Layers Upon Layers of the Best Security Systems will Still Fail. What's the Solution?
The recent string of high-profile cybersecurity incidents has everyone who operates a business concerned. Big companies have had to pay hefty ransoms to recover their systems after they go compromised.
These incidents have exposed just how vulnerable security technology is. All businesses are now pouring a lot of resources into security technology, trying to come up with the most secure systems.
Small businesses might not have the financial muscle needed to get the best security technology, but they are also doing everything they can to protect themselves.
Writing for BusinessWest.com, George O’Brien explores how all kinds of businesses around the world have become vulnerable to cyberattacks of all kinds. He explores Charlie Christianson’s suggestion that the science of cybersecurity is like an onion. Charlie Christianson is the owner of CMD Technology Group.
Charlie suggests that security technology should consist of many layers for it to be impenetrable. Charlie explains, “The goal isn’t to have one be-all, end-all product or solution that’s going to protect you — it’s a variety of things. It’s about trying to put as many layers between the threat on the outside and the asset, which is at the core.”
“Most people understand the firewall discussion, but what they’re starting to understand is that it’s not just the stuff that protects you — it’s your staff, it’s your people, it’s the training, it’s the education, it’s the policies, and having all that in place.” He added.
Attackers are Always a Step Ahead
George calls attention to the need for all business owners to take the recent string of high-profile cyberattacks as a wake-up call. He is not wrong about that. Business must do something if they want to be safe.
Unfortunately, pouring resources into layers of the latest security technology and user education will not make any difference.
Truth be told, attackers seem to always be one step ahead. In fact, they lead security technology innovations. It is only after attackers have exposed or created a vulnerability that security technology developers come in to patch it up.
The problem is the security technologists are focused on the wrong things. They are focused on playing cat and mouse games with cybercriminals. They focus on intercepting malicious traffic, trying to predict the intention and character of a stream of bits.
If cybersecurity technologists are to find real solutions, they have to first find what the problem is. They are trying to fix the internet while it does not need fixing.
The problem is in how people use the internet.
Why do cyber attackers have space to device new attack schemes after the previous ones have been patched?
Nowadays, cyber attackers are relying more on social engineering than brute force attacks. Even if security technologies come up with the best security systems, these attacks will not go away.
Shifting the Focus of Security Technology
What makes social engineering possible? It is made possible by the fact that people can masquerade as anyone on the internet.
Security technologists must shift their focus to people’s identities. How do we make sure people are really who they say they are on the internet?
Internet users must have measurably reliable digital identities. People must be who they say they are and be accountable for what they do or say on the internet.
All those security products and patches will never solve the problem as long as there’s no accountability on the internet. Security technologists only try to block an attack but they don’t go the extra mile to find those behind the attack.
When law enforcement agencies try to go for attackers, they end up on a dead-end more often than not. Attackers use fake identities and drop them as soon as they are done with their attack. By the time law enforcement start tracing the criminals, they are looking for non-existent persons.
An ideal internet environment is where users are really who they say they are, and they can be held accountable for their criminal or civil misbehavior. That situation is called AUTHENTICITY.
Authenticity can be defined as the condition that exists when digital signatures everywhere, backed by measurably reliable digital identity certificates, that are owned by real people, and which provide security, privacy and accountable anonymity.
Watch the video below to learn more about authenticity.
Where Will Authenticity Come From?
Think about this; you can just pick a fake name for yourself, create an email address, and sign-up on various platforms online. You can then interact with people who know you online without them knowing who you are. It’s easy for you to trick them since you know certain things about them.
You would not be able to do the same thing in the physical world. That’s because people around you know who you are. They know your identity and they know what you look like. In other words, people around you have a reliable method of identifying you. No one can go to them physically and try to masquerade as you.
When it comes to people who don’t know you, we have public authorities that register identities. People use the identity document given to you by these authorities to determine whether you are really who you say you are.
Authenticity will come from the presence of duly appointed public authorities on the internet, that issue measurably reliable digital identity certificates, that are tied to real people.
Authenticity is going to change the world’s information infrastructure. It will not only make it easy for organizations to protect their systems but will also allow individuals to remain in control of their data and information. No more worries about data harvesting by big tech companies.
Again, Charlie’s suggestion that businesses need layers upon layers of security systems is proof that security technology is not working. It has never worked and it will never work, especially since it cannot stop social engineering.
Authenticity will be made possible by an old technology called PKI. PKI has been around, but it has never been deployed to its full potential. The issues preventing its deployment are now resolved and PKIDR (PKI Done Right) is about to introduce rock-solid connections between online digital identities and real people. That will solve all the internet security and privacy challenges we’ve been dealing with for decades.
Visit https://www.whatisauthenticity.com/ to learn more about PKI and Authenticity.