MWC Topic: Security and Privacy

In PwC’s 21st Global CEO Survey, 87% of global CEOs say they are investing in cybersecurity to build trust and confidence with customers. Every organisation and technical expert views security and privacy as of paramount importance. Key protagonists in this domain are ultimately worried by the growing threats of cyberattack.

Source: PwC, 21st Annual Global CEO Survey. Base: Technology respondents

Put simply cybersecurity can be defined as the techniques of protecting networks, computers, programs, data and connected devices from unauthorised access or attacks that are timed for exploitation. Privacy relates to the protection of personal data from unauthorised access, though opinions on what data is considered personal or not, and who is authorised and when, can vary dramatically.

State of Cybersecurity and Privacy

The more connected we are, the more complex cybersecurity and privacy become. From individuals accessing services, to enterprises and operators authenticating and authorising these individuals, this is a challenge that impacts all. The emphasis shown by organisations over the past 12 months centres upon building their security within their internal network. If the defence cannot resist cyberattacks, no matter the size of the penetration, it is only a matter of time before it faces a large-scale attack.  An increasing quantity of endpoints in the workplace, such as mobile phones, IoT, and connected devices of all kinds are becoming day-to-day vectors for attack, resulting in a dramatic growth in data breaches and hacks.  

We are now in an era where organisations are faced with increasing attacks by cyber criminals. A growing and overlapping thicket of data security and privacy regulations have been introduced to counter this but at the cost of increased compliance burdens and regulatory risks.

The inception of General Data Protection Regulation (GDPR) allows EU member states to enforce actions for breaches that the previous European data protection regime simply could not. Its extraterritorial reach, for example, imposes various new obligations even upon organisations based outside the EU and provides enhanced enforcement powers to the supervisory authorities. Other countries such as Brazil are implementing protection laws similar and parallel to the GDPR, whereas China has adopted multiple new standards and draft or final regulations related to cyber security

Impact of 5G to Security and Privacy

5G offers improved data protection compared to previous generations but there are still flaws that persist. These weaknesses can allow a multitude of cyberattacks and also weaken the protection of privacy. For example, a huge botnet formed in 4G through intrusion into connected home devices can already mount large scale DDOS attack on websites. Imagine the mayhem if the same tactic is used in 5G to take out systems related to autonomous driving.

“5G implies faster speeds for good guys and for bad guys”

Galina Datskovsky, CEO of Vaporstream

To counter the threats, providers are increasingly deploying virtual network components instead of relying on the hardware of yesteryear. This means that, in real time, cloud-based network systems can be adjusted, removed, or replaced using software. Although there is a clear advantage in usability and response, there is still some scepticism; traditional security is about visibility and when one can’t see everything on their network (when using cloud providers) feel problems can arise.

Source: https://idstch.com/5g-mobile-networks-deployments-many-security-privacy-threats-new-technologies-including-quantum-cryptography-required/

One critical security challenge as we face the arrival of 5G is that organisations still don’t have a precise idea of how billions (eventually trillions) of connected objects could affect networks. The sheer amount of data being created by 5G networks will no doubt increase the difficulties in spotting anomalies in user behaviour resulting from cyber attacks. “According to one estimate…..the data output of a single autonomous vehicle in one day will equal the daily output of 3,000 people.” – CPO Magazine: 5G and the Future of Cybersecurity.

Will the future of Security and Privacy rest on AI?

As digital businesses grow, their exposure to cyberattacks increases exponentially. Because of this, the pace of adoption of AI in cybersecurity is picking up rapidly. Why are organisations turning to this? Because AI can reduce time and money by processing data quickly, as well as comprehensively reading and learning from unstructured data. And quite simply, the threats are overwhelming human cyber analysts. According to the Capgemini’s Reinventing Cybersecurity with Artificial Intelligence Report, “over half (56%) of organisation say their cybersecurity analysts are overwhelmed while close to a quarter (23%) are not able to successfully investigate all identified incidents.”

“Organizations are looking for automation, machine learning, AI to help make cybersecurity more manageable, more efficient, more effective and lower their risk.”

CTO and technical executive for IBM’s European security business

The telecom industry suffers more cyberattacks than most annually, forcing operators to adopt AI to identify possible attacks – and also fraud – and either halt or mitigate them; while predictive analytics can even identify possible precursors to attacks. However, as the attacks become more sophisticated and quick to adapt, defence strategies based on any single, one-size-fits-all analytic technique will produce less than optimal results. To combat this, integrating supervised and unsupervised AI models can play a pivotal role in detecting these attacks.

Source: Supervised vs Unsupervised Machine Learning Problems – https://vitalflux.com/

A supervised learning model is by far the most commonly used method across a wide range of industry use cases. With supervised learning, the output of the algorithm is already known, which then can easily tag each transaction as either safe or not. These models come about through ingesting massive amounts of tagged transaction details in order to learn patterns that best reflect legitimate behaviours. The model’s accuracy, however, is fully dependent on the correlation to the amount of clean and relevant training data being used.

Unsupervised machine learning is a more complex process which has been put to use in a smaller number of applications thus far. In unsupervised learning, there are no fixed data provided and outcomes are unknown. The artificial intelligence goes into the problem without oversight and can only rely on self-learning and faultless logical operations to guide it. The benefit of the unsupervised model is that it is specifically designed to discover outliers that represent previously unseen forms of attack.

Security & Privacy at MWC20

Monday 24th

16:00 – 16:45 AI-Based Fraud Detection

Recent research from PwC, KPMG and others has highlighted how organised frauds are increasing in speed and scale. The past year has seen machine learning and other automation techniques emerge to commit fraud. The current preventive measures are no longer effective at confronting the more advanced, nuanced attacks. Why is AI ideal for fraud detection? Supervised machine learning can train fraud detection models better than manually-based approaches. Moreover, combining supervised and unsupervised machine learning into a single fraud prevention algorithm enables AI to find anomalies in emerging data.

Attend this session to learn how to protect your revenue streams as fraud becomes more sophisticated.

Wednesday 26th

14:30 – 15:30 5G Critical Security

“Security is a top concern for 5G operators, almost equal to increasing capacity and throughput,” according to a recent report from Business Performance Innovation Network. Operators still don’t precisely know how billions of connected objects could affect nascent 5G networks. However, concerns focus on the core network; devices; and staffing and management requirements. 5G’s improvements in speed, capacity and latency also risk giving new force to attacks like volumetric distributed denial-of service (DDoS).

Attend this session if you want to learn how to combat and mitigate potential security risks as you roll out 5G networks.

Thursday 27th

14:30 – 15:30 Securing Supply Chain Vulnerabilities

Due to the interconnected nature of supply chains, a security weakness in one link can compromise the entire chain. Far from just losing material stock, the company’s profitability, data, partners and reputation are at risk through breaches, ransomware or other attacks. Yet today’s globalised supply chains, frequently coupled with multiple tiers of sub-suppliers, make it nearly impossible to trust in the hardware and software security deployed throughout the supply chain.

Attend this session if you want to learn how to hold your supply chain partners, and yourself, to higher security standards.