Abstract image of a woman sitting on books and studying on a laptop

The Future of Computer Security and Cybercrime

C
Craig Heath

The document summarizes Craig Heath's predictions about the future of computer security and cybercrime. It discusses trends that have stayed the same, like passwords and social engineering, and trends that have changed, like the rise in connectivity and scope of online crimes. Heath hypothesizes that society has reached an equilibrium on computer security since the 1990s, but that increasing complexity, online values, and real-world impacts could tip the balance towards greater risks in the future. However, market forces, regulation, and improvements to development practices and tools may help maintain the equilibrium.

Technology
Related topics:
Information Security Computer Security
1 of 13
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Franklin Heath Ltd London Futurists: The Future of Computer Security and “Cybercrime” Craig Heath @heathcr 09 January 2016
© Franklin Heath Ltd c b CC BY 3.0 lawyerlawyer ✗ mathematicianmathematician ✗ computer scientist ✓ security engineer ✓ futurist ? Craig Heath 09 January 2016 2
© Franklin Heath Ltd c b CC BY 3.0 “Cyber” 09 January 2016 3 Image Credit: “DarkAngelDTB” from DeviantArt Image Credit: Colin Foran (DeviantArt: “nathantwist”)
© Franklin Heath Ltd c b CC BY 3.0 How to Predict the Future (vaguely scientifically) 09 January 2016 4  Considering trends + thought experiments  Where I’m looking for trends:  my experience  First job in software 1977  computer security specialist since 1988  history of information security  Kerckhoffs 1883  Bletchley Park 1939-45  How far away is the horizon?
© Franklin Heath Ltd c b CC BY 3.0 Computer Security vs. Cybercrime 09 January 2016 5  Computers used to commit “traditional” crimes  Roswell Steffen 1973 (embezzlement > $1.5M)  Unauthorised use of computers  Stephen Gold, Robert Schiffreen 1985  Kevin Mitnick 1987  Breaching computer security has itself become defined as a new type of crime  UK Computer Misuse Act 1990  US Digital Millennium Copyright Act 2000
© Franklin Heath Ltd c b CC BY 3.0 Trends: What Has Stayed the Same? 09 January 2016 6  Information theory & computer science  Kerckhoffs 1883  Turing 1936  Shannon 1948  Saltzer & Schroeder 1975  Passwords  easy to understand and implement  Social engineering attacks  c.f. “rubber-hose cryptanalysis”
© Franklin Heath Ltd c b CC BY 3.0 Trends: What Has Changed? 09 January 2016 7  Number of devices, connectivity and bandwidth  (10 9 ) billions, always-on with multiple Mbps  “Classic” crimes have moved online  e.g. confidence tricks -> phishing  “Beta culture”  continual enhancement and patching  Magnification of capabilities and consequences  a fix can be rolled out to millions of users  a single attacker can harm millions of users  The “attribution problem”  nation state or a kid in a cyber café?
© Franklin Heath Ltd c b CC BY 3.0 Is Computer Security Getting Better or Worse? 09 January 2016 8  I don’t know any computer security professional who would argue it’s getting significantly better  I don’t know anyone who has stopped using the Internet because it’s getting significantly worse  Hypothesis: did we reach a sort of equilibrium in the 1990s that is acceptable to society, now maintained by governments and market forces?
© Franklin Heath Ltd c b CC BY 3.0 What Influences Might Tip the Balance? – 1. Downside 09 January 2016 9  Increasing complexity of computer systems  if you don’t understand it, you can’t fix it  Increasing value available to attackers  transaction limits increase  ever more data goes online  Increasing ability to affect the real world  “Cyber Physical Systems”  Better policing of non-computer crimes  bad guys usually follow the path of least resistance
© Franklin Heath Ltd c b CC BY 3.0 What Influences Might Tip the Balance? – 2. Upside 09 January 2016 10  Market forces  consumer awareness  but see “The Market for Lemons” (Akerlof 1970)  risk of reputational damage  cost of breaches  and/or conditions of business insurance  Legal forces  regulation (c.f. building regulations)  licensing (c.f. chartered civil engineers)  fines or compensation awards for affected consumers
© Franklin Heath Ltd c b CC BY 3.0 How Serious is Reputational Damage for a Company? 09 January 2016 11  The “Ratner Effect”  Ratner Group value:  1991 £680M  1992 £49M  ...  2016 £7454M Image Credit: “EG Focus” from Flickr
© Franklin Heath Ltd c b CC BY 3.0 Why I Don’t Believe Breach Cost Estimates 09 January 2016 12  2011 Detica report:  “cost of cyber crime to the UK ... £27bn per annum”  approx. £540 per year for each adult in the UK  Detailed response from Ross Anderson et al.:  “Measuring the Cost of Cybercrime”, 2012  doesn’t venture a bottom line figure, but...  My experience:  Costs of loss of IP are routinely vastly overstated  Fraud losses are a normal cost of banks’ business
© Franklin Heath Ltd c b CC BY 3.0 Crystal Ball: Will the Equilibrium Hold? 09 January 2016 13  If security defenders just keep doing the same things, attackers will overtake us  Penetration testing and code inspection isn’t going to take us much further  Fundamentals need to be, and can be, improved  better product development process  better platforms  better tools  better developers

More Related Content

PDF
People Power in Your Pocket
Craig Heath
 
PPTX
Mobile Security Sticks and Carrots
Craig Heath
 
PDF
Security Lessons from Bletchley Park and Enigma
Craig Heath
 
PDF
Use Access Control Systems?
electricgatelocksstudy77
 
PDF
The New NotCompatible
Lookout
 
DOCX
Smartphone Security Article
Christopher Papazian
 
PPTX
The Impact of IoT on Enterprise Wi-Fi by AirTight Networks via Slideshare
AirTight Networks
 
PDF
Feds: You have a BYOD program whether you like it or not
Lookout
 
People Power in Your Pocket
Craig Heath
 
Mobile Security Sticks and Carrots
Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Craig Heath
 
Use Access Control Systems?
electricgatelocksstudy77
 
The New NotCompatible
Lookout
 
Smartphone Security Article
Christopher Papazian
 
The Impact of IoT on Enterprise Wi-Fi by AirTight Networks via Slideshare
AirTight Networks
 
Feds: You have a BYOD program whether you like it or not
Lookout
 

What's hot (20)

PPTX
The Top Five Cybersecurity Threats for 2018
CheapSSLsecurity
 
PPTX
Top 15 security predictions for 2017
Accelerate Tech
 
PDF
How to communicate effectively in a cyber attack
Ben Overlander
 
PPTX
Open Source Insight: IoT, Medical Devices, Connected Cars All Vulnerable to ...
Black Duck by Synopsys
 
ODT
Cctv research
a2columne12
 
PDF
2015 Cybersecurity Predictions
Lookout
 
PDF
HSB15 - 0xDUDE
Splend
 
PDF
Relentless Mobile Threats to Avoid
Lookout
 
PDF
5 Ways to Protect your Mobile Security
Lookout
 
PDF
A10 presentation overcoming the industrys insecurity complex
Dr. Wilfred Lin (Ph.D.)
 
DOC
Cloud computing 30 april_2011
spiirit
 
PDF
Palo Alto Networks 2016 Cybersecurity Predictions
PaloAltoNetworks
 
PDF
Norton Cyber Security Insights Report 2017
CheapSSLsecurity
 
PPTX
IoT 2018: What's Hot, What's Not & What's Next
Charles Reed Anderson
 
PPTX
Security workshop at CONNECT 2020 by Calongne, Rose, Hamons
Cynthia Calongne
 
PDF
Scared About Supply Chain Cybersecurity? 5 Reasons You Aren't Scared Enough
Xeneta
 
PDF
How Meraki and Fiber Optics Saved the Show
Cyrus Hurley
 
PDF
Mobile: the up and downside of risk
Michel de Goede
 
PPTX
Appril legal workshop - 15 april 2015
Olivier Oosterbaan
 
PPTX
Tackling today's cyber security challenges - WISER Services & Solutions
CYBERWISER .eu
 
The Top Five Cybersecurity Threats for 2018
CheapSSLsecurity
 
Top 15 security predictions for 2017
Accelerate Tech
 
How to communicate effectively in a cyber attack
Ben Overlander
 
Open Source Insight: IoT, Medical Devices, Connected Cars All Vulnerable to ...
Black Duck by Synopsys
 
Cctv research
a2columne12
 
2015 Cybersecurity Predictions
Lookout
 
HSB15 - 0xDUDE
Splend
 
Relentless Mobile Threats to Avoid
Lookout
 
5 Ways to Protect your Mobile Security
Lookout
 
A10 presentation overcoming the industrys insecurity complex
Dr. Wilfred Lin (Ph.D.)
 
Cloud computing 30 april_2011
spiirit
 
Palo Alto Networks 2016 Cybersecurity Predictions
PaloAltoNetworks
 
Norton Cyber Security Insights Report 2017
CheapSSLsecurity
 
IoT 2018: What's Hot, What's Not & What's Next
Charles Reed Anderson
 
Security workshop at CONNECT 2020 by Calongne, Rose, Hamons
Cynthia Calongne
 
Scared About Supply Chain Cybersecurity? 5 Reasons You Aren't Scared Enough
Xeneta
 
How Meraki and Fiber Optics Saved the Show
Cyrus Hurley
 
Mobile: the up and downside of risk
Michel de Goede
 
Appril legal workshop - 15 april 2015
Olivier Oosterbaan
 
Tackling today's cyber security challenges - WISER Services & Solutions
CYBERWISER .eu
 
Ad

Viewers also liked (20)

PDF
Employment contracts: Are they worth the paper they are written on?
Chartered Institute for the Management of Sport and Physical Activity
 
PDF
Employment Contracts & The Importance of Getting them Right
Elizabeth Aitken
 
PPTX
Computer In The Future
babylove0860
 
PPT
The Future of Computer Science, and Why Every Other Major Sucks By Comparison
guest543f875
 
PPT
Business And The Law
RobbieA
 
PPTX
Future of computer science - Key recommendations by executive panel
Tata Consultancy Services
 
PPT
The Future Of Computer Technology
august1
 
PPSX
future of a computer litrate
Pooja Tanwar
 
PPT
Future Computer
j p
 
PPTX
Nanocomputers or Future computer Nanotechnology
MAGNIFIER
 
PDF
DSD-INT 2015 - The future of computer modeling of coastal wetland - maselhe
Deltares
 
PDF
The Future of Computers and the Internet - Mens en computer in 2030?
Beat Signer
 
PPTX
A Perspective on the Future of Computer Architecture
ARCCN
 
PPT
Employment Contracts 101
This account is closed
 
PPT
An Introduction to Nano computers
Anoop Keezhillath
 
PPT
Computer Misuse Act
mrmwood
 
PPT
How Computers Will Help In The Future
brittney
 
PPTX
The Future Of Computers
skyhighphoto83
 
PPT
Next Generation Computer
Anil Kumar
 
PPT
Future of Computers
guest19ab3c
 
Employment contracts: Are they worth the paper they are written on?
Chartered Institute for the Management of Sport and Physical Activity
 
Employment Contracts & The Importance of Getting them Right
Elizabeth Aitken
 
Computer In The Future
babylove0860
 
The Future of Computer Science, and Why Every Other Major Sucks By Comparison
guest543f875
 
Business And The Law
RobbieA
 
Future of computer science - Key recommendations by executive panel
Tata Consultancy Services
 
The Future Of Computer Technology
august1
 
future of a computer litrate
Pooja Tanwar
 
Future Computer
j p
 
Nanocomputers or Future computer Nanotechnology
MAGNIFIER
 
DSD-INT 2015 - The future of computer modeling of coastal wetland - maselhe
Deltares
 
The Future of Computers and the Internet - Mens en computer in 2030?
Beat Signer
 
A Perspective on the Future of Computer Architecture
ARCCN
 
Employment Contracts 101
This account is closed
 
An Introduction to Nano computers
Anoop Keezhillath
 
Computer Misuse Act
mrmwood
 
How Computers Will Help In The Future
brittney
 
The Future Of Computers
skyhighphoto83
 
Next Generation Computer
Anil Kumar
 
Future of Computers
guest19ab3c
 
Ad

Similar to The Future of Computer Security and Cybercrime (20)

PDF
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Esam Abulkhirat
 
PDF
Cyber Resilience
Ian-Edward Stafrace
 
PPTX
The Evolution of Cybercrime
Stephen Cobb
 
PPTX
What is Information Security and why you should care ...
James Mulhern
 
PPTX
Breakfast Briefings - February 2018
PKF Francis Clark
 
PPTX
cybersecurity-ppt.pptx btech unit unknown aktu
Nancy424661
 
PDF
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
PPTX
CyberSecurity SONI CHANDAN TEACHER TRAINING MATERIALS
SoniChandan
 
PPT
Cyber ppt
Mandar Pathrikar
 
PDF
Dell Technologies Cyber Security playbook
Margarete McGrath
 
PPTX
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Ekonomikas ministrija
 
PPTX
CYBER SECURITY and cyber law with management.PPT.pptx
vj93605
 
PPTX
The 2018 Threatscape
Peter Wood
 
PPTX
Cyber Security and the CEO
Micheal Axelsen
 
PPTX
CRI "Lessons From The Front Lines" March 26th Dublin
OCTF Industry Engagement
 
PPTX
Cybersecurity All information and topic wise
parthpatelm1342
 
PDF
Rise of cyber security v0.1
Sohail Gohir
 
PDF
Clear and present danger: Cyber Threats and Trends 2017
Morakinyo Animasaun
 
PDF
Cyber security for ia and risk 150601
Grant Barker
 
PPTX
IT & Network Security Awareness
The Network Support Company
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Esam Abulkhirat
 
Cyber Resilience
Ian-Edward Stafrace
 
The Evolution of Cybercrime
Stephen Cobb
 
What is Information Security and why you should care ...
James Mulhern
 
Breakfast Briefings - February 2018
PKF Francis Clark
 
cybersecurity-ppt.pptx btech unit unknown aktu
Nancy424661
 
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
CyberSecurity SONI CHANDAN TEACHER TRAINING MATERIALS
SoniChandan
 
Cyber ppt
Mandar Pathrikar
 
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Ekonomikas ministrija
 
CYBER SECURITY and cyber law with management.PPT.pptx
vj93605
 
The 2018 Threatscape
Peter Wood
 
Cyber Security and the CEO
Micheal Axelsen
 
CRI "Lessons From The Front Lines" March 26th Dublin
OCTF Industry Engagement
 
Cybersecurity All information and topic wise
parthpatelm1342
 
Rise of cyber security v0.1
Sohail Gohir
 
Clear and present danger: Cyber Threats and Trends 2017
Morakinyo Animasaun
 
Cyber security for ia and risk 150601
Grant Barker
 
IT & Network Security Awareness
The Network Support Company
 

Recently uploaded (20)

PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Modernising the Digital Integration Hub
Daniel Toomey
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 

The Future of Computer Security and Cybercrime

  • 1. Franklin Heath Ltd London Futurists: The Future of Computer Security and “Cybercrime” Craig Heath @heathcr 09 January 2016
  • 2. © Franklin Heath Ltd c b CC BY 3.0 lawyerlawyer ✗ mathematicianmathematician ✗ computer scientist ✓ security engineer ✓ futurist ? Craig Heath 09 January 2016 2
  • 3. © Franklin Heath Ltd c b CC BY 3.0 “Cyber” 09 January 2016 3 Image Credit: “DarkAngelDTB” from DeviantArt Image Credit: Colin Foran (DeviantArt: “nathantwist”)
  • 4. © Franklin Heath Ltd c b CC BY 3.0 How to Predict the Future (vaguely scientifically) 09 January 2016 4  Considering trends + thought experiments  Where I’m looking for trends:  my experience  First job in software 1977  computer security specialist since 1988  history of information security  Kerckhoffs 1883  Bletchley Park 1939-45  How far away is the horizon?
  • 5. © Franklin Heath Ltd c b CC BY 3.0 Computer Security vs. Cybercrime 09 January 2016 5  Computers used to commit “traditional” crimes  Roswell Steffen 1973 (embezzlement > $1.5M)  Unauthorised use of computers  Stephen Gold, Robert Schiffreen 1985  Kevin Mitnick 1987  Breaching computer security has itself become defined as a new type of crime  UK Computer Misuse Act 1990  US Digital Millennium Copyright Act 2000
  • 6. © Franklin Heath Ltd c b CC BY 3.0 Trends: What Has Stayed the Same? 09 January 2016 6  Information theory & computer science  Kerckhoffs 1883  Turing 1936  Shannon 1948  Saltzer & Schroeder 1975  Passwords  easy to understand and implement  Social engineering attacks  c.f. “rubber-hose cryptanalysis”
  • 7. © Franklin Heath Ltd c b CC BY 3.0 Trends: What Has Changed? 09 January 2016 7  Number of devices, connectivity and bandwidth  (10 9 ) billions, always-on with multiple Mbps  “Classic” crimes have moved online  e.g. confidence tricks -> phishing  “Beta culture”  continual enhancement and patching  Magnification of capabilities and consequences  a fix can be rolled out to millions of users  a single attacker can harm millions of users  The “attribution problem”  nation state or a kid in a cyber café?
  • 8. © Franklin Heath Ltd c b CC BY 3.0 Is Computer Security Getting Better or Worse? 09 January 2016 8  I don’t know any computer security professional who would argue it’s getting significantly better  I don’t know anyone who has stopped using the Internet because it’s getting significantly worse  Hypothesis: did we reach a sort of equilibrium in the 1990s that is acceptable to society, now maintained by governments and market forces?
  • 9. © Franklin Heath Ltd c b CC BY 3.0 What Influences Might Tip the Balance? – 1. Downside 09 January 2016 9  Increasing complexity of computer systems  if you don’t understand it, you can’t fix it  Increasing value available to attackers  transaction limits increase  ever more data goes online  Increasing ability to affect the real world  “Cyber Physical Systems”  Better policing of non-computer crimes  bad guys usually follow the path of least resistance
  • 10. © Franklin Heath Ltd c b CC BY 3.0 What Influences Might Tip the Balance? – 2. Upside 09 January 2016 10  Market forces  consumer awareness  but see “The Market for Lemons” (Akerlof 1970)  risk of reputational damage  cost of breaches  and/or conditions of business insurance  Legal forces  regulation (c.f. building regulations)  licensing (c.f. chartered civil engineers)  fines or compensation awards for affected consumers
  • 11. © Franklin Heath Ltd c b CC BY 3.0 How Serious is Reputational Damage for a Company? 09 January 2016 11  The “Ratner Effect”  Ratner Group value:  1991 £680M  1992 £49M  ...  2016 £7454M Image Credit: “EG Focus” from Flickr
  • 12. © Franklin Heath Ltd c b CC BY 3.0 Why I Don’t Believe Breach Cost Estimates 09 January 2016 12  2011 Detica report:  “cost of cyber crime to the UK ... £27bn per annum”  approx. £540 per year for each adult in the UK  Detailed response from Ross Anderson et al.:  “Measuring the Cost of Cybercrime”, 2012  doesn’t venture a bottom line figure, but...  My experience:  Costs of loss of IP are routinely vastly overstated  Fraud losses are a normal cost of banks’ business
  • 13. © Franklin Heath Ltd c b CC BY 3.0 Crystal Ball: Will the Equilibrium Hold? 09 January 2016 13  If security defenders just keep doing the same things, attackers will overtake us  Penetration testing and code inspection isn’t going to take us much further  Fundamentals need to be, and can be, improved  better product development process  better platforms  better tools  better developers