The Pendulum of Cybersecurity

Achieving security is a never-ending process that requires staying ahead of those entities that try to elicit harm. Cybersecurity, defined by NICCS as “the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation,” faces the same challenges as any other type of security. Secure technology solutions use components that all strive to be effective, yet, the attackers know that one component is the weakest, and they are determined to figure it out. The process of cybersecurity is an ever escalating battle between the forces of protection and the forces of penetration, each trying to outdo the other.

Over the past decade, the belief that fail-proof security is achievable has been replaced with awareness of an inevitable need for cybersecurity insurance. The ubiquity of security failures across industries, and its diversity, require that Chief Information Security Officers maintain a constant search across the security spectrum to determine the weakest link.

Network Layer

Significant  attention has focused on the network layer over the past number of years. The goal is a secure, closed network for company traffic, while still accessing cloud infrastructure and services to avoid going back to the older technology of hardened company-owned data centers. These solutions are constantly moving from the core network to the periphery through Virtual Private Networks, with extensions to remote workers and mobile devices. At some point, this is likely to include wearable devices. In addition to these personally adaptable connections, Internet of Things (IoT) devices and machine-to-machine connections exponentially increase the number of access points to the private networks. Many of these devices may be in remote, yet unsecure locations, and as such, are accessible to physical and technological intrusions by threat actors. The physical layer will always be vulnerable.

User-Level Security

User-level security is another cybersecurity issue to consider. Passwords, PIN numbers, two factor authentication, TouchID, retinal scanning, and facial recognition are all common methods used to verify user access. The sheer number of verification alternatives available indicates that they are not foolproof. In fact, deploying multiple methodologies actually increases the number of security breach points available to intruders. Sure, diversity makes it more difficult, but increased opportunities makes it easier. Given enough time, access security can be undone.

The Application

This brings cybersecurity to its current focus; the application. The physical layer is physically accessible. The user can be mimicked. The software application may offer a better alternative. Can machine learning and artificial intelligence help identify rogue activity inside the software? Activity in this space is increasing and significant partnerships are being created. There is an opportunity to repurpose  Big Data tools that were designed to analyze previously collected and stored data. Even marketing data stores are in place to share these activity-based data collections. These marketing solutions collect user information as specific as the pixels on websites. Future applications may leverage this technology to identify the patterns of users attached to specific logins, creating an entirely new level of security. In the ever-increasing world of cloud-based applications, this may be an area for those application providers to take a leading role in cybersecurity. Threat actors can get to the physical layer and the access layer, but the utilization patterns, down to the pixels, would require an entirely different approach. We expect to see more developments in this area, first in high-security applications, but eventually to become more widespread.

– Author: Jim Caldwell, Director of Technology Practice, Fletcher/CSI