Ahead of the Global Cyber Conference, we have undertaken a series of interviews with some of our speakers featuring on stage in September.
Raphael Reischuk is Head of Cyber Security Services at Zühlke, a global innovation service provider. Nominated as a Top 100 Digital Shapers of Switzerland by BILANZ and Handelszeitung in 2021, Raphael will be a panelist at the Global Cyber Conference in a session entitled “What does successful cultural change around cyber resiliency look like” at the Global Cyber Conference 2022.
In this interview, Raphael shares his insights on cyber security emerging trends, the financial implication of cybersecurity failure, and how the human element fits within the context of cyber security.
The human element plays a central part in most cybersecurity incidents. To which extent do you consider that people are most often the problem?
The human element has always been part of the equation of all kinds of interactions and structures that humanity has built. The exploitability of human weaknesses has not increased per se. However, many issues, situations, and contexts are rather uncharted territory for the human brain — at least compared to the traditional risks and dangers that humans have faced for centuries.
As such, today’s digital-first world confronts all of us with challenges that are rather novel and without a long training horizon. This very circumstance must be taken into account whenever we design systems, processes, and architectures for our society, customers, as well as users. As it would be naïve to seriously believe in an improvement of conditions among the general population, the responsibility must be taken by selected humans, more precisely, by decision-makers, policymakers, architects, and security officials.
The costs of cybersecurity failure constantly increase. Is this trend to continue forever and what should companies do to adequately protect themselves?
Cybersecurity failure and cybersecurity protection find themselves in an infinite game. Both ends are competing to gain an advantage over the other, which constitutes an unfair game for a number of reasons. But there are points of view that give courage for improvement.
Due to the high number of players, not winning does not necessarily mean losing. In other words, the goal is not to become the best. Instead, becoming better than the bottom third might be sufficient. This Paretoist view helps to balance costs and effort while achieving an adequate level of protection. Concrete strategies and actions depend, as always, on the type of industry and the societal criticality.
Considering the rapid increase in cyberattacks, what do you believe will be the major trends likely to emerge in cybersecurity over the following 3 to 5 years?
Among the major trends is certainly a further increase in automation, i.e., automated detection, automated classification, and automated response to cyber threats and attacks. The growing complexity, the increasing amount of accessible data, and the new pace of adaptability require an increased level of automated action.
A second trend lies in a similar space, but on the attacker’s side: there will be a significant increase in deep fake content nearly indistinguishable from real content.
Deep learning models are improving day by day, further fueled by the war, so that breaches and attacks will likely be made possible due to simplified impersonation and a general impairment of authentication. The level of sophistication of cyber-attacks will generally increase, simply because models and kits are available, and their invocation is rather cheap. Moreover, we will see an increase in the professionalization of criminal actors, who need foreign currency.
On the more technological level, we will see quantum computing facilities become available to broader audiences, for the good and the bad. On the policy side, we will see a large increase in regulation for various sectors and industries. Policymakers will start understanding their responsibility and influence when assigning higher priorities to ensure compliance for vendors and products. More laws will appear, and transparency will increase (e.g., with mandatory software bills of materials).