Leading VPN CCO says digital privacy is “a game of chess we need to play”

The threat of cybercrime is ever increasing. Smart devices are becoming more and more popular, hackers are using more sophisticated techniques, and both consumers and businesses need to stay vigilant when it comes to protecting themselves.

With this changing environment, what the future of cybersecurity will look like is an interesting and highly debated topic. How can we continue to protect ourselves in an increasingly technological and interconnected world?

Using one of the best VPNs is a great place to start. They encrypt your information, and hide your internet traffic. They also allow you to change your IP address, making it appear as though you are located in a different country.

If you’re concerned about your online privacy, and protecting your devices, then using a VPN is a good first step. Many VPNs offer additional malware and phishing protection features such as NordVPN’s Threat Protection Pro. IPVanish plans include the antivirus software VIPRE, as well as Threat Protection.

Whilst VPNs are a great place to start, they alone will not protect you from every cybersecurity threat out there, and cybersecurity defences need to evolve just as fast as cybersecurity attacks.

I sat down with Subbu Sthanu, Chief Commercial Officer at VPN provider IPVanish, to discuss what the future of cybersecurity may look like and how people can protect themselves, both now, and going forward.

How can you protect yourself online?

Cybercriminals are getting better at tricking unsuspecting internet users, utilising fake shops or phishing scams they seem genuine. This threat is present all year round, but the holiday season, when many of us are online shopping, is very fertile territory for scammers. Sthanu outlined the basic things consumers can look out for to protect themselves.

“There’s basic stuff that we can do. Basic red flags that consumers can think about is if a deal is too good to be true, then it probably is – your 99% off is not happening. Very basic policies and poor site quality is a red flag. If you’re missing return policies, if you’ve got blurry images, those are all major red flags”, said Sthanu.

“If you got to know about this deal through a notification or suspicious link, then it’s something to watch out for. And any payment redirects, which redirect you to an unfamiliar site, you need to be stopping immediately on that. So these are all very basic things.”

Sthanu stressed the importance of paying extra attention to all these signs when shopping online. He commented that people can be in a hurry, and miss these important clues. This is where a VPN, with a threat protection feature can come in.

Threat protection features scan sites and malicious links, and alongside the best antivirus software, are great ways of adding an additional layer of protection to your online shopping experience.

Sthanu calls VPNs a first step, and puts forward secure browsers as a second. IPVanish recently launched a secure browser, which is an industry first, and something not offered by other top VPN providers.

“It keeps your browser private, blocking tracking, encrypting the sessions, but also protecting your device from any malware,” Sthanu said. IPVanish’s secure browser utilises the cloud. Session tracking, cookies, and targeting are all eliminated, as web browsing operates in a cloud sandbox.

“You’re protecting your device completely because you’re leaving zero footprint on your device. Everything is on the cloud, so that’s a complete game changer,” Sthanu added.

IPVanish also offers a link checker tool that helps spot fake and malicious sites. It evaluates the URL on a cloud-hosted browser to ensure it’s not on your device, and allows you to check the link before you click it.

The future of encryption

Encrypting your data is a vital part of what VPNs do. AES 256-bit and ChaCha20 encryption are currently the standards for the most secure VPNs, which do an excellent job at encrypting and protecting your data. These encryption ciphers can protect you against the vast majority of cyber threats out there right now – but as computers and threats develop, security will need to develop too.

Quantum computers are the next stage in computing evolution, and there will come a time, predicted to be in the next five years, where these computers can break 256-bit encryption – this is being referred to as “Q-day.” Quantum computers are not readily available at this moment in time, with most found in universities or research labs, but they will become more widespread. As this happens, encryption must adapt to stay ahead of the game, and this is where post-quantum encryption comes in.

Post-quantum encryption is the type of encryption purposefully designed to withstand attacks from quantum computers, and is beginning to be adopted by VPNs. ExpressVPN offers post-quantum encryption through its own open-source proprietary Lightway protocol, and NordVPN has recently introduced post-quantum encryption for its Linux apps.

IPVanish is also taking post-quantum encryption seriously, and is actively working on its implementation, something Sthanu explained.

“There’s enough data out there which says the first 5,000 quantum computers may come out in 2030. So we’re still five, six years away from when quantum computing is going to have a real impact.” For the widespread consumer, Sthanu believed they’re possibly going to be 10 years away.

Despite quantum computers being a few years away, IPVanish is looking to implement post-quantum encryption into its VPN, and targeting a 2025 release date.

“We have already started working on our post-quantum encryption solution for our VPN, and we have a planned release date for 2025. We’re testing key encapsulation methods and to wrap standard encryption keys with quantum-resistant protection so that we can have a full post-quantum security, similar to how some of the other VPNs have done it,” said Sthanu.

“As a VPN market, we need to stay ahead of these threats, and what can happen to the standard 256-bit encryption.”

What role will AI play?

The rapid development of AI divides opinion, but there is no denying it is here to stay and is already playing a role in cybersecurity. It is possible for AI to be used in increasingly sophisticated cyber attacks, but also used in defending against these attacks, and Sthanu was keen to comment on this.

“When it comes to security, it’s always a game between the attacker and the ones protecting. You’re going to have more sophisticated and targeted attacks launched using AI, which make traditional security measures a little less effective,” he said.

“But we’re also going to have advanced technology leveraging AI. VPNs will start incorporating AI and machine learning to enhance security, proactively identifying and mitigating threats in real time.”

Sthanu believes it’s a constant race between increased sophistication of cyber attacks, cyber threats, and evolving security measures, and said “it’s a game of chess we need to play.”

The evolving smart home

Smart devices are increasingly present in our homes, and almost every device can be “smart” and connect with each other. Whilst this brings many benefits to our day-to-day living, it also brings increased cybersecurity risks.

Research has shown that smart devices are spying on you, collecting excessive amounts of personal information, and sharing them with third-parties. Like many others, Sthanu is concerned about the number of connected devices in homes.

“Expanding [the growing number of connected devices in homes] basically expands the attack surface area. It drives the need for stronger integrated security into all the connected devices at home,” he said.

“It’s a seamless user experience where VPNs will continue to integrate with the various devices and platforms, and that should help encourage the wider adoption of VPNs. The solution is integrating a VPN to all devices. So making it more seamlessly integrated in whatever device you’re on. Not just your tablets, mobile phones, and laptops anymore.”

Sthanu joked about counting 15 smart devices sitting around him as he spoke, including a heater, air conditioning, a speaker, and a vacuum cleaner. He believed the average household had 23 unique connected devices, going on to say that 23 devices meant 23 areas of attack.

“23 areas of attack, but also correlating those 23 different devices to find out more about you. The more surface area you have, you can correlate things between different areas of entry points and come up with a more comprehensive picture of the consumer and compromise them,” he said, explaining this is why a VPN becomes very critical.

When it comes to smart devices, it is vital you read the privacy policies and check the app and device permissions. It is so important to make sure you’re aware of what you’re consenting to and sharing, and you should deny any permissions you can.

Setting up a router VPN is a good way to protect all smart devices in your home. This allows you to install a VPN directly on your Wi-Fi router, to connect all devices at their source. Installing a VPN on a router can be tricky, but the best router VPNs offer dedicated router VPN software and apps.

ExpressVPN, which is our top VPN recommendation for routers, offers its own Aircove router. This is a dedicated piece of hardware, preloaded with ExpressVPN, and ready to use in five minutes.

The importance of education

Throughout our chat, Sthanu stressed the importance of education for both consumers and businesses when it comes to cybersecurity. For example, 123456 is the world’s most popular password, and Sthanu called the general level of cyber security knowledge “concerning.”

“IPVanish did a survey of Americans to find out thoughts on cyber security, and about 27% of people were concerned about online data security”, he said. “The survey also highlighted about 24% of users had fallen victim to a cyber security attack directly, and about 39% were impacted due to an organization that had been hacked, and their details compromised.”

However he went on to say that “despite all this, about half the respondents said they’re not seeking out a company’s data privacy policy before shopping, or spending money, or doing business with an organization.” Something he again called “concerning.”

“When a good 25% of them have fallen victim to this, and about half of them are still not vigilant, I think there’s a case for consumer education – which is important.” He continued by detailing the work IPVanish has done in constantly mitigating that risk for consumers by communicating with them, and providing them with, and constantly enhancing, the required tools to help them stay secure in an ever increasing threat landscape.

Sthanu believes the consumer has a lot of power and control when it comes to their privacy, and can force businesses to take steps to look after customer data.

“What can the consumer control?” he asked. “The consumer can stay informed about the latest threats and security best practices. They should be using strong unique passwords, and changing them often, and enable multifactor authentication wherever possible.”

“It is very important for businesses to protect the customer data that they have, but I’m saying the consumers can have a vote on it, and say they don’t want to do business with companies that do not pay attention to their data.”

Sthanu concluded by saying that if consumers don’t trust the business to keep their data secure, then they should “stop doing business with them.”

What this highlights

This discussion highlights a number of ways in which cybersecurity, its threats and defences, will change and develop over the coming years. We are seeing increased levels of interconnectivity, as well as new tactics adopted by hackers. Censorship in countries around the world is rising, and AI unlocks new cyber possibilities.

It is therefore vital for consumers and internet users to protect their online privacy with tools such as VPNs and be aware of these growing cyber threats, adopting good practices as a result. It is also important for VPN and cybersecurity companies to continue staying ahead of the game, developing and upgrading their products to protect users.