We live in a society that is addicted to information, in any form.
Yes. Today the world runs on information. Not only society but economic models are based on this fuel that doesn’t burn physically, but has the power to burn things when it follows obscure intentions.
Everything can be changed— or is already in the course of changing— and old values are being discarded. There is a lot of room for new ideas; some are evolutionary, but many are revolutionary.
Pocket-size computers provide a multitude of possibilities for the consumer as well as for the world of business.
The world is at our fingertips, a slide away, one click further down the digital highway. This highway delivers great power to those who understand the interactions, the data streams and the clicks or likes. But with great power comes great responsibility. Often, responsibility is neglected by the end user and miscommunicated by the supplier.
In this article, we tell you the story of how cybercrime made its way into our world and why cybersecurity hasn’t quite evolved at the pace these times of the 4th Industrial Revolution require.
(R)Evolution
We are living the 4th industrial revolution. In this era, where new technologies emerge at high velocity and are seemingly unstoppable, silicon, steel, neuron and bytes melt.
This is a great moment to develop new ideas into business solutions and create progress in technology and for humanity. However, society is still in the process of adoption and adaptation to the 3rd industrial revolution, bringing digital into the homes. Connecting computers and communication mechanisms never before seen are being mass adopted only very recently in history.
Cybercrime (r)evolution
The early days of the 3rd industrial revolution enabled youngsters to explore the technological boundaries of this new digital world. Hackersemerged and soon started to troop, becoming powerful groups of knowledge with a rebel mindset.
At that time, the defacement of websites was a sport, and companies had their page changed with a statement by an individual or a group. Many of the victims already claimed financial loss because of this ‘bad’ publicity.
However, these activities did not go unnoticed. Criminals were luring hackers in order to incorporate both them—and their skills—into their nefarious ideas and execute a new set of activities to gain profit. Many started in small fragmented groups with high-profit activities. With the emergence of the Dark Web, activities boomed. It enabled the infamous Silk Road (a trading platform to sell illegal goods) to flourish.
It’s unclear when the more traditional organised crime groups started up their activities in a digital world. But one thing is clear, the easier the access to the connected world becomes, the more lucrative the business that will emerge. And as sure as death and taxes is organised crime, who will be more than happy to grab its piece of the cybercrime pie.
The only hazard is, hackers don’t like to be associated with mobster gangs. They prefer to be freelancers, snatching up opportunities from a dodgy market with lucrative requests. And their main reason is, mobsters beat you up.
Cybersecurity (r)evolution
Cybersecurity has changed over the years. It started with building a fortress around our corporate networks, which created a virtual safe space.
In the early days, it was all about protecting the Local Area Network, keeping the evil out, and trusting everyone and everything that is inside.
The majority of cybersecurity efforts and budget went on preventative tools. They mostly continue doing what they are made to do: keep out what is not allowed and what it understands at that given moment.
Some time later, rules were implemented and frameworks integrated. The era of what we know today as ISO 2700x, NIST etc. started. It formalised security efforts, giving security both a voice in the organisation and a seat at the table of the decision takers.
But note that security staff was still operating under the umbrella of IT, in the first line of defence and focussed on operational issues. Many of the IT security staff still had their focus on keeping the machine running, without having time to think if the machine is still adequate for the race we’re competing in.
Governance, however, was the missing piece and made its way to the agenda.
There has been a big change in how organisations see and manage security in the last few years. Security staff, and more particularly CISOs, are moving into the second line of defence.This shift is forcing them to think or rethink the controls put into place and the alignment with business counterparts. It’s less IT oriented and more about how to shorten the go-to-market in a secure fashion.
Many of past decisions are still important, but the world of today is not one of building a virtual castle.
We live in an interconnected world where protection of users and data is the goal instead of the protection of the systems and the applications that we were so familiar with.
Old fashioned methods using new technologies
The internet brought a lot of new possibilities to the way we communicate, consume products and services, distribute news, engage socially, among others.
The world is now a courtyard, nothing more than a playground. Which is great, it provides access to things previously unavailable or impossible. But these new technologies didn’t come with embedded security. Leaving people vulnerable to attack, these methods often include the new technologies and exploit the weaknesses present in those technologies.
Despite that parents warn their child of “stranger danger”, for some odd reason, we humans seem to have lost any vigilance towards strangers in the virtual world. Fairly obvious clues like odd messages, inappropriate requests or too-good-to-be-true propositions come to us via the digital door.
Even worse, it seems that those people who are hired to help us and keep us safe are addicted to old models, focused on prevention and defense. With the widespread number of attacks the importance of adequate response will be paramount for the survival of your organisation.
An ounce of response is worth a pound of prevention.
What we think
Koen Maris, Cybersecurity Director at PwC Luxembourg
The cost of security breaches is similar to the cost of car crashes: it doesn’t dissuade people from taking a car.
