Professor Ryan Ko discusses the ongoing war between cybercrime and cyber security – and how the good guys are starting to win.
Cyber security experts and cybercriminals have been locked in a game of cat and mouse for decades. But now, thanks to advancements in automation technology, the roles could soon reverse, putting the protectors ahead of the chase rather than one step behind.
Professor Ryan Ko, Chair and Director of UQ Cyber Security, believes the scales are already starting to tip.
“With automation and tools enabling cyber experts, our response to the rate of cybercrime will soon at least reach parity, if not be higher than, the rate of cybercrime,” he says.
“We are moving towards an era of cyber autonomy.”
Cybercriminals are eternally devising new strategies, but cyber security experts are getting better at keeping up and getting on the front foot.
“On a daily basis, a new type of attack surfaces, and on a weekly basis, a novel approach is reported,” says Ryan.
“We are witnessing four unique malwares generated every second. Cyber security professionals need to constantly adapt to new methods, but they are usually able to stay abreast of developments by working as a community to share the latest developments and security intelligence.”
Unfortunately, as protection efforts become more robust, cybercriminals continue to get more inventive. It could almost be fascinating – if it weren’t so insidious.
Ryan sees the recent rise in targeted ransomware attacks as a prime example of this blend between creativity and cruelty.
“Criminals would target one organisation at a time within a sector, such as hospitals in the healthcare sector,” he says.
“They would lock up all computing devices – including those in the ICUs or those controlling critical equipment.”
“There’s a lot of automation protecting people from cybercrime behind the scenes.”
- Network-monitoring tools detect and prevent hackers from scanning for vulnerabilities and unprotected connections.
- Email servers automatically scan for phishing links and filter out spam.
- Cybersecurity experts use security incident and event management (SIEM) software to automate data fusion and anomaly detection based on predefined rules.
- EFTPOS machines use cryptographic solutions to automate authentication and data integrity.
- Banks and other financial institutions use machine-learning algorithms to monitor payments and identify anomalous transactions.
The cyber security heroes of tomorrow
The good news is we know what needs to be done to stay ahead of cybercrime.
“To outsmart cybercriminals, we need to develop platforms or detection techniques through research or by applying the latest research breakthroughs,” says Ryan.
“Cyber defenders are adopting new machine-learning techniques to detect information flow."
“In my research, we’re analysing provenance (the chain of custody for data) and information flow so that we can understand the behaviour and spot the cybercriminals lurking within critical infrastructure. Once we’re able to trace provenance of information sent or received within the infrastructure, we can invent tools to detect and mitigate anomalous behaviour which may lead to larger attacks.”
Yet, as impressive and helpful as Ryan’s research is, it’ll take more than one man to turn the tide on cybercrime. This is why he’s designed The University of Queensland’s Master of Cyber Security to incorporate skillsets from all backgrounds: geopolitics, policymaking, ethics, law, criminology, social sciences, psychology, governance and more.
“Without considering these fields, cyber security graduates cannot be pioneers or lead in the sector,” he says.
“There’s a perception that cyber security is a technical subject. The truth is far from that.”
Criminology has a special role to play in the study and research of cybercrime, as Ryan feels the implementation of traditional crime prevention is underutilised in the digital landscape.
“There’s a tried and tested framework called Situational Crime Prevention (SCP), which has been effectively applied to prevent traditional crime,” he says.
The SCP encompasses five groups of techniques:
- Increase the effort.
- Increase the risks.
- Reduce the rewards.
- Reduce provocations.
- Remove excuses.
Yet, when it comes to preventing cybercrime, Ryan believes we’re currently confined mainly to the first category, increasing the effort.
“Cyber experts try to create software or cryptography which are harder to break,” he says.
“But, eventually, they will be broken. Evidently, there is so much potential for cybercrime prevention through adopting the other four SCP groups.”
Ultimately, Ryan hopes graduates of the Master of Cyber Security will continue to find new ways to stop cybercriminals in their tracks – or at least ensure they hit a dead end with each unethical road they take.
Fact: 93.2% of postgraduate alumni from UQ Engineering, Architecture and Information Technology programs agree that their study equipped them with adaptive skills (2020 Graduate Outcomes).
What can you do?
Even if you’re not enrolling in a Master of Cyber Security, Ryan has tips for how you can reduce the risks of becoming a victim or unwitting accomplice of a cybercrime:
- Always be sceptical about unsolicited emails and text messages.
- Update your devices and computers to the latest versions.
- Enable two-factor login authentication when available.
- Back up all your devices and important data.
- When you buy a new device or install new software, replace the default password as early as possible.
“What scares me is the apathy of users, thinking that a cyber attack will never happen to them. This complacency is becoming more invalid with each day that passes, and cybercriminals are really capitalising on this.”
Discover UQ's Master of Cyber Security Explore all of UQ's postgraduate study options
