Friday, May 16, 2014

Everyone connected, even the 'bad guys'

"Next year it's estimated that there will be 15 billion connected devices. By 2020 this number will reach 50 billion. (...) Between now until 2020, the digital universe will double every two years." These predictions are explained in a recent article by two experts in the Internet of things (IoT): Stephen Pattison and Steven Kesler (English version / Spanish version).

A world full of all kind of connected devices is not a futuristic scenario. It is here and it has come to stay. Kesler and Pattison reflect on this and on the IoT's implications for data security. Therefore they propose some guidelines and recommendations for the government to ensure a smooth transition to the new digital world. Among them, we find that "consumers must be the owners of their own data" while "they must rely on how their data is used, stored and transported" in an environment in which "technology is an important part of the solution."

Thus, technology is not the problem, although it can generate some problems due to an intentional misuse or incorrect programming. CIGTR collaborator, Pablo F. Iglesias, reflects on the contradictions that imply the current trend towards a highly connected and robotic society governed by algorithms, with interesting references to "the three laws of robotics" by Asimov or to the competing models of multi-agent systems. Notes that are fully valid in an field such as Information Security: what machines should make what decisions, acceding to what inputs and what algorithms?

A recent example of this difficult coexistence in the M2M (Machine to Machine) language is the massive DNS DDoS attack detected by Incapsula experts. Attackers used anti-DDoS large servers to get a very high distribution capacity. Clearly, there are some machines that defend us... But who defends them? And who will defend us from them if they misunderstand their mission?

So let's not forget one thing: if there is possibility of doing business with it, there will be a high probability that cybercrime will take advantage of it. In fact, there are some people who clearly speak of cybercrime as a "booming business", as in the case shared by Carlos Codina yesterday on IT Sec & CyberSec, the CIGTR's Community on Google+. Business calls business. Actually some "old formulas" remain in used like stealing credit card data at ATM's by the "skimming" method. It's easy, cheap, effective and immediate.

Unfortunately, while some find business here, those who should face it in the companies are unable to show how important is this for business. The results of survey data carried out in Australia are staggering: for most senior executives, security is not an investment to prevent damage and leaks, but a pecuniary punishment. Moreover, there are some cases of drastic cuts in the cybersecurity budget of a multinational company (up to 6 million), just because an executive did not see the famous return on investment (ROI) in this chapter.

And you? How much are you willing to spend on security of your own budget? Tell us here or on our social media channels. You will find the links, as usual, on the sidebar.


Post a Comment