Cybersecurity Continues To Underestimate Its Opponent
This year, consumers have felt the danger of security breaches. Traditionally, we’ve seen attacks on companies processing payment information, receiving payments, or allow payments – from consumer merchants to financial institutions. In the past twelve months, we’ve seen revelations about dangers involving complex design (Meltdown and Spectre) along with one of the largest behavioral data compromises in cybersecurity (Exactis). With the growing depth of attacks, what is the bigger picture we’re seeing in the cyber world? With this question in mind, we interviewed Milena Rodban about cybersecurity in the context of geopolitics, design complexity and business decisions that increase risks to help us see the bigger picture of the cyber attacks we’re witnessing. Milena Rodban is a geopolitical risk consultant and interactive simulation designer. She advises private firms, with a particular emphasis on tech companies, to help them successfully navigate complex business and security environments. Ms. Rodban received her MA in Security Studies at the School of Foreign Service at Georgetown University.
In context of the United States and geopolitical risks in the cyber world, who do you see as our major challenges? How do you think we're currently handling these challenges?
Put simply, the major challenge is complexity and the large numbers of actors looking to target our vulnerabilities, from state sponsored hackers, to intelligence agencies, criminals, and terrorists. We’re spending record sums on cybersecurity, but the breaches are still stunning. With each new development, even convenient ones like streamlined and simplified log-in APIs, we’re adding extra complexity to the situations we face in cyber space, and increasing the likelihood that a breach will have far-reaching and catastrophic consequences. Each new device adds new points of vulnerability, new ways to collect private information, and new ways for bad actors to hijack poorly secured devices to wreak havoc.
Furthermore, we are not prioritizing the need to understand likely immediate consequences, not to mention second and third order externalities. Some things that seem like they make our lives easier or simpler demand tremendous sacrifices in terms of privacy, security, and vulnerability. Tech companies need to be able to collect and sell data in order to be able to offer platforms or services to users for free, so it's a stretch to imagine that you can have fully ethical firms that don't charge high fees to make up for not being able to profit off data. The reason an ancestry kit is a bargain is because they then sell your data (anonymized, they claim) to drug companies to make new medicine. Either we pay a premium to keep our data safe or we acknowledge "free" isn't really free- you and your data are the product.
Additionally, the rapid speed with which we update systems, unevenly adopt new tech, and specifically security measures, along with rampant tech illiteracy leave little time for people to consider the potential interactions and nefarious uses for the innumerable gadgets that we use on a daily basis. Look at the way wearable fitness trackers uncovered secret military bases- to me, as someone who works on helping clients explore their potential vulnerabilities and the actors likely to target them, the connection seems obvious. To the average person who wants to stay in shape in a stressful job, it may not be immediately obvious. The most important challenge is that most tech firms still do not appreciate the extent to which they are vulnerable to geopolitical developments and how they actively raise their exposure. There is someone, somewhere, looking to use every development for unintended or nefarious purposes- whether criminal, activist, terrorist, or state-sponsored hacker.
Continue reading the interview.
Check out the highest-rated Automating ETL course on Udemy, if you're interested in data. From some of the reviews:
The instructor's style and enthusiasm for the subject is infectious and makes for an enjoyable learning experience.
Great teacher and knows how to explain the topic in hand.
Consider some recent breaches and attacks this year alone:
- OnePlus security breach
- MyFitnessPal security breach
- Exactis security breach
- Electronic devices involved in a security breach
- Voting systems' security breach
- T-Mobile security breach
- Air Canada security breach
- Brazilian fashion company breach
- Major Facebook breach
- Chinese chip attack
None of these indicate a trend where cybersecurity is increasing. All of them show the opposite. Hackers are getting better while firms are getting worse. Attacks used to be sporadic and limited in the past. Now, they happen with regularity. As Milena answers, people do not realize that some of these entities are not simply "script kiddies" - they may be much more sophisticated than people imagine.
As a measure of security for this account on the Steem platform, outside an incompatible rule change, this account will never be powered down or have Steem removed. In addition, if this happened due to an incompatible rule, the reason would be stated on a linked account for verification.
If you have Steem power, never post content, and want to add value to the Steem platform, consider delegating some of your rewards to @cheetah. The @cheetah account helps prevent spam and dishonesty on this platform.
We used the opening paragraph and first question from Seeing the Big Picture of Cybersecurity With Milena Rodban with permission from our sponsor, FinTek Development. Image from Pixabay.