The world has become a global society of universal connectivity, where people expect to have instant access to data and services across a variety of interconnected devices. It’s all in the name of making things much easier, but it’s also creating a treasure chest of valuable information, goods, and computing resources for cybercriminals to extract, extort, and exploit. Between ransomware attacks, remote mobile phone hacks, and massive consumer data breaches, it’s very difficult to name a part of our created technological framework that is not under attack.
It seems like today's cybercriminal is organized, motivated, and in some cases well-funded. The pendulum has officially swung. According to cybersecurity experts, hackers are out spending consumers by roughly 2 to 1 when it comes to adapting to the latest advances in technology. This is allowing them to stay one step ahead. The imminent risks we face will require a coordinated effort of both human and machine intelligence to combat them.
The root of the breaches seems to be the same today as it was at the origins of the Internet: a fundamental failure to practice good cybersecurity hygiene such as poor passwords and improper permissions. These practices continue to open the door to an unacceptable number of opportunistic attacks. As cumbersome as it may be, passwords need to be changed religiously. Furthermore, they must be different from the last five to six passwords to help prevent the cycling of commonly used passwords. I am very happy to see some websites instituting this policy and forcing consumers to change their passwords every month.
Improper permissions tend to happen more on the organizational level. Organizations must continue to dedicate themselves to finding ways to purge and shut down insecure devices they may have floating out in the workforce. Having said all this, there seems to not be an iron clad way of shutting down the cyber-criminal. The past was dedicated to being more reactive to threats. The present and the future need to be dedicated to being and staying more proactive to possible threats before they have a chance to materialize and spread.
Considered individually and collectively, the scope and severity of the threat landscape underscores the need for continued new approaches. There is no shortage of monitors, alarms, workarounds and procedures to help protect our information. What we need now is a more active and coordinated way to unify them at speed and scale as a cohesive security fabric. Much easier said than done from where I’m sitting.
Comments