Posts Tagged ‘Cyber security’

In our prior post (“The Evolving Promise of Unbreakable Computer Security”) we suggested that the evolution of quantum computing would make it possible to create virtually unbreakable computer security due to its ability to create almost absurdly difficult encryption through the use of complex prime number “decompositions” that even today’s super-computers could not solve.

As a counterpoint today we offer the opinions of editors at The Economist, offered in the April 8, 2017 issue, in which they suggest that “computers will never be secure,” and that “to manage the risks, [we need to] look to economics rather than technology.”

We’ll let you be the judge as to which opinion might ultimately prevail.

The Economist editors suggest that “computer security” itself is a contradiction in terms.  Hardly a day passes that we don’t read about the latest cyber-attack (we’ve helped several of our ERP clients after they were harassed or held hostage through ransomware attacks).  Recently the central bank of Bangladesh lost $81 million… Yahoo almost torpedoed its sale to Verizon due to massive data breaches… and allegations persist about Russian hacking of the U.S. elections.

Today, there is a huge black market for data theft and extortion tools, including hackers for hire.  And soon enough, the Internet of Things (of which we’ve written frequently) will present even more devices that never expected to be hacked, but are ripe for attack.  The bottom line is “there is no way to make computers completely safe.  Software is hugely complex.”

And perhaps common sense would dictate that when you have millions of lines of code, like Google or Microsoft, errors are inevitable.  The Economist states that “the average program has 14 separate vulnerabilities, each a potential point of illicit entry.”  And after all, we are reminded, there’s the internet, where security was pretty much an afterthought.

So, what to do?  According to the Economist’s editors, it’s all about managing the risk.  Their suggestions include:

  • Start with regulation. If you can’t weaken encryption for just the bad guys, then make sure encryption is strong for everyone.  “The same protection that guards messages in WhatsApp also guards bank transactions and online identities.”
  • Set basic product regulations. They suggest promoting “public health” for computing, with solutions ranging from “internet-connected gizmos” that are updated when flaws are found, to forcing users to change passwords and user names often.  Enforce reporting laws already in place that make companies disclose when they are hacked.
  • Overall, says The Economist, incentives to take security seriously are weak, and the long-established disclaiming of liability by providers may soon bump up against traditional protection and liability laws, especially where computer products become embedded in devices traditionally protected by established liability law. In other words, the courts may one day force the liability issue.  And there’s nothing like the government to come down hard with new rules.
  • Cyber liability insurance. It’s a small but growing market for protecting consumers.  Product companies may soon find buying it preferable to the destructive consequences they might otherwise assume in liability cases.

Finally, they note that when the internet was new, no one took security seriously, and no one objected.  But today’s internet is ubiquitous, and not taking security seriously, given the known risks and consequences, is no longer forgivable.  As the editors conclude, “changing attitudes and behavior will require economic tools, not just technical ones.

Read Full Post »