How to prepare against the threat of cybersecurity | WIRED UK – Wired.co.uk
The hardest challenge for cybersecurity in 2017 won’t be social engineering or the rise of ransomware or even state-sponsored cyberattacks. It will be scalability.
Just ten years ago, a typical large enterprise had around 50,000 endpoints – devices, such as computers and point-of-sale terminals, on a network. Today, people can have hundreds of data-collecting devices about their bodies and homes. Smartphones and internet of things (IoT)-enabled hardware in the workplace have taken network endpoint counts into the hundreds of thousands. By 2020, networks with tens of millions of endpoints will be the norm.
A massive amount of innovation has created a booming hardware ecosystem of wristband health trackers, smart thermostats, connected pacemakers and more. To go to market, the industries that develop, manufacture and manage these devices have solved big engineering problems – form factors, low power consumption and connectivity, among others – but they haven’t yet solved security.
In 2017 this will change, because it must: the innovation trajectory will grind to a halt if we don’t collectively secure the networks that manage, protect and analyse IoT devices and the valuable – and potentially dangerous – data they collect. Cybersecurity, much of which is still from the 20th century, needs to catch up with today’s ecosystem.
IoT devices have a problem on two fronts: the data on the device itself; and the cloud-based software that synthesises and manages this data. Manufacturers should be routinely building cybersecurity into their product development life-cycle. Some companies, like Apple, lead the way, but work needs to be done.
How do we do this? We can no longer protect networks the way we did 30 years ago, with tools not built to match the speed of modern hackers and the scale of modern companies. Today, hackers can get in and out of a network within minutes, yet companies still depend upon sluggish “hub and spoke” architectures to monitor their IT. A central hub will send out a signal individually to each endpoint (the spokes) and await an answer from each, which can take weeks to receive answers, well after an attacker has vanished without a trace. Additionally, such a system can rarely exceed 150,000 endpoints.
Many large companies are modernising their IT systems, but we need to do more. We have more devices, more data, more threats, more sophisticated attacks and more attackers. We must band together as an industry to push in the opposite direction: towards lightning-quick solutions at a grand scale. It’s our only hope. And over the next decade, companies that promise results without speed and scale will disappear. As they should.
Government will also play a considerable role. If you look at the drivers for catastrophic failures – war, industrial accidents, power failures – it’s governments that create buffers against them. Breaches are hurting companies every day. Corporate espionage is now a cyber exercise. When you want to cause harm to another person, you can do that through cyber theft and doxing – publishing sensitive information online. It’s a reasonable expectation that our next war will be cyber. Because government regulates industries that can cause harm, common-sense standards – as in the payments industry and in health – are necessary.
There is cause for optimism: a decade ago, no one cared about cybersecurity. We had no emotional connection to the issue. Today, cybersecurity stands as an existential threat at the highest levels of industry and government, and we have some of the world’s greatest minds focusing on how to deal with it. We’ve had major attacks, but we haven’t yet had “the big one”. With urgency, collaboration and the best tools, we’ll make real progress to ensure it never happens.
Orion Hindawi is co-founder of California-based cybersecurity company Tanium
The WIRED World in 2017 is WIRED’s fifth annual trends briefing, predicting what’s coming next in the worlds of technology, science and design