The following is taken from an address given by Cylance Chief Security & Trust Officer Malcolm Harkins to the United States Senate in March 2017. We believe it’s important enough to share with the public and start a dialogue so that we can band together to find the solutions we so clearly need in order to secure our vastly-changing future. Part 1 of this series can be found here.
While the cycle of innovation brings new opportunity, digital disasters may be looming if we don’t manage the risks ahead.
These days, it’s hard to read an online news source, pick up a newspaper, or watch TV without seeing reports of new threats: cybercrimes, data breaches, industrial espionage, and potential destruction of national infrastructure.
These reports inevitably leave the impression that we are drowning in an inexorable tide of new and terrifying threats.
Reports such as these: “CloudPets' woes worsen: Webpages can turn kids' stuffed toys into intrusive audio bugs” read the headline on March 1, 2017, posted on The Register by Richard Chirgin. “Fatal flaws in ten pacemakers make for Denial of Life attacks” wrote Darren Pauli on December 1, 2016.
Whether it is these headlines or this one: “Hackers Show How to Remotely Crash a Jeep from 10 Miles Away,” there is one common denominator that exists today and will exist tomorrow:
Any device that executes code has the ability to be compromised and execute malicious code.
Emerging technology such as the internet of things (IoT), blockchain, quantum computing, and artificial intelligence offers tremendous promise for benefit, but if poorly designed, developed, and implemented, there is a likely ability for it to execute malicious code, and harm will occur.
The variety of risks and impacts to individuals, to our businesses, the economy, and potentially to society could be wide ranging and financial significant.
When assessing risk, I think it is important to look at data. Here is some data from recent surveys and studies:
The conclusion that I can draw from this data, as well as all the headlines we see daily on breaches, including the March 9, 2017 headline from Tara Seals at Information Security Magazine that read, “61% of Orgs Infected with Ransomware” - is this:
We are not in aggregate doing a good job today managing our risk. We need to do better. We have to do better.
Not only do we need to make immediate improvements today, we need to get in front of our future risks. Otherwise, the potential we have in front of us with technological advancements, which can benefit individuals, business, government and our society, will be called into question.
Cylance Chief Security & Trust Officer
Address to the United States Senate, March 2017.