Technology giveth and technology taketh away, and not always in equal measure. A new technology sometimes creates more than it destroys. Sometimes, it destroys more than it creates. But it is never one-sided. (Postman, 1990)
Despite Postman’s dire prediction, society has profited immensely from the development, implementation, and operation of new information technologies. Our lives have been enriched by the increased prosperity, expanded opportunity, and greater variety that advances in information technology provide. But technology can be a double-edged sword. Reconciling technology, privacy, and security to achieve a workable balance can be a daunting task. Organizations across the globe are relying on technological innovations to spur new growth. Cloud computing, social media, and mobile devices, among other technologies, have shown vast advances during the past few years as these trends are embraced.
But it’s important to understand that every new innovation also brings new cybersecurity risks. Billions of mobile devices are connecting to government and corporate networks, and with each touch point there is also the potential for introducing vulnerabilities. Additionally, with more data being produced and touched by more and more individuals the potential for information theft or leakage grows exponentially.
To combat an increase in cybersecurity vulnerabilities as a result of this ever-increasing connectivity, organizations should shift their approach to focus on protecting the valuable information, rather than limiting their efforts on hardening information system endpoints.
The increasingly quickening pace of technology over the past decades has created a double-edged sword for society. There are those on both sides that find the advantages and disadvantages of its spread into every aspect of life. Technology’s varied uses run from car navigation to the taking over of jobs once done by people. The sword has both good and bad edges, but it is a presence that everyone has had to accept in some way. (Modern Technology Council, 2013)
1.The “dark side of high tech”
Information technology spans the globe and there is no doubt that it has been beneficial for human civilization. And while some nations have chosen to reject or delay the unrestricted advance of information technology, for the most part, we have all profited from its existence. Our lives have become richer, prosperity has increased, and information technology has provided a conduit for increased opportunity.
Throughout history, individuals have fallen blindly in love with new technology while easily discarding the old. The endless pursuit of new technologies has often been seen as a panacea for resolving all the complex questions of existence. Infatuated with the technology itself and not always aware of its full implications, mankind can easily become a slave to the technology. For example, cars were invented to provide a more convenient and rapid means of transportation. But their invention was followed by a long line of problems – dependence on oil, rubber refining, and congestion – which in turn generated a sequence of technical solutions, each ultimately leading to environmental pollution, increased traffic management challenges, and a whole host of thornier problems.
So, for every beneficial advance in the area of information technology, there may also be an accompanying negative. In our ever-growing dependence on information technology, we are also exposed to increased risk. The dark side of the new information technology is based on the ability to exploit vulnerabilities associated with technology. The effects of this exploitation not only have the potential to cause enormous damage to individual victims, but also to negatively impact confidence in the information technology itself. Information technology has become so essential to the everyday operation of most organizations and businesses that a disruption of those services could cripple a company – or even a nation.
Uses of the new technologies illustrate some of the darker features of human behavior and raise issues that should not be ignored. Among the most important are the potential loss of privacy and the lack of adequate laws and practices to protect individuals and groups from misuse of their personal information.
New technologies also make it much simpler for those who are so inclined, to produce and consume what many would consider undesirable kinds of entertainment – child pornography for example. Another unintended consequence is the movement of traditional and new crimes to the world of information technology; whereby hiding evidence of criminal behavior or developing new forms of criminal behavior has become increasingly simple, especially as society becomes more technologically integrated and dependent.
So, what are the scenarios that keep those concerned with IT security awake at night?
- Increasing dependence: Increased societal and individual dependence on the Internet and information systems, including mobile devices and cloud computing, increases the likelihood of attack. The threats targeting information systems and networks will continue to grow as information systems and mobile devices become increasingly pervasive.
- Increasing complexity: The increasing complexity of networks creates an environment that may lead to increased potential for catastrophic failures. It is likely that no one truly comprehends the complexity and interdependencies of the networks that are being built. Networks have continued to expand exponentially, essentially forming a single, advanced integrated network of networks handling the majority of the world’s information processing and sharing needs. This converged, broadband, intelligent mega-network extends well beyond voice and data, local and long distance, supporting an ever-widening array of services, and blurring distinctions among networking, computing and applications. Driven by e-business requirements and facilitated by technological advances such as e-switching and next-generation satellites, the increasing externalization of networking has given rise to an environment where applications, content, and data reside in the network and are dynamically handled by network service providers in real time, without user intervention.
- Increasing content: An ever-increasing amount of data is being compiled daily on our individual buying habits, mobile phone usage, credit card purchases, and more. Indeed terabits of personal data are being accumulated and aggregated into enormous databases with little consideration for individual privacy. Content is at the core of business transactions, publishing, and entertainment. The diversity, volume, and effect of content has grown to such an extent, that we are experiencing unprecedented levels of interactive content, driving valuable revenue streams for, corporations and providing governments with the ability to monitor every aspect of our lives. Content is now accessible almost anywhere as a consequence of the increased use of mobile devices.
- Increasing mobility and social media: Mobility together with the increase in the use of social media presents major businesses with an increased concern about the risk of information loss. While the PC and Internet revolutionized communication systems, increased mobility has revolutionized information flow affecting business users, customers, and partners. A 2012 study by the Ponemon Institute reported that 63% of companies reported breaches that occurred as a result of employee use of mobile devices. Tablets and other forms of mobile devices are replacing corporate PCs and laptops as employees bring-their-own-devices (BYOD) to work and use them to access corporate information. These devices have the potential of opening the door to an unprecedented loss of sensitive corporate or government information.
- Increasingly intelligent devices: While general-purpose information systems and mobile devices are interconnected via the Internet, billions of miniature intelligent devices already inhabit the world, with their number increasing faster than the human population. The coming years will continue to bring new capabilities: a) many physical objects will be coded and therefore will become uniquely identifiable (radio-frequency identification or RFID); b) intelligent devices will be embedded in many physical objects, and will be networked via the (mostly) wireless Internet.
- Increasing global expansion and supply chain risk: More and more software and hardware is being developed in low cost countries such as India and China. Commodity computer hardware, firmware, and commercial off-the-shelf (COTS) software are now being developed and manufactured in a number of foreign countries. Some of these have traditionally been openly hostile to western nations, and some of their software industries may even be subject to direct influence or pressure from their governments. Frequently, the origin of a given software application may be difficult or even impossible to determine (especially in the case of open source software). And still, many governments have instituted policies to give preference to the purchase and use of COTS software over custom-designed products. Considering this, any hostile nation state or group with software development capability or information system manufacturing and an agenda could be in an ideal position to sabotage software or hardware developed for export.
Could anyone have foreseen this dramatic turn of events? Many consider the first individual to clearly address this growth trend was a man named Moore. In 1965, Intel Corporation’s co-founder and Chairman Emeritus, Gordon E. Moore, postulated that the number of transistors per square inch on integrated circuits doubles every year. This idea, called Moore’s Law, is based on the idea that computing power increases at a steady and predictable rate.
This is an extract from CyberWar, CyberTerror, CyberCrime and CyberActivism, Second Edition
©IT Governance Publishing Ltd
Cyber security is much more than technology
CyberWar, CyberTerror, CyberCrime and CyberActivism encourages cyber security professionals to take a wider view of what cyber security means, and to make the most of international standards and best practice to create a culture of awareness that complements technology-based defences.
This second edition analyses the changing threats in the cyber landscape, and includes an updated body of knowledge that describes how to acquire, develop and sustain a secure information environment that goes beyond technology, and create a cyber-aware organisational culture that is more robust and better able to deal with a wider range of threats.