Will immersive technology evolve or solve cybercrime?
The modern digital age consists of rapid technological advancements that have reduced the world to a mere touch of our fingertips. And while this all does seem exceedingly exciting, these technological advancements have also impacted the modern threat landscape. However, the debate on whether this impact of modern technology is good or bad for cybersecurity is ongoing.
While it is not unnoticeable how the modern technological front integrated with IoT smart devices and other solutions has led to cybersecurity issues, it is also unwise to ignore the advancements in cybersecurity. This stigma is a matter of concern for every cybersecurity professional and privacy-conscious person — and has carried over to the introduction of immersive technology.
FREE role-guided training plans
Understanding immersive technology
Immersive technology creates distinct experiences by merging the physical world with virtual or digital reality. The two main types of immersive technologies are augmented reality (AR) and virtual reality (VR).
- Augmented reality is a blend of computer-generated information within a user's actual environment.
- Virtual reality relies on computer-generated information to provide a complete sense of immersion.
Augmented reality relies on processors, a display front, sensors and various input devices to convey the simulated reality experiences. In contrast, virtual reality uses head-mounted displays and multiple input devices to give the "immersion" experience. Both are widely used on entertainment, educational and corporate fronts.
How can immersive technology help in cybersecurity?
As the cyber threat landscape continues to grow, there remains a shortage of professionals that can help spread awareness and combat the rise in cyber threats. A recent study from ESG and ISSA found that the lack of proper training, non-technical staff, and a lack of skilled cybersecurity professionals are the main reasons for the increase in data breaches.
A solution to this issue is immersive technology in training employees and spreading cybersecurity awareness. Organizations have now started using AR and VR-based gamification to train employees based on relevant scenarios. Employees can interact and face life-like cyber threat scenarios prompting them to interact and solve the problem. The use of both AR and VR respectively help organizations train employees in various ways which are practical and beneficial.
Using AR in cybersecurity training
AR provides employees with an interactive educational learning platform that is customizable according to every individual's learning needs. It enables employees to experience realistic and relevant training remotely. The programs are highly interactive and help users identify and mitigate a cyber threat.
Moreover, this interactive nature also helps encourage employees to remain engaged within their training and generate better overall results.
Using VR in cybersecurity training
Like AR, VR also plays a dynamic role in helping organizations overcome the worrying lack of cybersecurity awareness and training. VR-based training programs allow users to experience prevalent cyber threats like phishing behind a VR headset, providing new ways to reduce the impact of "vulnerable humans" within cybersecurity.
Immersive technology can also be used to spread awareness of career paths within cybersecurity, which can help to close the cybersecurity skills gap discussed above.
Possible privacy and security risks of immersive technology
While immersive technology might be helping organizations in building a robust cybersecurity posture, these technologies do come with significant risks. The devices that are used for training contain several different sensors that collect information regarding the wearer's body movement. The AR/VR tools often record sound, movement and surroundings of the wearer, which contains valuable information regarding a particular individual.
This data would be interesting to advertisers, but it could also be of interest to other threat actors who might intercept this information and sell it on the dark web or leverage it for additional social engineering tactics. Moreover, organizations mandating the use of immersive training have access to their employees' telemetry data to track their performance, which may lead to potential privacy issues.
Perhaps the greatest risk comes from the vulnerability of these AR/VR tools. Like several other IoT devices, these tools are more focused on serving their purpose than providing privacy and are therefore an easy target of malware attacks. Organizations are always at risk of remote activation of these devices.
Can we mitigate those risks?
The same cybersecurity principles are applicable to immersive technology. While integrating the use of such technologies within their organizations, organizations should necessary follow certain privacy and security restrictions such as:
- Multi-factor authentication at logins: Strong password security at login attempts can prevent remote access to AR/VR devices and software.
- Group policy: The organization should restrict AR/VR devices over a network whether their use is remote or in-person.
- Data handling: The organization should have a specific time for retaining data faster and therefore should have a valid process for purging this data.
- Classification of information: The collected data by the AR/VR device should be classified as sensitive and used appropriately to avoid privacy violations.
- Data encryption: Since the devices collect personal information, this data should be protected from strong encryption such as AES-256 encryption.
- Security configurations: The devices should come with relevant security configurations allowing users some control over the amount of data they are willing to share.
- Endpoint security: These devices should come integrated with strong endpoint security to prevent malware attacks, spying and other forms of intrusions.
- Privacy policy: The organization should opt for a device with a strict privacy policy against sharing information with third parties.
What should you learn next?
Implementing such security factors can help organizations have a productive and secure use of such technology. It is only by keeping the privacy and security of these AR/VR devices that organizations can appropriately use them in implementing cybersecurity.
Final words
The AR/VR progress is steadily rising, and it is likely to impact cybersecurity in various ways. However, it is upon how these devices are handled that we can determine if this impact on cybersecurity is good or bad.
Properly addressing the privacy and security concerns that accompany these devices can help ensure that immersive technology helps cybersecurity grow in the long run.
Sources
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Will immersive technology evolve or solve cybercrime?
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
- Top 8 Microsoft Teams security issues
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security