How human-centric cyber security will make a difference

The world is changing by the day, as technology transforms every business on the planet, our lives, and society says Steven Hoffman, the Chairman and CEO of Founders Space. Hoffman was speaking at the CLOUDSEC @GovWare keynote at GovWare 2022, which in October returned as an on-site event at the Sands Expo & Convention Centre.

And as the world reopens after the pandemic, one major shift would undoubtedly be the changing nature of work, he notes, pointing to how many of the most valuable and innovative workers are resisting a return to the cloistered environment of the corporate office.

Workforce of tomorrow

The evolving nature of work is leaving cyber security professionals scrambling, as they grapple with a vastly enlarged attack surface that now spans not just the corporate network, but interconnected systems of business partners and employees working from home – or at the coffee shop.

And several developments in the United States, often a forerunner of global trends, look set to further complicate the picture.

“Today, 36% of the U.S. workforce considers itself independent; they think they work for themselves. And 8% of corporations in the U.S. plan to hire more of these independent flex workers in the future. By 2027, there will be more flex workers than full-time workers in the United States,” said Hoffman, who pointed out that many more are going freelance or working at more than one job.

“These workers want to choose what technologies they use and how they use them. They are using the same software on more than one job. People are job hopping faster than ever. Now, if you're at a company for two years, you've been there a long time.”

Tasked with securing a convoluted, fluid work environment with near-constant attrition and employees working from inherently insecure environments, it is easy to see why cyber security professionals have their work cut out for them.

Humans, the weakest link

As the head of a global incubator and accelerator, Hoffman is not unfamiliar with the work at top cyber security firms around advanced solutions based on blockchain or quantum encryption. However, Hoffman says traditional cyber security approaches fail to fully address the elephant in the room: that humans are the weakest link.

“No system can be truly secure once there are humans in the loop. Everyone in this room knows that. Humans bring with them human errors, human negligence. [Bad actors] will always find a way into our networks through them,” said Hoffman.

While cyber education works, it has become less effective as the number of freelancers or independent flex workers grows, says Hoffman. “If workers are required to spend a week [attending cyber education classes], they will a lot of times do it halfheartedly. They will be there, but they won't be paying attention because they're really worried about their KPIs, their family, about other things. Most workers today consider cyber education a burden.”

Unsurprisingly, cyber attackers are doubling up their efforts on the most vulnerable among us: “They are targeting children through games like Minecraft. Kids are much more vulnerable to phishing attacks, to downloading malware. They use the child to get right into the home network, even better if they are using their parent’s computer.”

Human-centric cyber security

Hoffman shared a personal anecdote of a recent spear phishing attempt where he received a message about a purported tax deduction from his mother. It turned out that the cyber attacker had painstakingly recreated her personal Facebook page and used the bogus account to send the message.

While he spotted the bait, it is easy to imagine others falling for it. As phishing schemes evolve and grow in sophistication, how can we protect users? To Hoffman, the solution must blend AI smarts with real-world education and assistance.

“The solution is human-centric cyber security in the form of real-time AI training. As people interact with their devices and their software, you not only protect them but also educate them about real-life situations,” he said.

Hoffman offered an example: “Imagine chatting with somebody over a social network. The cyber security agent watching over your shoulder might detect that this person is asking for sensitive information or find an anomaly in their profile. It can then intelligently warn you that they might not be who they claim to be, prompt you to take precautions, or caution you not to send them that piece of information.”

“We can't force people to behave in a certain way or change the nature of the workforce and its various dynamics such as the rise of freelance work. But what we can do is make our systems adapt to people so that it becomes more intelligent, more flexible, more capable of understanding how people behave and use their devices in the real world.”

Cyber at the cutting edge

In closing, Hoffman says cyber security professionals must start thinking about how cyber security will need to evolve to stay relevant as the role of technology continues to increase and new categories of digital systems are developed.

Pointing to the growing use of artificial intelligence (AI) in our personal lives and business, Hoffman alluded to a future where personal and business decisions might be delegated to AI systems due to their responsiveness and accuracy. But what if these AI are compromised, or the underlying data poisoned? How can we protect ourselves?

One rapidly developing area Hoffman pointed to is wearables. “We are going to see more and more advanced devices, whether it's virtual reality devices, or other types of devices, some of which might be implanted into our bodies. These devices need to be defended, and they will need to be defended in different ways than we can imagine today,” he said.

Finally, realistic human robots might not be too far off the horizon. “In the future, we will get to the point where robots look human, and we won’t be able to tell even after speaking to them. We'll be living with these robots, and we will need to secure them and have some sort of trust identity that the robot has our best interests in mind,” Hoffman summed up.