Cyber-security a 'game of chess'
Security professionals always trying to anticipate cyber-criminals' next moves, says ESET CTO
Cyber-security can be likened to a game of chess, whereby security professionals are constantly trying to anticipate the next moves to be made by cyber-criminals, according to Pavel Luka, CTO at ESET.
Speaking to ITP.net, Luka described cyber-criminals as smart and well-funded, and that they are always capable of finding ways around the best technologies that security companies come up with. Conversely, security firms are always attempting to anticipate cyber-criminals' next moves.
"We create some technology, some protection, and the cyber-criminals find ways around it. They always do because they're smart, and they're well-funded these days as well," he said.
"Then we make some counter-moves and they make their moves. This goes on and on forever and, like any good chess player, you're trying to anticipate the moves that are going to happen."
Luka said that there was evidence for this way of thinking in the way that ESET predicted the rise of mobile malware, which now plagues the Android ecosystem. He said that, by the time the mobile malware issue had become serious, ESET already had products in place.
That said, he acknowledged that other cyber-criminal actions are less easy to predict.
"You probably know the Stuxnet virus. Six years ago, who'd have said, using just malware, you could use it to destroy physical things, like the centrifuges in Iran," he said.
"The sophistication of this attack, the way it worked, it's something that pretty much surprised me. It's stuff that used to be happening only in science fiction, but now it's here."
In terms of predicting new trends, however, Luka said that there were signs that pointed towards new areas of interest for cyber-criminals. He said that the growing proliferation of connected devices fixed with sensors was certainly a cause for concern.
"I think there is going to be a problem with so-called embedded devices. All of these devices are connected and they usually have sensors. And some of them have actuators, they can do stuff," he said.
"If you want to see what happens when you give a bunch of smart people access to sensors, just look at the App Store. I have an application which measures heart rates through the camera. It's going to light your finger up, and it's looking at the flow of fresh blood.
"These are things which are cool, and it's done with just a couple of sensors by smart people. Now think about all these devices, which have sensors, and give them to smart people - but they're cyber-criminals - and try to anticipate what's coming."
Luka said that cyber-criminals could think of just as inventive ways to use connected smart devices for nefarious purposes. And because of the lack of security on many of these devices, there could be cause for concern.
His next move, he said, would be to look at how these devices can be protected without affecting their accessibility.