October marks cyber security awareness month. To the average citizen, that might mean updating those hastily created passwords (e.g., “password1”), updating their antivirus software, and not replying to Nigerian-prince related emails.
But a broader understanding of cyber security and the inner workings of the digital world remain elusive to the general public. While high-profile breaches continue to splash the headlines, the ramifications of cyber attacks and abused cyber-power have failed to make an impact outside the infosec community.
Employees continually provide attackers footholds by engaging with phishing campaigns. Security teams fail to enact basic best practices, as seen in the OPM and Wyndham Hotels breaches. And even the most security-conscious government officials (*cough* John Brennan *cough*) break some fundamental cyber security rules.
Combined, these incidents chip away at the integrity of the Internet as we know it, and threaten the continuity and essential trust we have placed world wide web so entrenched in how we live today.
What is digital disintegration and why should it keep us up at night?
“Digital disintegration: So far, cyberspace has proved resilient to attacks, but the underlying dynamic of the online world has always been that it is easier to attack than defend. The world may be only one disruptive technology away from attackers gaining a runaway advantage, meaning the Internet would cease to be a trusted medium for communication or commerce.”
Harsh words. But this is what the World Economic Forum viewed as a leading threat to global security last year—that the Internet could cease to exist as we know it or would be too dangerous for most businesses to touch. According to their report, Global Risks 2014, cyber attacks outrank financial institution failure, pandemic, and weapons of mass destruction in terms of global risks likely to occur with the largest potential impact (leaving terrorist attacks, state collapse, and chronic disease in the dust).
So what’s causing digital disintegration? Unfortunately, it’s the very things that make us love the Internet so much.
With the influx of devices connected online, cloud and wireless technology, and more sectors of modern life linked to the web—business, personal data, infrastructure, defense—an ever-deepening complexity makes the potential impact of cyber attacks harder to predict. Hackers have more doors than ever to break into and more pathways to run around once inside.
As the report says: “Everything that is connected to the Internet can be hacked, and everything is being connected to the Internet.”
Protect your network against the expanding attack surface. Learn how with these 5 best practices.
Government isn’t helping
Governments and national security agencies are adding to the threat of digital disintegration. Governments are expected to act as the gatekeepers of a secure society; however, they are increasingly the ones exploiting the risks of cyberspace, purchasing zero-day vulnerabilities, engaging in cyber espionage, and reshaping cyber policy to their benefit.
Cyber espionage between hostile governments may be understandable—at least in that it’s akin to the traditional spy game. But the level to which governments today are spying on allies and even their own citizens is unprecedented.
The WEF report sites government exploitation of cyberspace as a contributor to digital disintegration for two reasons:
- Internet fragmentation: While national security organizations have taken advantage of cyberspace’s anonymous spying capabilities, they have, in turn had the same exploit used against them. Out of mistrust and lack of confidence stemming from cyber espionage between nations, the Internet is at risk of having more defined “national borders” as a means to increase security. Pockets of isolation online will break up the fluid, accessible Internet we’ve grown accustomed to and decrease cooperation.
- Eroding trust erodes economic potential: The declining view of government as fair online players not only breaks down overall faith in government by the governed and that between nations, but also erodes economic confidence. If privacy and fair play are undermined by a government’s cyber practices, their nations are less likely to see business and investment coming their way.
What can we do?
Currently, there’s no silver bullet to keep the cyberworld safe and in the form it exists today. This is partly due to the virus-like nature of attacks: difficult to detect at the very point of infection, easily spread once inside a host, and evolving at every moment.
But, as the WEF report explains, all systems have the ability to adapt: “In physical warfare, the dynamic between attackers and defenders has flip-flopped with inventions such as the machine gun and the tank.” Cyber security is no different.
The search for the “tank” solution is on (and hopefully concludes before the attackers figure out the rocket launcher). It’s going take a great deal of diligence and investment in the cyber security field, and much more awareness from the general public.