Trust in Cyber World
Fast expansion of digital eco systems connected across geographies in heterogeneous IT environment enabling multi Trillion digital economies, solely are sustaining on the basic fundamental of ‘Trust’ in its authentication, authorization and in every transaction event. Trust in IT domain is not permanent but a dynamic component where any deviation or abnormality from the norm could impact the level of confidence and Trust, impacting the sustenance of digital economies.
Over the last decade, adversaries are changing attack / compromising methods on a fast phase. In the earlier era majority of the attacks were targeting availability of the system or information without much of financial motives. With security control technologies improved success rate on direct attacks without getting noticed and blocked was becoming difficult for the adversaries. This gave rise to social engineering attempts luring victims exploiting their blind trust, an easy way with high financial gains and other attempts to harm individuals and entities.
All recent surveys and publicly available data points indicates exponential growth of cyber incidents, victims and now a considerable percentage of digital economy is at stake due to cyber incidents. With huge success of the campaign, lesser chance of getting caught, lack of legal system across federal, state or geo space, heterogeneous environment with lack of accountability and governance, information / availability having high $ value, users ready to pay for ransom or blackmailing attempts, adversaries are not going to back out any time soon. This could lead to Cyber world like the lawless Wild West scenarios in late 1800’s.
In that era rail corporation of the west had clear stake on the state of matter, influencing the environment of the individuals. In the recent years momentum of consolidation among technology leaders are seen where few individual entities are going to control the entire digital eco system. ISP’s / Search Engines / technology corporates are now taking the role of gate keepers of the internet, controlling on what end user should consume on a daily basis. Search engines are now influencing user perspectives by filtered search results based on their specific agenda as well as on information collated and personalized specific to the end user. In the name of personalization, activities in a way now, becoming stalking, manipulation, privacy invasion, snooping and tracking. We highly depend on internet for every query and decision we make, without our knowledge we are now getting fed by inorganic search results which shapes our views and perspectives, price we pay for the blind trust. Also, like celebrities through advertisements influencing our purchase decision in consumer products, we now have social internet influencers with specific agenda with every postings, videos and comments attempting to influence our believes and thoughts.
In the physical world governments played critical role in ensuring protection to individuals and entities but in Cyber world protection become responsibility of individual and entities where government plays only secondary advisory roles. Distributed structures and business / technology models compelled this shift. While government provided priority to ensure protection to critical infrastructure, yet to view erosion of trust, values, culture, perspectives, morale as a critical foundation which need priority consideration.
Cyber security technologists are hyped now with so many PE investments for further innovation to handle the evolution of threats effectively, maturity hype cycle even after decades is not stabilized but continuously trying new approaches to defend effectively.
With more disclosures of breaches, security incidents, direct / indirect experiences of victims, people are going to be very skeptical and paranoid in cyber world which will hinder the growth of digital world if not governed with required controls and process. While insecurity is not just perspectives, fast adoption of half backed digital technologies, varied complex business models, lack of experienced digital technology staff, inadequate governance, lack of adequate budget allocation for this new domain and accountability is bringing security posture vulnerable. If these issues are not addressed with highest priority, with erosion of Trust and confidence and vulnerable environment, constituents will be highly reluctant to adopt digital eco systems with ease.
Assume scenario where airlines pilot or a missile operator no longer are confident on the GPS coordinates shown in their system to take decision or access to doppelganger domain of popular organizations luring users or on the outcome of election with biased and influence voters or investors worry on the accuracy of finance data in trading systems or market decision influenced by a fake fabricated news in the social media by influencers with specific agenda or fake call centers reaching out to users for extortion's.
Correction is not simple since adversaries are organized, motivated and committed to attain their objectives. Bad agenda in Cyber world is most of the time driven by Nation state, organized crime syndicates, activities, disgruntled insiders, political groups and other fraudsters and is not easy to control by uniformed regulation globally. All stakeholders, constituents and partners need to be aware of the situation, chose options and considerations in Cyber world with due sensitivity, priority and care.
Information / cyber security works with the fundamental objectives to ensure confidentiality, integrity, accountability and accountability availability of information and systems. Most of the time these objectives are considered in isolation with each of the objectives governed and managed with different metrics. It is now time to establish clear accountability and governance mandates at centralized level for visibility, governance and control enforcement to defend the digital space with Zero Trust and integrated platform approach.
Lead Analyst
5 年Good article
Information Security Manager @ Amex | Specialising in Offensive Security & TPRM (Third-Party Risk Management) | Cyber Safety Champion
5 年In the last para you've written Information / Cyber security...that in itself is a significant shift. How, the definition of two is becoming synonymous with time. Good article!
CISO | ISO 27001 | ITIL | Data Protection | OT Security | Gartner Speaker | Agile | Privacy
5 年very relevant with the explosion of Digital Initiatives