Thursday 10 March 2016

Internet Security Depends on Human Behavior, Says RSA’s Amit Yoran

RSA, RSA Conference 2016, Amit Yoran, cybersecurity, SumRando Cybersecurity, VPN, Secure Messenger
Each year, the RSA Conference provides a place for information security experts from around the world to delve deeply into global cybersecurity problems and solutions. This year was no exception, with a record 40,000 individuals in attendance at the 25th anniversary event.

Amidst the sea of technological solutions presented, the keynote address of one man, RSA President Amit Yoran, stood out. His message was clear: until human behavior changes, the Internet will continue to be the insecure place it currently is and hackers will continue to win the cybersecurity war. For three reasons, it is human behavior, not technology, that must change:

Reason #1: The Internet is inherently insecure.

“The general purpose computing paradigms that we operate under cannot be secured. A collection of incredibly complex, interconnected systems, our digital environments, are at their core not deterministic. And with the emergence of IoT, our challenges are only going to get exponentially worse. And yet we continue to push all of our communication, collaboration, and commerce online, pretending that preventative technologies like anti-virus, malware sandboxing, firewalls and even next generation firewalls, will keep us safe when we know that they won’t. Intellectually, we get it, but that’s not translating into changed behavior fast enough.”

Reason #2: Smart creatives today become hackers, not cybersecurity professionals.

“Think about our “game” of cybersecurity. Our opponent isn’t playing the same game and they surely aren’t following the same rules. In fact, our opponents don’t have rules. So in real life, who is sitting across our game board? If you could unveil our opponents, we would likely see creative human beings who are changing the rules as they play.

“For some perspective on tackling the cybersecurity challenge, let’s take a step back and come at our problem from a different angle. Our problem is not a technology problem. Our adversaries aren’t beating us because they have better technology. They’re beating us because they are being more creative, more patient, more persistent. They’re single-minded. They have a target – no prescribed path to get there, no overarching rules limiting them, and a virtually limitless number of pathways to explore.”

Reason #3: Governments continue to fight for security reducing measures, such as weakening encryption.

“We frequently see governments muddying the waters by allowing intelligence communities or law enforcement to dominate national cybersecurity policy and initiatives. Their perspective and agendas are radically different from those trying to defend networks.

“Some policy proposals, like weakening encryption, are so misguided as to boggle the mind. In an era where cybersecurity is consistently cited as the single greatest threat to our way of life, above terrorism and all else, how can we possibly justify a policy that would catastrophically weaken our infrastructures? And contrary to the going dark rhetoric, we live in a golden age of surveillance, more so than at any other point in human history. Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if we weaken our encryption you can sure bet that the bad guys will use that and exploit it against us. Such a policy would also harm US economic interests on an already suspicious world stage, as well as unconscionably undermine those trying to defend our digital environments in every single industry.”

Yoran began and ended his speech with a reminder that, in today’s world of cybersecurity, actions speak louder than intentions. We simply cannot wait for technology to change or for experts and government officials to catch up. Take matters into your own hands and make a VPN, secure messenging, unique passwords and HTTPS part of your daily Internet routine.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

No comments:

Post a Comment