Hackers Gonna Hack so the Future of Cybersecurity will be Un-CIV-alized

Don Miller

We here at MFT Nation were drawn to an article in which the author opines on what cybersecurity will look like in 10 years.  We chose to write about the article not because the author offered anything particularly mind-blowing, but rather because we want to offer a few predictions of our own based on an assumption that the author’s future vision of cybersecurity becomes a reality.

One Man’s Vision for the Future of Cybersecurity—CIV World

1.  A World of Complex, Interconnected, Vulnerable (CIV) Systems

One facet of the author’s future vision is an increased “role of cyber” because although so many aspects of our personal and business lives are already “interconnected and driven by computers,” in the future “this connection will be even tighter.”  Another part of his vision is increased “vulnerability” given the “complexity and connectivity” of the systems.  The CIV systems will get so complex that humans “will not be able to cope with all this information” so we will rely on “artificial intelligence to help us in making decisions.”   For purposes of this post, we’ll call this future state “CIV World.”

2.  Proliferation of Attacker Ecosystem

The author believes the “attacker ecosystem” will expand to include more types of hackers—from “nation sponsored organizations” to people with “no apparent motive” except to “demonstrate their technical skills”—who will have more sophisticated techniques such as “bots” that “scan the entire network and find the weakest spot.”

3.  Cybersecurity Defense Will Need to Keep Pace

Given the preceding two points, the author sees a future with “more sophisticated” cybersecurity defense systems including artificial intelligence and a “new generation of cyber experts.”

CIV World Creates Very Real Problems of Its Own

1.  The Great Recession: A Case Study for What Can Happen to CIV World

Most of you certainly remember the financial crisis of the late 2000s, now referred to as the “Great Recession.”  None of the world’s financial gurus in either the public or private sector predicted a collapse of the complex, interconnected, vulnerable financial systems around the globe.  A Forbes article boldly declares that if anyone tells you they predicted it, they’re lying.

Will CIV World lead to a global crisis of epic proportions?  Hopefully not.  But recognize that CIV World technology systems are very much like modern economies, in that because of their “complexity and connectivity,” vulnerabilities will be present which no man or machine can foresee.

The CIV World author says help will come from the “next generation of cyber experts” and “artificial intelligence to help us in making decisions.”  The best and brightest of the financial industry no doubt felt the same way before the Great Recession.  If you don’t believe us, please read this article from the immensely powerful Federal Reserve Bank of New York.

In it, the New York Fed attempts to explain why no one foresaw the Great Recession.  Interestingly, the article begins by excerpting quotes from two prominent economists stating that “threats will constantly be changing in ways we cannot predict or fully understand.”  That is telling, indeed.  The powerful New York Fed starts its explanation for failing to forecast the Great Recession with an implicit admission that modern economies are so complicated that it cannot predict threats or even “fully understand” what’s going on.

We foresee the same situation for CIV World; the complexity of the many interconnected systems will lead to vulnerabilities that the next generation of cyber experts won’t be able to foresee, even if they are armed with AI and other developing technologies.

2.  Hackers Gonna Hack, and their Favorite Targets Will be Big Government and Large Corporations

The CIV World author sees government taking “a bigger role” protecting “large scale environments like their own infrastructure (power grids, water supply, traffic control and frankly – everything around us).”  He also sees “[l]arge corporations” assuming a larger role “guard[ing] their data on their own servers, on their cloud servers, on our personal computers, and even on our mobile devices.”

He’s probably right, but should we feel comforted by big government and large corporations taking a larger role?  To answer that question, we harken back again to events surrounding the Great Recession.  To reiterate, no one in the financial world, not government or large corporations, could foresee the collapse of the complex, connected global financial system.  In fact, the New York Fed tells us that it’s all too complicated for government or large corporations to predict threats or even to fully understand.  The same applies to CIV systems that will exist in CIV World.

Besides, basic human nature suggests that problems will follow if big government and large corporations take larger roles.  Think about it from the perspective of hackers.  If all the sheep are flocking to complex, interconnected, vulnerable systems created and operated by big government and large corporations, where to you think the hackers will target?  So prepare for large scale hacks and resulting data breaches in CIV World.

Heck, it may already be happening, as evidenced by this Forrester article discussing recent data breach incidents occurring at one big government agency—the SEC—and two large corporations—Equifax and Deloitte.  The Forrester author does such a good job of summarizing our point so we will just excerpt this quote from his article:

It’s always tough to call hacking a trend after all, “hackers gonna hack.” However, it does continue to prove the oft-used Willie Sutton adage about robbing banks “because that’s where the money is” has not become irrelevant in the 21st century. Hackers have adapted to the digital transformation and data economy much like Enterprises have. Moreover, that means adjusting how and what they target.

Given the constant that “hackers gonna hack,” the CIV systems created by CIV World’s government and large corporations will make nice, juicy, easy targets for hackers.

3.  Prepare for an Arms Race, of Sorts

It sounds to us like CIV World will devolve into an “arms race.”  Wikipedia generally defines the phrase “arms race” as “a competition between two or more parties/groups to have the best armed forces,” like the buildup of nuclear weapons by the US and the Soviet Union during the Cold War.  Wikipedia correctly points out, however, that “close analogues” exist in the technology field “such as the arms race between computer virus writers and antivirus software writers, or spammers against Internet service providers and E-mail software writers.”

As Wikipedia correctly points out, the fundamental problem with an arms race is “no absolute goal” exists, “only the relative goal of staying ahead of the other competitors in rank or knowledge.”  And the end result is “futility” because “the competitors spend a great deal of time and money, yet end up in the same situation as if they had never started the arms race.”

So in CIV World, expect to spend a great deal of time and money defending the large and ever-increasing numbers of CIV systems.  And to what end?  Futility, of course, because the competitors end up in the same situation as if they had never started the arms race.

Do You Want to Reduce Complexity While Increasing Security?  bTrade Can Help

You don’t have to go down the CIV World path.  Many alternatives exist other than the large, risky, public-facing systems described in CIV World.

For small to medium-sized organizations, the most secure systems are those that involve stand-alone solutions allowing local transfer and storage of data.  Why?  Because only those with physical access to the computer or device can access the data.

For larger organizations, it may be better to deploy a centralized server to store and transmit data internally and externally over secure network connections.  The best way to mitigate risk is by maintaining servers within an organization’s own firewalls.

Encryption also plays an important role in data security and is a central component of bTrade solutions.  There are several types of encryption, including the process of transforming plaintext into an unintelligible form (ciphertext) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decrypting process (two-way encryption).  By encrypting all data “in transit” and “at rest,” organizations will meet and exceed all compliance and governance mandates.

To learn how bTrade can help you secure ALL aspects of your critical data, please contact us at info@btrade.com.

Also, you can stay current on developments in the world of cybersecurity by following bTrade on Twitter, Facebook, LinkedIn and Google+.