Anna Chung, Principal Researcher at Palo Alto Networks, discusses the impact of quantum computing on cybersecurity and offers advice for women entering the field.
Although the virtual world promises fun and creative opportunities for all, Anna Chung, Principal Researcher – Unit 42, Palo Alto Networks’ global threat intelligence team, said it could be the new playground for cybercriminals.
“While we cannot know exactly how the security implications of the metaverse platforms will be, we can expect the next phase to involve protecting virtual assets such as virtual currency and continuing to maintain virtual identity ownership from a security perspective.”
In this interview, she also talks about how quantum computing has great potential to revolutionize cybersecurity and shares her advice for women wanting to start a cybersecurity career.
Excerpts from the interview:
What are the top three cyber threats a business faces today?
Ransomware is the top threat we expect to gain momentum in the coming years. As threat actors actively develop new malicious tools and business models, like Ransomware-as-a-Service, cybercriminals recruit more attackers – even less tech-savvy – to join their ransomware campaigns.
In addition, we have learned more about the mature underground supply chains, enabling malware developers, and how malicious attackers and initial access brokers (IAB) work together and maximize their ransom demands.
The next leading cyber threat is the increasing attack surface due to an increasingly remote workforce. Since the pandemic, businesses have become more flexible on where employees can work. This means the boundaries between office networks, home networks, public devices, and personal devices have become blurry, and the attack surface has drastically increased, leading to more opportunities for malicious attackers.
According to Palo Alto Networks, The Connected Enterprise: Internet of Things (IoT) Security Report 2021, 91% of Middle East IT organizations have seen a rise in the number of connected devices on their organization’s network in 2021, including devices such as baby monitors, pet feeders, gym equipment and even kitchen devices.
Cyber hygiene is another major threat that can allow attackers to access corporate systems and internal networks. Therefore, increasing security awareness throughout the workplace is crucial — regardless of an employee’s position or line of business. Training employees and sharing best security practices will help them spot threats such as phishing emails and suspicious domains and help them think twice before clicking a link.
Will IoT devices remain a popular target among hackers? What are common weaknesses in IT security strategies?
IoT devices remain a popular target among hackers, mainly because IoT devices usually don’t have security features and come with basic functionality such as default passwords that are not changed. In addition, IoT security awareness and education are not as prevalent as they should be, and the number of IoT devices continues to grow exponentially.
IoT devices are targeted for several reasons, such as cybercrime and cyberespionage. When executed successfully by cybercriminals, these attacks can compromise many IoT devices and give long-term access to confidential information without detection.
Organizations need the proper security measures to ensure complete visibility over the corporate network and each device connected, allowing for the ability to respond to every malicious incident. CIOs and their IT teams need to think with a zero-trust strategic mindset, understand what is critical to the business, and build a cyber response strategy to limit as many vulnerabilities as possible.
Will quantum computing transform cybersecurity?
Quantum computing has great potential to revolutionize cybersecurity, particularly using quantum-proof data in decryption. By implementing a quantum-proof solution, stolen and compromised data can remain secure. In addition, quantum computing can break public-key cryptography in seconds, which would take a regular computer many years to crack an RSA encryption.
While Machine Learning (ML) technology has revolutionized how unknown cybersecurity attacks are detected and blocked, the exciting and emerging field of quantum machine learning brings a lot to the table regarding advancing ML development. Quantum ML has the potential to enable exponentially faster, more time- and energy-efficient machine learning algorithms that can identify and defeat novel cyberattacks.
Will the Metaverse usher in new security challenges?
Yes, with every new business opportunity comes new security challenges. In the initial phase, the main targets will be social engineering, digital identities, account security, and virtual assets.
A recent BBC article defines the metaverse as games and experiences accessed through virtual reality headsets. Previously confined to gaming, the technology will likely be adapted in many other areas – from work and play to concerts and cinema.
With the metaverse being a new world, today’s threats may still exist in the metaverse era and require new security solutions. It is a platform for opportunity and challenge, allowing many to commit fraud and scam others.
For instance, an attacker can manipulate the environment, directly allowing the metaverse to play to our senses.
While we cannot know exactly how the security implications of the metaverse platforms will be, we can expect the next phase to involve protecting virtual assets such as virtual currency and maintaining virtual identity ownership from a security perspective.
We’ve all read the statistics about burnout in the security industry. What do you recommend for leaders who want to retain their talent better?
Burnout does not always have physical signs, and showing compassion and supporting your team from a leadership perspective is essential. Good leaders need to encourage time for rest and ensure a healthy work-life balance is in place. This helps with performance and growth in the future.
It is important to set boundaries and good examples for your team by taking time off, recognizing signs of fatigue, and using only professional communication tools to contact the team during office hours.
Another vital part of encouraging a healthy work-life balance is to create clear communication boundaries and not contact employees outside work hours and during those rest times.
What advice would you give to women starting their careers in technology?
My advice for women looking to start a career in technology or cybersecurity is not to be put off by the scientific image sometimes presented. When people hear cybersecurity, they think about mathematics, coding, and engineering. This can create an assumption that there’s a high barrier to entry; however, a job in technology demands a much more robust and diverse skill set, including hard and soft skills.
At Palo Alto Networks, we offer many learning programs for women. For example, Partners in STEM Education – in collaboration with Girl Scouts of the USA (GSUSA) – is a company program providing cybersecurity education for girls. It eventually primes female candidates to fill technology, IT, and cybersecurity vacancies.
Palo Alto Networks also provides free online training on cybersecurity topics and skills to help young females protect their digital ways of life and provide access to hands-on industry experiences at no cost.
In addition, I have also been coaching young women on a one-on-one mentorship basis for several years to understand their career progression, dreams, and goals to reach their desired next step. One of my primary coaching goals is to inspire young women to respect all elements within the industry, regardless of the hierarchy, as each role brings a unique value to the table.
