The future of online privacy & security

Data security is a classic game of cat and mouse. Some people (most people!) want to protect data, while others want to steal it. This never-ending battle tests both sides’ ingenuity as each seeks an edge to achieve their goal.

To learn about the latest threats—and how the cybersecurity industry is working to stay one step ahead of them—we spoke with two experts: security consultant Logan Standard and JJ Rosen, CEO of Atiba, a Nashville-based managed IT support services company.

“Data is the raw resource that drives the entire online economy,” says Standard. “It’s valuable to hackers in any form–from the files and information on an individual computer to a massive data breach that exposes sensitive data from millions of people.”

As the forces of good and evil continue to evolve their methods, it’s more important than ever to understand the trends in cybersecurity and how to protect your data.

A brief timeline of privacy and data protection

Richard Nixon was president when the first computer worm appeared, nearly 20 years before the internet’s public debut in 1990. “Creeper” began propagating across ARPANET, the first public packet-switched network. The response was called Reaper, the first anti-virus software program that neutralized Creeper’s spread.

Along with unprecedented connectivity and access to information, the public internet has changed the way we work, buy and sell, and entertain ourselves. But the novelty of the experience masks risks. As hackers exploited vulnerabilities in the early ‘90s, antivirus pioneers like McAfee and Norton commercialized software protection. A slew of antivirus products, firewalls, and other hardware and software solutions have gained and lost popularity in the last 30 years. All were designed to react to known threats and add layers of protection that reduced the likelihood of data breaches. Many of these methods are still considered data privacy best practices.

Foreign hackers and ransomware trends

According to the annual intelligence briefing by the Director of National Intelligence, the criminal organizations that pose the biggest security threats over the next five years are based in four primary countries: China, Russia, North Korea, and Iran. The hackers in each country have different goals and methods. China, according to the report, is already deeply in our systems and has signaled that they will not hesitate to launch aggressive cyber operations against our infrastructure in the event of a major conflict with the U.S. Russian hackers focus on disinformation designed to exacerbate conflict and destabilize. Iran seems bent on vengeful attacks as retribution for past incursions.

North Korea stands out as the most financially motivated actor. Ransomware attacks often originate there. Analysts expect the frequency and success of such attacks to increase substantially over the years ahead, fueled by AI programs. Ransomware attackers seek sensitive data that they threaten to disclose or publish unless a ransom is paid.

Cryptocurrency tracing firm Chainalysis reports that hackers extracted over $1.1 billion in ransom in 2023, nearly double the amount in 2022. AI and off-the-shelf Ransomware as a Service (“RaaS”) products that allow anyone to access malware and launch attacks are expected to drive this number even higher in the years ahead.

Remember the fundamentals to remain secure online

What’s the best way forward in a world with increasing cyberthreats? It’s more informed users and a high degree of vigilance among individuals and organizations of all sizes, says JJ Rosen. “To ensure a secure future in cybersecurity, we must remember the fundamentals. It’s not just about advanced technologies but consistently practicing basic security measures.”

Everyone plays a role in building data security norms that discourage bad actors—think of how herd immunity can protect us during a pandemic. Rosen emphasizes the importance of strong passwords, regular software updates, multi-factor authentication, data encryption, and user education. By reinforcing these core principles, individuals and organizations can build a robust defense against evolving cyberthreats.

According to Logan Standard, “Your cyber activity generates multitudes of metadata that can be exploited to steal your identity, access your accounts, and even attack a broader population.” The guiding principle for data security, says Standard, is “trust no one.”

Standard suggests that every computer user and network operator bears some responsibility for the future of data protection. He recommends extreme vigilance in how and where you share data. Use common sense and pay close attention to the warning signs that could signal a threat, including:

• Browser alerts that warn your connection is not private
• Unsecure websites that use http:// instead of https://
• Suspect email attachments and downloads
• Requests for data or information from unknown sources

AI and the new dawn of cybersecurity

Both good and bad actors have harnessed AI to develop and repel malware, contributing to the rapidly evolving data security landscape. Hackers use AI to accelerate code development and power new techniques to extract and capture data. For example, voice phishing is rising rapidly as hackers use AI to create fake voice duplicates designed to fool people into providing money or information.

If you receive a suspect phishing call from an unknown number, Standard suggests hanging up immediately. Call the number back if it is a legitimate call. “These attacks succeed by triggering an emotional response that can cause someone to react in the moment,” says Standard. “Hanging up gives you time to process rationally.”

As these calls become more common, he also recommends agreeing on a secret code phrase with close friends that can be used to confirm that calls are actually coming from that person.

Fortunately, AI is also a powerful force for good. Its most effective application lies in its ability to recognize patterns at scale, a capability that, as Rosen highlights, enables it to find ‘needles in haystacks’ much faster than humans ever could.

AI can analyze and derive insights from massive data sets, which are often too complex and voluminous for human analysis alone. These insights can then be used to understand underlying intents, predict potential threats, and fortify systems against attacks.

The top data protection tips to protect your identity (and pocketbook) in 2024 and beyond

With so many types of cyberthreats, it is vital to be aware, remain vigilant, and never underestimate the risk or impact of a data breach. Follow these tips to protect yourself from the kinds of attacks that are expected to remain most active over the next five years.

Social engineering attacks

These include phishing, baiting scams that use physical media like thumb drives to spread malware, scareware such as threatening pop-ups or banners, and pretexting, which involves sending seemingly harmless text messages designed to start a conversation. Each method intends to establish trust to entice victims. Protect yourself by:

• Deleting emails and messages from suspicious addresses
• Keeping antivirus software updated
• Maintaining skepticism about offers, claims, or demands

For messages that you believe to be legitimate, Standard still suggests using a link scanner like VirusTotal to verify authenticity and scan attachments for malicious code.

Social media

As a rule, remember that anything posted online can be mined for information. It’s important to know who can see and use what you share. Lock down your social media profiles by:

• Reviewing your privacy settings, paying particular attention to which permissions are enabled. “This is like a master command center that shows which third-party apps have access to your data and what you’ve used your account to log in to outside of the social platform,” says Standard. “Clean up and disable anything you do not use. Better yet, don’t allow your social media apps to communicate with third parties at all.”
• Using unique, strong passwords. Change your passwords frequently, and be sure to force the change on all devices where you’re logged in.
• Selecting multi-factor authentication and confirming your account recovery options. 

Browser vulnerabilities

Depending on your settings, web browsers can collect and store a lot of sensitive data including passwords, credit card numbers, addresses, and even social security numbers. A quick review of your system resources application activity will reveal just how many background processes are associated with your browser, even when you’re not using it. Despite the convenience, it is best not to store any sensitive information in your browser.

Public WiFi networks

Public WiFi networks are not inherently dangerous, but you should be careful about which networks you connect to and what you do when you’re connected. Cybersecurity experts recommend always using a VPN to mask your online activity. VPNs create a private, encrypted tunnel for your traffic so that your IP address, personal information, and other data are hidden.

There are many VPN options, and they are generally easy and seamless to use. If you connect directly to a public WiFi network, avoid entering personal information or credit card numbers or sending files or messages containing sensitive information. You should also practice cyber hygiene by reviewing the known networks your devices automatically connect to. Delete any you do not use.

The risks associated with public WiFi networks include on-path or “man-in-the-middle” attacks. These attacks rely on a piece of networking hardware called a WiFi pineapple. Cybersecurity professionals use pineapples to audit wireless networks. But they can also be used to create duplicate networks that automatically connect to devices. The worst-case scenario of such an attack is that hackers gain root admin access to your device, allowing unrestricted access to all the information it contains.

Other than turning off WiFi on your devices, the best ways to reduce the risks of joining suspect public networks include:

• Regular cyber hygiene to delete any unused known networks
  • Use multi-factor authentication
  • Confirm that any website you access while connected is secure

Guest networks and the Internet of Things

Even home WiFi networks can have vulnerabilities. Be sure to keep your network software and all devices updated. If possible, upgrade your hardware to WPA3, the latest WiFi encryption protocol. We highly recommend creating a guest network to share with visitors. Use the guest network for IoT devices like smart lights, appliances, and speakers connected to your network.

IoT devices typically represent the easiest access point for hackers to infiltrate your home or business network. By segmenting your network, you’ll keep high-risk devices separate from your most valuable data. Using the Quantum Fiber WiFi 360 app, you can easily create and manage a guest network. Visit our website for more information.

Privacy policies

When was the last time you read a website or app’s privacy policy? If you’re like most people, the answer is probably “never.” According to Logan Standard, a company’s privacy policy provides the clearest indication of how they handle your data. Instead of reading lengthy statements of legalese, he suggests leveraging the power of AI to do the heavy lifting by:

• Pasting a privacy policy into an AI app like ChatGPT and asking for a summary of issues related to cybersecurity and data protection
• Searching policies for keywords related to data use. These include:
  • Advertising
  • Opt
  • Sell
  • Personalized and/or targeted content
  • Permission
  • Location data
  • Cookies, pixels, web beacons
  • Market research

If you see anything that concerns you, limit what you share or consider visiting a different website.

Passwords and authentication

While passwords remain a fundamental component of the cybersecurity landscape, other types of verification, like one-time passwords and multi-factor authentication, add layers of protection. Ultimately, most of the security risk with passwords comes from how people create and use them. The most common reasons passwords represent a dangerous vulnerability include:

• Using the same password on multiple sites and applications
• Not updating passwords regularly
• Choosing common words and predictable numerical patterns
• Keeping passwords in unencrypted files like a spreadsheet

Instead, you should use unique passwords for every site you log in to, store your passwords in a password manager, and update them regularly. In the future, other authentication methods may replace passwords. These fall into two main categories:

1. Authentication based on who you are using biometrics like retinal scans and facial recognition.
2. Authentication based on what you have (an access key like YubiKey or other authentication hardware).

Cybersecurity is everyone’s responsibility

Quantum Fiber works hard to deliver the most secure internet connection possible. The fiber-optic cables that deliver our service are secure and more resistant to physical attacks. Our network engineers work tirelessly to protect your data from any breach. You can learn how we protect your data by reviewing our privacy policy, and find more information about our ultra-fast fiber internet on our website.