about how to store their online data safely to avoid the hacks of tomorrow.
Why is the Cloud such a focus in Cyber Security?
The cloud is a huge focus in Cyber-Security because it is actually very vulnerable if a product or a service is not built with the proper protections. The Cloud can allow malicious parties to compromise the data of masses of people from anywhere in the world.
Before the Cloud, hackers had to manage to get within the internal infrastructure of a business to do the same thing, which is much more difficult and requires a lot more planning and tailoring from the attackers. In a way, the Cloud has made life easier for hackers.
What are the main benefits of storing and protected data outside of the Cloud?
The main benefits that come with storing sensitive data offline are first, that users are in control of their data, they control what they share with service providers. Second,users don't have to rely on third party service providers to keep their data safe.
We have seen some of the most impactful breaches in the last year, all of which would have been reduced in impact if users were in control of their data.
The idea of keeping users' sensitive data online is part of a mission to help define the future of digital identity, a future where we, the users are back in control of our data.
What do you think are currently the biggest threats to data and personal information online?
The biggest threat is by far identity theft, and we are seeing an acceleration of hacks in this space. So much of our sensitive data is currently scattered across different servers online. Information that allows any malicious party to impersonate users financially, criminally, medically or more.
In your opinion, what will be the next big development in Cyber Security? Where do you think the industry is headed in the next 5 years?
With the proliferation of hacks in the last 5 years and the sheer volume of hacking attempts, we've seen a lot of businesses shift their focus from a pro-active to a reactive approach to hacks, with companies moving from trying to prevent cyber attacks, to now looking to better detect and mitigate them after they occur.
Machine learning and AI have a huge and growing role to play in assisting security personnel in detecting these attacks. In the coming years, businesses will become much more proficient and faster in evaluating threats and making data protection and identity management related decisions.I believe that at some point enough trained models and know-how will be available to switch back to a preemptive model, with businesses focusing on preventing breaches from even occurring.
Identity Management will also change a lot in the coming five years with the help of Blockchain technology. We've started seeing a substantial move towards self-sovereign identity - people and businesses storing their identity data on their own devices, and sharing it efficiently with those who need to validate it without relying on a central repository of identity data. The trend has been accelerated by the Equifax hack which revealed how exposed centralized repositories of static sensitive data are.
I believe that in the next five years the use of Blockchain based identity systems will spread massively as the technology becomes more accessible to entry point Developers, both from a scalability and ease of development point of view.
Another challenge to make Blockchain based identity systems go mainstream is to solve the challenges related to the user experience, as Blockchain solutions are not currently built to cater to end users. At Myki, we are playing a big role in this space, with a focus on refining the end user experience by abstracting the technical layer without compromising the security of end users.
Given your current understanding of vulnerabilities and threats online, what spectacular hack is begging to happen? And why?
When I think of catastrophic hacks waiting to happen three things spring to mind:
- Another massive breach at one of the biggest Internet companies in the world such as Google, Facebook, Microsoft or Yahoo.
- Another breach of hundreds of millions of private records on a governmental entity server or a consumer credit reporting agency.
- A breach at a highly critical infrastructure level such as power grid or a nuclear reactor for destructive purposes.
These are the worst type of high risk and high visibility hacks scenarios, and two of the three scenarios have already happened. We have reached a point where users increasingly understand the importance of protecting their data. We still have a long way to go but we're ultimately heading in a direction where massive breaches will be much more difficult to execute; users are becoming more aware of the risk their data is exposed to, and they are starting to chose services and solutions that protect them better from such events, via decentralization and other methods.
Mac OS High Sierra was recently hacked. Was that preventable in your mind?
Hindsight is 20/20. Of course, looking back at the events, the hack was absolutely preventable but mistakes like this happen. All we can do is learn from them and create better processes to reduce the likelihood of issues like that from appearing in production builds.
Antoine Jebara, Co-Founder and CEO of Myki
Image Credit: Den Rise / Shutterstock