Posted on 12 November, 2021
Boston Bites is a new Boston-hosted series of events designed to bring together some of the world’s brightest minds and the thought leaders of today, to tackle the biggest issues facing technology in the 21st century.
Our first-ever panel consisted of some of the biggest names in cybersecurity, AI, machine learning, and Quantum computing, including David Worrall and Martin Rudd, co-founders of Secqai, Andy Bates, Chief Development & Strategic Partnership Officer for the Global Cyber Alliance, and our host, Lord Chris Holmes, a life peer in the House of Lords, a member of the House of Lords Science and Technology Select Committee, and Britain’s most successful Paralympic swimmer, whose core policy focus is on digital technology for the public good, with a particular interest in technologies such as AI and Blockchain, and areas of application such as FinTech, GovTech, RegTech, Assistive Tech, and EdTech. As of 2021, Baron Holmes of Richmond MBE is working closely with Boston ESG in an advisory capacity.
This discussion – the first of many more to come next year – focused on one of the fastest growing problems facing cybersecurity experts, Quantum Computing. The panel explored topical narratives, recommendations, insight into fighting Quantum with Quantum, and why it’s simultaneously such an enormous threat and opportunity. Follow this link for ‘fly on the wall’ Boston Bites evidence.
The ‘bad guys’ are currently winning
Cybersecurity has become an arms war, but it’s a war in which one side is not taking part. Real-life attacks have surfaced a huge urgency to act now and prepare for the battlefield.
68% of business leaders feel that their cybersecurity risks are increasing (Accenture). As of 2020, the average cost of a data breach is $3.86 million (IBM), and the damage related to cybercrime is projected to hit $10.5 trillion annually by 2025 (Cybersecurity Ventures).
Hackers are winning today because the implementation of cyber security is disparate and fragmented. Dark web hackers are impressively clever, incredibly successful, and interfere secretly behind the scenes. They have enormous capital backing, generate more money, invest more money, and are not afraid to spend it. Cybercrime is currently an incredibly effective business.
Enter the Void
Attackers are moving faster than defenders, adjusting their tactics for success as they go. They will use every weapon in their arsenal, including the same technology as the organisations they’re attacking (commodity AI, for example, and the cloud for high availability and resilience).
The recent JBS cyberattack occurred because one password was leaked on the dark web. From that one breached password, cybercriminals hacked in through the VPN system and effectively put a stranglehold on the entire eastern seaboard of the US.
Hackers today don’t ‘hack in’; they log in
How would you feel if hackers had super easy access to your organisation’s sensitive credentials?
Identity theft is an ever-increasing problem, and people – and human intelligence – are huge threat vectors. In fact, 95% of cybersecurity breaches are caused by human error (Cybint). What’s more, every employee has access to on average 11 million files (Varonis).
You can follow all the correct steps, but if a hacker has access to even the representation of a password, your organisation is left entirely vulnerable to attack. Hackers will soon have access – or perhaps already have access – to Quantum-accelerating hardware that will help them to crack these digital representations, and slipping through the security cracks will be light work.
This is due to the now widely available QaaS (Quantum as a service) capability that exists as well as specific Quantum photonics that can help accelerate hackers’ capabilities. With such deep pockets, these hackers have no problem investing in such technology.
The only way to prevent the hackers would be to remove the objects that are hackable from Quantum computing e.g., passwords, and rely on Quantum encryption or entropy. However, an estimated 300 billion passwords are still used by humans and machines worldwide, and about 60% of companies have over 500 accounts with non-expiring passwords (Varonis). Currently, there are around 31 billion exposed credentials on the dark web.
Quantum is a threat that needs to be prepared for – today
The fundamental biggest problem of any security AI is that attackers attack multiple organisations, in the same way, a lot of the time. A war isn’t necessarily won by winning every battle, but it is won by learning from the first defeat. The faster we can use those learnings to create a multi-organisational defence strategy, in real-time, the better for everyone.
Right now at Boston we already have the world’s first truly scalable Quantum entropy source – and we are finally starting to see the industrialisation of tools that we have had in the lab for the last couple of years. The questions that must be at the forefront of everyone’s mind are, “How do we use them? Will our equipment work with them? Do we have the will to implement them correctly and see the results we want to see?”
Think like the criminal to beat the criminal
The growing sophistication of AI means that it can foil many existing behavioural-based authentication platforms. At Boston, we want to redress that balance and change things up, to ensure that the defenders are ahead of the game.
There are elements of prediction already out there, but the next generation of AI is about actual thinking machines that are capable of creative thoughts; capable of understanding what the optimal response is with the information available in a complex environment. DeepMind’s AlphaGo demonstrated this perfectly a couple of years ago, when in the middle of a game, it made a creative move, and a change in strategy.
From a cybersecurity perspective, Quantum gives us the opportunity to start with a blank slate and rebuild the cyber landscape in our favour. From an AI perspective, it is not only beneficial to think like the criminal; we should be attempting to predict what the criminals’ strategy is, including when we are designing and building innovative and protective technologies.
This new technology can become self-sustaining, repairing itself and letting us know if something goes wrong, or when something is misconfigured, and in real-time. We can create smart machines that can consider things like policy in response to a cyber-attack.
We must all figure out how best to use these technologies in our individual environments, where they will be most effective from the start, and be sure to use them for what they are best suited – massive scale efforts.
Should we feel fearful or hopeful for the future?
The rapidity of attackers and their ability to attack us before we’re ready should be a cause of concern for all.
Cybersecurity risks threaten western civilisation, and the threat is now so great that governments are waking up, beginning to work together on legislation (the US, UK, and soon, Australia), pushing organisations in the right direction.
The tremendous opportunities for us as individuals, businesses, cities, economies, a planet, are almost endless. These are transformational tools that will evolve businesses and stimulate economic growth and competitiveness, but it’s for us to take control of those tools. Doing so requires leadership, collaboration, and trust, as well as innovation. We need human talent to lead this technology.
AI and Quantum intelligence will give us the opportunity to start modelling more realistically and to revolutionise security, and we will quickly see more guidance, clearer focus, and the first blueprints produced. As Lord Chris Holmes said, ‘What a time to be alive.’