Cybersecurity at a crossroads: Moving toward trust in our technologies
By Patrick Gray
Cloud computing changed the technology landscape forever. Here’s hoping that trust will be the next frontier of computing. We’ve had a rather amazing decade or two in computing. Some elements of this evolution were predicted, like ever-increasing processor speeds combined with declining costs, and ubiquitous high-speed networks.
Other major trends were missed by the vast majority. I would have laughed someone out of the room that predicted Amazon would be the world’s dominant technology platform provider in 2005, and perhaps shook my head in disbelief if someone predicted it would take a global pandemic to finally prove beyond a reasonable doubt the viability of remote working for most office-type jobs.
Computing at a crossroads
Reflecting on these major trends in technology also brings up a rather unfortunate one. I’m writing this article from a device I no longer fully trust. The PC sitting on my desk could be compromised by some form of malware, the application I’m writing on could be sharing each word I type with a nefarious bad actor, or just a company trying to sell me more stuff, or perhaps that cool new connected home device down the hall is full of security holes that may be intentional or just due to sloppy coding. All this is before I even leave the safe confines of my word processor.
Should I venture into my email app, there are untold numbers of phishing and scam emails, and even news articles from trusted media outlets at best have clickbait-style headlines shouting at me to read about the next “shocking scandal,” or at worst are sponsored content or content reflective of the outlet’s political agenda. A dose of healthy skepticism is certainly helpful in most areas, but in the digital domain it seems we all must become hardened and suspicious skeptics when doing anything from opening an email to buying a product that could very well be fake.
This problem is equally acute for most companies, large and small. Ransomware has almost become a legitimate “business” of sorts, with a wayward click or tiny “hole” in one of your thousands of applications being all it takes for a hacking conglomerate to enter your network and lock all your files and bring your business to its knees. These groups even have help desks that work with IT admins to restore access once you’ve paid and even offer helpful tips to secure the network from future attacks.
Where’s the trust?
Technologists have poked at the edges of this trust problem for several years, and while technologies like Blockchain have been cited as being key pieces of the trust puzzle, they have yet to see widespread application beyond solving niche problems like food tracing or payment processing. It’s easy to assume trust is an academic or sociological issue best resolved in a university philosophy class rather than by the best and brightest technologists, but if trust continues to deteriorate, decades worth of technology advances are for naught if we as individuals and organizations cannot take advantage of them without fear of being hoodwinked, robbed, or compromised.
Shifting from security to trust
For most of the history of computing, addressing issues of trust was focused on security. Many of the foundational protocols and applications simply assumed trust; tools we take for granted like email were designed for smaller networks in which participants literally knew each other personally. To address attacks on these tools, measures like encryption, complex passwords, and other security-focused technologies were applied, but that didn’t address the fundamental issue of trust. All the complex passwords, training, and encryption technologies in the universe won’t prevent a harried executive from clicking on a link in an email that looks legitimate enough, unless we train that executive to no longer trust anything in their inbox, which compromises the utility of email as a business tool.
If we’re going to continue to use these core technologies in our personal and business lives, we as technology leaders need to shift our focus from a security arms race, which is easily defeated by fallible humans, to incorporating trust into our technology. Incorporating trust makes good business sense at a basic level; I’d happily pay a bit extra for a home security device that I trust not to be mining bitcoin or sending images to hackers in a distant land, just as businesses who’ve seen the very real costs of ransomware would happily pay for an ability to quickly identify untrusted actors. On a grander, societal scale, imagine if we could trust our sources of news and information, and readily separate the “infotainment” from the hard news.
While it’s hard to accurately imagine and predict the future, I am hopeful that we as technology leaders will reverse the troubling trend of regarding every screen and camera with suspicion, and throwing money at complex security “solutions” that can be defeated by a teenager with a telephone.