capitalmarketsciooutlook

If it's Connected - it's Vulnerable: Everything is Connected!

By Terri Bettinger, CIO, Franklin County Data Center

Terri Bettinger, CIO, Franklin County Data Center

All around us we see the pervasive integration of technology, business and culture. Corporations and consumers unapologetically demand instant “tech gratification”. The underlying digital fusion required to satisfy this mandate – compels technology to expand its frontiers at the speed of ideation. The imperative for all technology providers: Adapt or Fail.

“Cyber threats are increasing, and the need to protect data is more and more compelling – yet it is extremely difficult to do using current methods.”  

The conundrum of rapid adaption: cybersecurity

Over the past several years, cybersecurity has become an increasingly pressing issue for those at the top levels of government and in the private sector. President Obama has noted, cyber-attacks have become “one of the most serious economic and national security threats our nation faces”. Industry studies repeatedly illustrate that the number of cyber-attacks in the US continues to grow in frequency, severity, and in fiscal losses. Cyber-threats affect:

• Individuals via hacking, identity theft, and highly personal incursions (email, medical devices, smartphones)
• Public and private organizations through the theft of national security information and corporate espionage
• Nation states with the potential catastrophic failures of the nation’s critical infrastructure (utilities, telecommunications, healthcare and financial systems)

If it’s connected then it’s vulnerable: and everything is connected

Seventy six percent of Americans own a smartphone; Asia and the Middle East currently hover below 30 percent. Globally, we could realistically see the addition of three billion smartphone users by 2020. The outgrowth of wearable technology is projected to be even more far-reaching, including apparel, glasses, jewelry, headgear, belts, watches, skin patches, exoskeletons and e-textiles – often focused on medical, fitness, safety and wellness.

Several studies show that a country’s level of connectivity strongly correlates with GDP (Gross Domestic Product) – thus creating a compelling stimulus for further connectivity.

Smart grids, smart homes, smart cities, autonomous vehicles, children’s toys, unmanned aerial systems, hospitals, health records, medical devices, banking systems, kitchen appliances, vehicle control systems, election systems, nuclear power plants and scariest of all - 6 out of 10 “tweeners” (8-12 year olds) – are all connected - together. It’s the digital equivalent of “6 degrees of Kevin Bacon”; the concept that each one of us is separated by 6 or fewer common connection points.

Users represent the single largest security risk to all organizations today

Cyber threats are increasing, and the need to protect data is more and more compelling – yet it is extremely difficult to do using current methods. Difficult, in that, malicious actors can operate from anywhere in the world, easily obfuscating their presence: compound that with the rapid growth of expanding and integrating the physical infrastructures: exponentially compound those attributes with the risky behaviors of the underlying users. The result is that the threats now advance quicker than our ability to keep up with them.

FBI Cyber Crimes Task Force Special Agent Corey Collins reported that the vast majority of recent network intrusions ultimately originated “internally” from user based activities; the majority of those events were unwitting and without malice. Risky user behaviors include: writing passwords down, connecting to public Wi-Fi not secured with passwords, plugging in a USB device given to them by someone else, clicking on links that will trigger one or more form(s) of nefarious agents labeled as Trojans, viruses, worms, spyware, mousetraps, scareware, key-loggers, adware, backdoors, wabbits, exploits, botnets, dialers, crimeware, SQL injection and many others.

In response to the painful impacts caused by these repeated exploitations: governments legislate, regulators regulate, and industries continue to invest heavily in risk mitigation. According to industry experts, by 2019, enterprises will more than double their security spend as compared to 2014 levels. Some estimate that as much as $170billion dollars could be spent on cyber security solutions annually - $22 billion from the US government alone.

IT leaders must move from trying to prevent every threat and willingly acknowledge that “guaranteed” protection is not feasible

The traditional approach has been to intensely focus the majority of the security resources defending the most crucial system components, protecting them against the biggest known threats; leaving less important components unguarded by not fully addressing the less dangerous risks.

Security breach investigations have demonstrated the alarming disparity between the speed of compromise and the speed of detection. According to a 2015 report by Mandiant, the average malware compromise was present for 205 days before detection. Additionally, the 2015 Verizon Data Breach Investigations Report highlighted that, “in 60 percent of cases, attackers are able to compromise an organization within minutes."

Organizations must adapt and focus more on the ability to rapidly detect and quickly respond to malicious incidents, with significantly more focus on the people and behaviors as much as the technology infrastructures. If traditionally, you would have posted heavily armed guards, round-the-clock, surrounding the perimeter of a large building – now we must adeptly monitor the activities of the people and the individual systems inside every area of the building. By unifying the visibility of systems, people and, processes – we can quickly identify behavioral irregularities, thus reducing the time to detect and respond to a threat. This far more proactive and adaptive approach, aligns Cybersecurity solutions parallel with the continuous stream of technology solutions and services.

Adapt or fail

Thousands of years have shown us that humanity continues to innovate, innovation demands adaptation, adaptation fuses technology, and the use of infused data solutions presents risks to all who are connected to it. Predicting and preventing all possible exploitations, in a timely manner, is an impossible endeavor. Therefore, we as technologists MUST embrace the reality of constant adaptation and focus our cybersecurity solutions accordingly.

It is just as Darwin said, “It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change.”