Let’s get an idea for the size and scope of the cyber security problem.
Billions of devices, from security cameras to corporate workstations to points-of-sale, are all attached in one way or another via this thing we often refer to as the internet of things. To add some size to this problem we have billions of people all relying on this every day for work, healthcare, social, and government services amounting to a huge cyber dependent economy. Projected growth in both population and reach of the internet is going to continue to grow this problem with raw numbers alone.
Now, technologies are put into places to control things such as power generators or GPS driven cars and then patched right in. Literally if compromised these technologies could cause real physical danger to the public.
The problem gets compounded and becomes larger when you start to consider out-of-the-box vulnerabilities and mis-configurations. We estimate that as many as 30% of new devices, systems, and VMs are put online and vulnerable with out-of-the-box vulnerabilities. Another 20% of systems are open with administrator mis-configurations. Then the hardware issues: MTBFs (mean time between failures) for devices such as hard drives and power supplies interrupt life with maintenance downtime when they find single points of failure. Online “cloud” providers allow public facing virtual machines to run un-patched. While everything needs continual patching from front end plugins to the underlying firmware on core routers. The list goes on...
As you can see this problem is big enough already.
Let’s now consider the facts about the cybersecurity problem:
Information warfare is constant, persistent, lucrative, and disruptive.
It now includes everyone with players such as nation states, militaries, hacker groups, organized crime, universities, and corporations.
The rules are simple:
Don’t become a target
Everyone’s a target
News reports of cyber security and data breaches are daily with countless un-reported, negligent, or unknown.
When an organization is victim to a cyber attack it is often times a humiliating and tarnishing event. Some organizations never recover while others may eventually regain confidence.
The attackers and cyber thieves operate from a perceived safety base masked by VPN’s, Proxies, and Tor. State backed hackers from certain nations operate in teams with rewards for finding something interesting. Bot-nets of hackers can perform Distributed Denial-of-Service attacks on most any major network or website with ease.
The web and the ecosystem around it provides us with great things and the modernities of integrated technology, but it is also a huge launching platform and mask for deviant individuals and encited parties to operate.
Many organizations have spent years online and spend millions of dollars on firewalls, intelligent network components, anti-virus and malware licenses, spam filtering services, training, staffing, certificate services, … and others have not. New technologies, people, and businesses simply come on-line into the never ending expanse we call cyber space. Otherwise known as the internet, the web, the cloud and online services.