The IT revolution of the recent decades has brought profound change to the ways people communicate, produce and exchange goods, and how they entertain themselves.
My job is in IT security, which is quite a young industry. Its emergence was only due to the fact that the newly created computerised environment we all live in today has brought around a multitude of new risks.
The big problem we face today is that most of the software that runs our massive IT ecosystem is vulnerable to cyberattacks. And there’s nowhere to hide: If you’re not a hermit, it is virtually impossible today not to be exposed to information technologies.
Digital equipment, devices and gadgets are all around us. An average household in the modern world already has several networked devices, and there are predictions that soon it will own hundreds of them. And there’s probably not a single factory today – no matter what industry – that’s not using some sort of computerised industrial control systems.
The big problem is that we’re using computers and various devices that were never designed to withstand an attack by a highly qualified threat actor. However, our infrastructure is becoming increasingly ‘cyber-physical’, while being run by the same vulnerable software.
This means that the cyberthreats of yesterday – the ones that put our data at risk the most – get a whole new meaning. In this environment, an attack on data has the potential to cause real physical damage and even kill people.
Unfortunately, despite all the efforts of IT security companies and law enforcement, the number of damaging cyberattacks is growing and large-profile hacks are making headlines around the world with frightening frequency. We see that there isn’t a single widely used operating system that is secure: all of them are under attack.
This means that we’re still in the ‘Dark Ages of cybersecurity’: software is being developed without much attention to the risks it will face while running in the real world.
We need to change this approach and achieve a sort of cybersecurity Enlightenment. We already have many security technologies and know-how that permit making networks and devices much more safe and secure. However, these technologies and approaches are still not widely implemented.
But I’m confident and optimistic that we can secure the IT ecosystem. It took decades to make airliners as safe, reliable and convenient as we have them today. I really hope that we can achieve a high-level of IT security in a much shorter time.
The only ‘smart’ way is to prevent accidents before they occur, not to scramble to fix the vulnerabilities after things go wrong.