General security

Will immersive technology evolve or solve cybercrime?

Waqas
February 21, 2022 by
Waqas

The modern digital age consists of rapid technological advancements that have reduced the world to a mere touch of our fingertips. And while this all does seem exceedingly exciting, these technological advancements have also impacted the modern threat landscape. However, the debate on whether this impact of modern technology is good or bad for cybersecurity is ongoing.

While it is not unnoticeable how the modern technological front integrated with IoT smart devices and other solutions has led to cybersecurity issues, it is also unwise to ignore the advancements in cybersecurity. This stigma is a matter of concern for every cybersecurity professional and privacy-conscious person — and has carried over to the introduction of immersive technology.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Understanding immersive technology

Immersive technology creates distinct experiences by merging the physical world with virtual or digital reality. The two main types of immersive technologies are augmented reality (AR) and virtual reality (VR). 

  • Augmented reality is a blend of computer-generated information within a user's actual environment.
  • Virtual reality relies on computer-generated information to provide a complete sense of immersion. 

Augmented reality relies on processors, a display front, sensors and various input devices to convey the simulated reality experiences. In contrast, virtual reality uses head-mounted displays and multiple input devices to give the "immersion" experience. Both are widely used on entertainment, educational and corporate fronts. 

How can immersive technology help in cybersecurity?

As the cyber threat landscape continues to grow, there remains a shortage of professionals that can help spread awareness and combat the rise in cyber threats. A recent study from ESG and ISSA found that the lack of proper training, non-technical staff, and a lack of skilled cybersecurity professionals are the main reasons for the increase in data breaches. 

A solution to this issue is immersive technology in training employees and spreading cybersecurity awareness. Organizations have now started using AR and VR-based gamification to train employees based on relevant scenarios. Employees can interact and face life-like cyber threat scenarios prompting them to interact and solve the problem. The use of both AR and VR respectively help organizations train employees in various ways which are practical and beneficial.

Using AR in cybersecurity training 

AR provides employees with an interactive educational learning platform that is customizable according to every individual's learning needs. It enables employees to experience realistic and relevant training remotely. The programs are highly interactive and help users identify and mitigate a cyber threat.

Moreover, this interactive nature also helps encourage employees to remain engaged within their training and generate better overall results. 

Using VR in cybersecurity training 

Like AR, VR also plays a dynamic role in helping organizations overcome the worrying lack of cybersecurity awareness and training. VR-based training programs allow users to experience prevalent cyber threats like phishing behind a VR headset, providing new ways to reduce the impact of "vulnerable humans" within cybersecurity.

Immersive technology can also be used to spread awareness of career paths within cybersecurity, which can help to close the cybersecurity skills gap discussed above.

Possible privacy and security risks of immersive technology

While immersive technology might be helping organizations in building a robust cybersecurity posture, these technologies do come with significant risks. The devices that are used for training contain several different sensors that collect information regarding the wearer's body movement. The AR/VR tools often record sound, movement and surroundings of the wearer, which contains valuable information regarding a particular individual. 

This data would be interesting to advertisers, but it could also be of interest to other threat actors who might intercept this information and sell it on the dark web or leverage it for additional social engineering tactics. Moreover, organizations mandating the use of immersive training have access to their employees' telemetry data to track their performance, which may lead to potential privacy issues.

Perhaps the greatest risk comes from the vulnerability of these AR/VR tools. Like several other IoT devices, these tools are more focused on serving their purpose than providing privacy and are therefore an easy target of malware attacks. Organizations are always at risk of remote activation of these devices. 

Can we mitigate those risks?

The same cybersecurity principles are applicable to immersive technology. While integrating the use of such technologies within their organizations, organizations should necessary follow certain privacy and security restrictions such as:

  • Multi-factor authentication at logins: Strong password security at login attempts can prevent remote access to AR/VR devices and software. 
  • Group policy: The organization should restrict AR/VR devices over a network whether their use is remote or in-person. 
  • Data handling: The organization should have a specific time for retaining data faster and therefore should have a valid process for purging this data.
  • Classification of information: The collected data by the AR/VR device should be classified as sensitive and used appropriately to avoid privacy violations. 
  • Data encryption: Since the devices collect personal information, this data should be protected from strong encryption such as AES-256 encryption. 
  • Security configurations: The devices should come with relevant security configurations allowing users some control over the amount of data they are willing to share. 
  • Endpoint security: These devices should come integrated with strong endpoint security to prevent malware attacks, spying and other forms of intrusions. 
  • Privacy policy: The organization should opt for a device with a strict privacy policy against sharing information with third parties. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Implementing such security factors can help organizations have a productive and secure use of such technology. It is only by keeping the privacy and security of these AR/VR devices that organizations can appropriately use them in implementing cybersecurity. 

Final words 

The AR/VR progress is steadily rising, and it is likely to impact cybersecurity in various ways. However, it is upon how these devices are handled that we can determine if this impact on cybersecurity is good or bad.

Properly addressing the privacy and security concerns that accompany these devices can help ensure that immersive technology helps cybersecurity grow in the long run.

 

Sources

Waqas
Waqas

Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-centric articles. Waqas runs the DontSpoof.com project, which presents expert opinions on online privacy and security.