Johannesburg, 12 Sep 2023
Last year, a teenage hacker broke into the systems of Rockstar Games, one of the world's biggest video game companies, and stole information about its upcoming blockbuster, Grand Theft Auto 6. Yet that's not the interesting part. The hacker was already out on bail for another attack and banned from accessing computers. No problem – using an Amazon Fire Stick media player and online hacker services, the teen continued his incursions, including the Rockstar breach. He even cheekily left a message on their Slack.
This news piece gives a snapshot of cyber crime's current reality and future. The culprit is not a hacking genius or prodigy; he simply knew how to access and use highly available cyber crime tools and services. Cyber crime has become vast, automated and open to anyone with a credit card and a little time to study tutorials. And it's just one aspect of this evolving landscape, which recently started adding artificial intelligence.
"AI is still in its infancy stages, but it is improving rapidly," says Johann Schoeman, Nexio's Product Owner of Cyber Security Services. "With the recent developments, it's become more difficult to catch adversaries. But cyber security tech is also keeping up. It's still a cat-and-mouse game, but the barriers are lower and the stakes are higher."
Cyber security never stops. It's constantly evolving. What does that mean for defending the future?
The future is always tricky to predict, but Schoeman and his security peers have a sense of where things are headed. He breaks it down into six generations:
"We're currently phasing between the third and fourth generations, where a lot of advanced things are happening. The first two generations show how far we've come and they still reflect cyber security maturity at many organisations. The fifth and sixth suggest what is around the corner. These generations are hotly debated and definitely not set in stone. But they give us a good idea of what to expect and how to prepare."
The first four generations show cyber security's big advancements in the past decade or so:
- Generation one emerged several years ago, representing centralised monitoring such as security information and event management, and incident detection and response. It relies on basic threat intelligence, has limited automation, is very skill-dependent and remains reactive to threats.
- Generation two moved the needle with features such as advanced threat detection, threat intelligence integration, and automated response and orchestration. It added continuous monitoring and threat hunting, better integration and an emphasis on performance measurements.
- Generation three introduced threat intelligence-driven operations using advanced analytics and machine learning, user and entity behaviour analytics, support for cloud-native and hybrid environments, and incident response automation and playbooks. Business risk integration became a key feature of cyber security.
- Generation four continued those modern enhancements: extended detection and response, zero trust and identity-centric security, and advanced automation and orchestration are just a few examples of current, cutting-edge capabilities. Above all, business-security collaboration, including executive- and board-level reporting, is much tighter.
The future is human
What follows after that? Generations five and six start introducing concepts such as contextual awareness with augmented reality, AI-powered adversary simulations and predictions, and the much-hyped potential threats and opportunities of quantum encryption. And one more element that is already becoming a crucial part of modern security: enhanced human-machine collaboration.
Yes, for all the emphasis on automation and artificial intelligence, humans are the secret weapon.
"Security's future does not exclude humans, it needs them!" says Schoeman. "This is where enhanced human-machine collaboration really needs to start taking place. Security ecosystems need to be integrated with this human-machine environment so that it becomes an autonomous cog that keeps turning and allows us humans to become more creative."
What is an example of this human-machine collaboration? Schoeman and his team are working on adding ChatGPT-like generative AI that will help simplify security reporting, creating plain-language interpretations from security data. This will help human operators inspect events with a glance and make deeper enquiries from the system using plain-spoken interactions. Doing so means that more people, not just experienced security experts, can start interpreting accurate and helpful security information.
"Human-machine collaboration is not just about security teams," says Schoeman. "We provide security services to our clients. The more we simplify and enhance their access to those security services and information, the more their security will improve. That's the next step: we can automate and we can add intelligence. But when we make it easy for people to use and understand security, then we'll truly be in the next generation."
How do we defend the future? Automation, integration, intelligence – and people. Enhanced by machine intelligence, contextual information and AI interpretations, even a kid with a Fire Stick won't be the threat he is today.