Cyber Security Expert, Former Senior Intelligence Officer Dept. of Defense, Private Consultant, Author
Phishing. Identity theft. AI. Machine Learning. Protecting your identity online has been a concern since the early days of the internet, but how do we protect ourselves and our businesses as new threats arise? Is there a future where AI is used for more than targeted ads and location-based search? Cybersecurity Expert Tyler Cohen Wood breaks down the threats we should all be aware of and what we can expect next in online privacy and data collection.
Privacy is keeping your personal information protected, and if your privacy has been breached, that means that a lot of personal information that we consider to be private is now out there in the open. Cybersecurity encompasses much more than just that. It's the protection of that data, its techniques that will help people learn to better protect themselves from giving up that data, so there's a big difference between privacy and cybersecurity. One is something that's trying to be secured the other is the methodology with which that happens.
I get asked by people all the time, “So what, I don't have anything I don't care,” but that's actually not true. You have a lot of information at stake. That information could be information pertaining to your kids. It could be somebody having access to enough information to create an entire credit profile on you and be able to steal that credit. I have known people that have been in a situation that is that difficult where drivers licenses have been taken out in their name, loans for houses in other states taken out in their name and to try and fix that is really, really difficult, and it takes a very, very long time. Sometimes it gets fixed, but there’s still consequences.
So phishing is where a hacker sends out kind of a bait — something that looks really really juicy — or it could be in the form of a news article that you just have to read or it could be an email that appears to come from a legitimate source, but it isn't necessarily. Hackers are getting pretty good at targeting their targets and they're really using a lot of this information that is freely and openly available that we just kind of give away. They're using the same types of tools and techniques, and it's a cat-and-mouse game. What's difficult is that when you are securing a business or a company, well, that business still has to function. You know, you can take the wheels, the engine, the doors off of a car and someone’s probably not going to steal it, but you can't use it either. So, there have to be ways to let things in and out, and a hacker just has to really find one way in. So, we're at a disadvantage in that way, but when you throw in collaboration and when you throw in these new types of tools, it doesn't necessarily even the playing field, but it gives us a much better success rate.
90% of hacks are done through social engineering, and that means phishing, that's getting someone to do something that they wouldn't normally do. That's that's the easiest way in and the lowest hanging fruit, and why not go for what's easiest? But what AI and what machine learning can do is it can very quickly piece together a profile on a person. For example, if you play music, it would be able to determine your location, what's around you, and maybe even have the knowledge that you go to a particular guitar store, and you would get a email from that guitar store looking very legit saying, “we're having a sale on this awesome guitar,” and you would click and that's it. So they're very, very good at figuring these things out, and when you add AI, the algorithms to be able to parse this data much more quickly and then make sense of it, that's when it gets difficult, but the good guys are utilizing these technologies, too.
One of the great things about AI and machine learning is that it will have the ability to really learn and profile specific attackers and attack types and make the decision whether or not to continue engaging, and give that hacker fake credentials or whether to stop them in their tracks, whether to notify someone. But it's not just going to be in our corporate security devices. We're going to start seeing that in our personal devices. too.
It is weird because I see the pendulum going back. For a while, now everything is centralized in kind of one location or in the cloud, but I think because there's going to be restrictions on some of these social media companies coming down and also because I think people are getting frustrated with their information being owned like that, and they want other alternatives. You’re seeing it with Clubhouse and you are going to see these kinds of peer-to-peer networks that utilize everyone who's on the system's devices for processing power.
I believe that there is a much more positive outcome that is available to us if we're willing to do the work to get there. And again, that's going to be collaboration, that's going to be utilizing new technologies, that's going to be taking the onus of securing the devices off of the individual user and making the machines like self-cleaning ovens, self-securing devices. And I do believe that the future is positive. Maybe not the immediate future, but I do believe within the next couple of years, that we really are going to have so much innovation that is going to help us. I hope it turns the tides and gives us the advantage, but you know again—they only have to find one way in—but with these types of technologies, I do believe that it is possible that we actually could gain the upper hand and that's really exciting.
No, again, I can't emphasize how important it is for everyone to take responsibility as much as you can for your personal and your family's cybersecurity. Because when you start taking responsibility for that, it's really the same techniques that you're using to secure your business, but there is a lot more at stake than you may think. Make it a fun night. Maybe you don't have wine if you've got the kids there, but go through everyone's phones and show, you know, “Wait a minute, why is this permission doing this?” and it could be something fun, something enjoyable. Take some responsibility, but also do not beat yourself up if you cannot know and understand every single possible cybersecurity threat and vector because, you know what, no one does.
Your online presence can be the key to unlocking your privacy. Tyler Cohen Wood discusses how even the small things on social media can help hackers build a profile on anyone.
When we post something, we think of it as just kind of one post in time, but when you piece together everything about all of your posts, everyone who's tagged you in posts, it's very easy to get an accurate profile on who you are, who your friends are, what your politics are. Even if you never mentioned politics, it's still an algorithm that is very easy to ascertain that information. So, you want to really think about this before you post. How does this give somebody more information to target me?
The more we all know, the safer we’ll all be. Tyler Cohen Wood explains how intergovernmental relationships, machine learning, and collaboration help build a collective knowledge base that protects our identities.
You never know what exactly is right around the pike, but I do believe that we have governments, we have private businesses, we have a lot more collaboration between these different entities on cybersecurity and collaboration, while still protecting each company's intellectual property. I know that is the way that we are going to be able to get a handle on this. That, and utilizing these technologies such as AI, machine learning, blockchain, all of these new types of things that can help protect identity.
We're going to be seeing a lot more of that coming into play and really helping, because it'll take the heavy lifting off of the cybersecurity experts and imagine if you had a device that was a protective device, that could learn a hacker's traits and could learn what moves this type of hacking group is going to take next, and be able to contain that knowledge and learn it and share that knowledge.
Tyler Cohen Wood, CISSP
Cyber Security Expert, Former Senior Intelligence Officer Dept. of Defense, Private Consultant, Author
Everything related to a user’s online activity can be harnessed to build a targeted profile. Now more than ever, users should be cautious about what kind of content they post, who they’re associated with via tags, and even browsing patterns.
Even if users aren’t directly and actively engaged in conversation around a particular topic, the collective information surrounding them can be used against them. Using artificial intelligence (AI) and advanced algorithms, hackers are able to develop hyper-targeted threats that can result in privacy breaches identity theft.
Just as AI can be used by hackers to find and exploit vulnerabilities, it can also be used to defend users against these kinds of attacks. AI has the ability to learn and build profiles on specific patterns of attackers and types of attacks, and determine whether or not to give out more information or withhold it as a precaution.
Once a threat is detected, this defensive AI can make decisions on how to proceed. In order to protect users, AI can give the attacker false credentials, stop the hacker in their tracks, and notify the victim immediately. Advances in this field will not only help businesses against breaches and large-scale attacks, but eventually, AI will also protect individuals in the same way.
Machine learning involves using advanced computing and algorithms to analyze large swaths of data, identify patterns based on that collective information, and develop insights over time. By harnessing machine learning, analysts are able to detect patterns and make predictions in many different areas, including business, healthcare, technology, education, and more. As technology advances and use-cases become more mainstream, machine learning will be an essential part of any business’s cybersecurity defense protocol.
The beauty of AI is in its ability to analyze and interpret volumes of data that wouldn’t otherwise be possible for humans to do. In order to protect both corporations and citizens, we will start seeing increased collaboration between governments, private businesses, and various entities as they share information and resources.
As AI and machine learning become more prevalent and commonplace cybersecurity tools, it will be critical for sectors to partner and develop the necessary defenses to guard against increasingly threatening hackers.