The Present -- and Future -- of Cybersecurity
It seems no one is safe these days from cybercrime.
According to Paul Love, Chief Information Security Officer for CO-OP Financial Services, cybersecurity is also on everyone’s mind.
Recent events have seen cybercrimes that impact millions, even when the target is a medium-sized company.
Adds Love, “who is safe, and what needs to be done to protect a company’s critical data?”
“The truth is that there are no easy solutions; in fact, the best way to shield your data is a team effort in the truest sense, with everyone considering and implementing security good practices, from the newest hires to the executives to the IT security team,” he says.
Below are some of Love’s thoughts on the problem and how it can be addressed.
Cybercrime Causes: Why are cybercrimes such a tangled web? To understand the answer, it’s important to look at it from two ends: the criminals and the potential victims.
In a traditional cops-and-robbers sense, the robbers are limited in their speed by foot or car, and the police use forensics and intuition to physically track down the thieves. Cybercriminals can operate from anywhere in the world (and in most cases, the biggest cybercrime operations are from overseas) and move with the speed of electrons, often with the tech to digitally cover their tracks. Cybercrime is fast and has a wide net.
Cybercrime victims can be in the dozens or the millions. It doesn’t even need to be a theft of the world’s biggest company; small start-ups may only have a staff of 20 but their user base can be hundreds of thousands, even millions. Thus, there’s no necessary correlation between company size and number of potential victims, making the potential damage of cybercrime nearly limitless.
In fact, while it may be theoretically more tempting to infiltrate, say, Apple, the truth is that small and mid-size companies are prime targets. In cybercrime, bigger is not necessarily better. Most people would expect that the world’s largest corporations will usually have strong security measures, so things like the massive Yahoo user base hack happen far less than attacking smaller companies. Smaller companies simply don’t have the same resources, making them a much more enticing target. Cybercriminals will also exploit variations in legal structures, state laws and jurisdictions, for companies large and small.
Even so, the size of an IT department is not as important as an engrained culture of security. This will dictate a company’s ability to stay on top of risk, regardless of size.
Cybercrime evolves fast, with criminals often creating new techniques ahead of the security curve. Until technology is built with equal focus on security and ease of use, criminals will almost always have the edge. The latter issue is key, as ease of use turns cybersecurity from a niche task for IT departments to something everyone can participate in.
The Future of Cybercrime: For many, when they consider the implications of cybercrime, they think about accounts: bank accounts, email accounts, social media accounts, etc. However, cybercrime is going to get much more dangerous in the next decade as we step closer to the world of the Internet of Things. The Internet of Things already exists on many levels; with smart appliances connected to Siri or Alexa which is connected to phones and mobile devices, everything from temperature to media to lighting in a home can be interconnected.
Consider how this connects further when you get into smart vehicles – not just climate control and navigation, but self-driving cars using smartphone connectivity to determine where to go. That’s just one avenue of where interconnectivity will change things. Stores can connect to payments via smartphones, even streetlights can change based on detection of activity in the vicinity for greater efficiency, and sprinklers can use sensors to adjust for rain and sun. It’s all about data: getting data from all possible inputs and processing them to make smart decisions. The scary thing when it comes to cybercrime is that any of these data nodes can be an entry point to hacking, leading to anything from stealing data to taking control.
Security Measures for Today and Tomorrow: With such significant stakes, where can companies start with cybersecurity? Think of it as a bottom-up exercise. At the very bottom comes the everyday users, where things like best practices for passwords, locking accounts, and keeping smartphones and laptops secure are essential. Further up the ladder comes security applications. Keeping anti-virus, malware tools and firewall settings updated means staying current with the latest threats. Other data best practices include using an effective server redundancy plan and keeping regular, accessible and tested backups.
At the top is a company’s infrastructure. The future is wide open when it comes to the newest paradigms that will protect our data in the world of the Internet of Things. New technologies will shift focus beyond merely being functional databases; elements such as data permanence and decentralization will be discussion points when making decisions for an IT infrastructure. The current buzz has a platform called blockchain as the frontrunner for the future of secure databases. In fact, it has been explored by major banks and governments for everything from internal ledgers to medical records to voting.
Whether or not blockchain is the choice over the long term isn’t important. What is important is the ideas brought up by blockchain. Blockchain advocates often note elements such as transparency, permanence, decentralization and one-way cryptographic security. Perhaps the biggest benefit of blockchain is the opening up of this discussion, because as our world becomes more and more connected, all of these elements are crucial to protect consumer data.