One can’t help but notice that cybercrime is a much more popular term these days. Once upon a time, back in the day, you would hear about hackers breaking software or finding bugs, but they tended to be stories for the geeks and back room staff. It was enough to install Antivirus software on our PCs and that would trap any malicious programs that you accidentally downloaded and started to run. Even if you didn’t, there was probably someone on hand to “clean” your PC and make it “work” again. We didn’t really know why this was happening and we didn’t care much.
Slowly but surely, we also witnessed a continued expansion of the Internet with more commercial sites and more corporate presence selling and servicing business goals. With it an explosion of mobile devices connecting us 24/7 with work, friends and everyone else as well. It should come as no surprise to us that with the growth of all this “genuine” business, more “disingenuous” business would follow. Crime follows all growth and new industry, testing our resolve and capability.
And so, it was that cybersecurity stopped being a subset of the IT Manager’s role and became a necessary discipline of any modern-day business. Technology is now used more and more in our traditional security and asset protection. Gates and guards are replaced with key fobs and cameras. We moved our infrastructure to data centres where more advanced technologies could be incorporated into the mix with multi-honed internet connectivity and sophisticated intrusion detection.
The birth of cloud computing from the data centre revolution and its commoditisation of infrastructure fuelled the fire making e-commerce accessible to SMEs and enabling a new bubble of tech start-ups. No longer was this the domain of the large corporate enterprise. We had a “Wild West” of Internet competition with all extremes of maturity and security awareness. The landscape was all set for the next generation of hackers: the cyber criminals.
Watch: Webinar – Cybersecurity and the New Definition of ‘Adequate’
At the end of the day, this is mostly about money. True, there are plenty of selfish, misguided people just out to cause damage and create mischief because they can. However, we now see more serious players – hacktivists – looking for recognition and reward from their knowledge and endeavour. Some are “ethical” and support and help us legitimately, but many are on the wrong side of the law and using cyber skills to extort money from innocent victims. The hacktivists band together and form structured organisations dedicated to exploiting the cyber world and holding it to ransom. These groups, now known as the Advanced Persistent Threats (APTs) then start to attract national agency and government attention. It’s a self-fulfilling prophecy.
So, we got to a stage where it was no longer possible to defend our own territory. We cannot build a firewall that will defend against a full-on data centre attack from DDoS. We can monitor and block traffic in our own data centres all day long, but the cost and risk is great when an attack heads our way. When the cybercriminals have more resources at their disposal than we do and can remote control the Internet of Things, the best place to make a stand is not in our backyard. The new strategy is to move our defences forward and block or thwart the menace out on the edge. Keeping the threat at bay by engaging in skirmishes outside the data centre keeps the services inside focused on their job of serving our business needs. For this we need new partners and new technologies.
Media news, fake and real, is the new norm and we will see a lot more spin and publicity going forward as we pull apart the moral and ethical issues which influence culture and attitudes. It’s all part of the war against cybercrime and we will become much more aware of cybersecurity as we learn new ways to defend ourselves. Our businesses and employers will need to adopt these new definitions to avoid being caught in the crossfire or being targets.
Just because we are learning how to keep our technology assets safer doesn’t mean we have won the war either. Attention is clearly now turning to the next and more exploitable weakness: people. But that’s a story for another time…