Security at the root: The need for a new digital paradigm
Over the last two decades, the world has seen an increase in more sophisticated and more highly funded threat actors. Whereas lower-level threats attempt to breach security through sheer volume of attacks, these advanced actors are more persistent and methodical.
Every day, businesses and institutions are being targeted by cyber attacks. Most of these threats are low-level and can be neutralized by simple due diligence, like subscribing to third-party cybersecurity suites and establishing client/server protocol encryption. However, over the last two decades, the world has seen an increase in more sophisticated and more highly funded threat actors. Whereas lower-level threats attempt to breach security through sheer volume of attacks, these advanced actors are more persistent and methodical. And these attackers, many of which are state-sponsored, may lie in systems undetected until it’s too late.
Some hacking is technically legal, or at least performed by the institutions that make the laws. For example, states worldwide use the internet to surveil their people and conduct international intelligence. The Freedom on the Net 2018 report by Freedom House concluded that 26 of 65 countries surveyed had seen a decline in Internet freedom. A mood of cynicism prevails and many wonder if privacy will continue in any recognizable form. Several governments openly sponsor mass surveillance and censorship of internet activity, with some passing vaguely written laws that impose severe jail time to those supposedly found “inciting hatred” or expressing dissent. Regular users and institutions alike have the need to protect their digital lives.
The effects of breaches of an individual’s data, like identity theft in free countries and imprisonment or punishment in restrictive ones, are sadly familiar. The effects on businesses are also dire. Protecting against breaches isn’t just a moral and reputational necessity; bad security hurts companies’ bottom lines. The total average cost of a data breach to a company is some USD 3.92 million based on the most recent annual report from IBM Security. The same report states that 51 percent of data breaches are caused by malicious or criminal attacks, rather than human error or bad code. And while some multinationals might determine that $3.92 million is a rounding error in their account books, that’s merely the average expense. The famous Target hack cost $220 million, while the Equifax breach cost the firm $1.4 billion.
So is the moral that companies should keep their virus protection up to date? That they should install every patch? In the current system, these are good ideas, but they’re essentially reactive, and guarantee an ongoing hacker/security arms race. Proactive design, not reactive response, is the future of cybersecurity. Many cybersecurity companies now offer solutions they label “proactive” which promise deeper and more extensive detection methods and faster responses, but this still relies too much on guesswork. These solutions do not necessarily address the problem at its root. Designing a platform with potential threats in mind provides a strong foundation for a company’s security efforts. Thanks to recent advances in technology, particularly in blockchain and encryption, developers are now able to drastically increase the threat-resistance.
Blockchain technology brings new paradigms to security with its distributed architecture, and builds on current best practices of data encryption and access control. With its checks and balances, it becomes harder for malicious entities to garner large amounts of power within a network undetected. The decentralized nature also mitigates against single points of failure for data entry and control. Compromising a distributed ledger — in the unlikely event that the encryption were cracked — requires control of a worldwide network.
New security systems will not achieve mass adoption overnight, but it’s clear that the time for a new approach has arrived. Nearly three decades into the internet era, conventional security has not solved the problems of surveillance and theft that have long plagued the web. If anything, given the explosion of websites, the proliferation of users, and the exponential growth in data gathering, the problem has only gotten worse over the past decade. Encryption and distributed ledger security may be the way forward. The reactive strategies of the past will not suffice for our digital future. It’s time to try something new.