Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
A Cybersecurity Wish List
January 3, 2022
On the whole you’d have to say cyber crime pays. It cost the U.S. public more than $4 billion in 2020, according to FBI statistics, and that estimate is probably way low says a cybersecurity officer quoted in a Security Boulevard article. He notes that many victims do not report, and surmises the actual figure is likely four to five times more than the FBI’s estimate.
What would change the balance? An article in the online industry publication SecurityIntelligence identifies six potential game-changers in the cybersecurity battlefield, couching them, as the writer says, as a holiday wish list for cybersecurity professionals. The first is an imagined supercomputer-created AI product, an “ethical hack tool,” which he suggests could be created by way of a funded contest from DARPA (the Defense Advanced Research Projects Agency). It would create a simulation of an organization’s entire network, “including third-party cloud services, user devices — everything,” and then run simulations of every conceivable kind of attack. The end product would be a list of vulnerabilities and strategies to fix them.
Item number two is simpler, and unlike the first is not dependent on a technology that in theory could itself be hijacked. The suggestion is that no ransomware demand be paid, ever. It would be unlawful to do so. Instead, the victimized organization would be compensated “for 100% of the costs resulting from non-payment, ” essentially by a kind of national cyber insurance. There’s the rub, some would say. Who would determine those costs, and how? And isn’t some data irreplaceable? But there is no denying the upside – a “one-two” punch, as the author writes. The victim gets compensated and the incentive to conduct a ransomware attack disappears.
The third item on the wish list is a laptop designed from the ground up for use by remote workers, with built-in security features. Also on the list is the development of a diversified supply chain for electronics; full adoption of the “zero trust model”; and a massive increase in funding for the training of both students and cybersecurity professionals.
Share this post: