There has never been a greater, more urgent call to arms than ever before. Regardless of the size of your organisation, you need to hunker down now and rethink how you approach the concept of cyber security. This is not a case of Henny Penny calling out that the sky is falling: the threat is real. Today, as we stand on the cusp of a fourth industrial revolution, we face never seen before threats.
Nations and organisations need to ensure continued safety and make tomorrow safer than before. To do that, we have to rethink the way we approach cyber security. One thing is for sure: like with any other paradigm shift, the next war will be nothing like the previous war. As such, tomorrow's pressing needs calls for a response today. We need a revolutionary new concept in cyber security. At Quann, we call this Liquid Defence™.
To understand how the Liquid Defence™ works and why it is needed, it is crucial to first understand the context in which it was conceived. Tomorrow's world will be so radically different. Processes that used to rely on or include physical labour will be automated and digitised, and firms will increasingly shift towards value and innovation creation. Jobs will be lost and therefore have to be recreated.
Data will be constantly created in huge volumes and great variety, like an overflowing tap; as everywhere devices run autonomous decisions, using the context and content of their sensed inputs. In addition, wireless technologies empower rapid data exchanges and sense-making in real time. Commands are sent verbally to machines that are fitted with Artificial Intelligence (AI) that can outperform humans. As such, decision making and machine derived competency in the form of distilled data will be the new crown jewels.
Such great changes will also precipitate similarly great social and political changes too. The catalyst for such changes are already here with us today in the form of the Smart Nation, the Internet of Things (IoT), and the proliferation of cognitive AI on the horizon.
With these changes, however, come great dangers. As the Chinese proverb goes: water can both lift a boat, or sink it. While new technologies and their applications can lead to more prosperous and efficient economies and enhance our standard of living, they also make us more vulnerable.
Many high profile hacks this past century, up to and including the leak of sensitive emails from the American Democratic National Convention this year, have been attributed to state or state-linked hackers. Already, states are incorporating cyber warfare into their defence doctrines and policies. Offensive hacking is a crucial part of many militaries' asymmetric capabilities today, and are pursued with dedicated investments of manpower and resources. In North Korea, a military unit that was started in 1998 with only 500 personnel has today grown to over more than 3,000. The United States military has also announced a goal of assembling an operational cyber force of about 6,200 men by the end of 2016.
Beyond the state, firms of all sizes and even private individuals are increasingly put at risk. A typical cyber assault would be a kind of wiper attack, which could render workstations unusable, was first seen on a large scale in 2012, when staff at the oil company Saudi Aramco tried to switch on their computers. Aramco suffered a cyber attack that rendered the company's IT non-functional for weeks. Today's attacks are much more lethal and fast striking. Attacks such as ransomware, which is a type of malware that prohibits or limits people from accessing their computer are putting corporates and even personal vital information at risk. Because today's individuals aggregate multiple crucial functions like communications, storage and navigation onto only one device, hackers can use information gathered from their devices to learn a lot about the individual. Hackers can potentially auction off, or blackmail high-profile individuals with information harvested from their devices. The same goes for firms. Increasingly, companies anchor their business models in knowledge creation. Such trade secrets are profitable, and therefore centre firms of any size squarely in the hackers' cross-hairs.
The Liquid Defence™ model is a paradigm shift from today's static defences that rely on access denial. While the Liquid Defence™ model can be adopted alongside static defences like firewalls, Liquid Defence™ assumes that a significantly numerous, dedicated and competent attempt will ultimately breach any system's static external defences.
Liquid Defence™ is so named because it constantly shifts to engage with an attack. It refuses to offer a conventional firewall as a defined and static target, and prefers to engage the attackers within the relative safety of its defences. It entraps, envelops, and finally eliminates threats like wasps drowning in honey. Liquid Defence™ is characterised by four traits: asymmetry, resiliency and agility, autonomy, and vigilance.
Cyber defences that adopt the Liquid Defence™ model have no intention of engaging in a fair contest with would-be attackers, and will therefore stack the deck in the defender's favour by creating asymmetrical tactical positions. To do so, the smart defenders should create a virtual labyrinth within their network in which to entrap and confuse the attacker. It does so by creating a number of decoy files, folders, and directories which attackers must navigate. While legitimate users of the network will never trip across any of these decoy files, stealing them on the part of the attacker will lead to alarm bells being sounded.
In addition, Liquid Defence™ is also focused on Security by Design, having an in-built resiliency and agility. This resiliency and agility, however, is by virtue of the system's adoption of AI. The AI augmented defences can move swiftly to identify and patch breaches into the network, and continually learn to identify and interdict malicious activity within the system, regardless of the number and types of activity. Another reason the Liquid Defence™ should leverage on AI is that it helps defenders maintain parity. Beyond the fact that an AI-driven defence is more effective, efficient, and economical, its adoption is also driven by the fact that those seeking to do us harm will surely adopt it as quickly as they can.
There are other benefits that AI can bring to the table. AI also enables the Liquid Defence to be both autonomous and ever-vigilant. The Liquid Defence™ must function at a level that human-driven defences today cannot, and must therefore rely on AI to maintain perpetual vigilance coupled with ever more accurate threat assessments as they learn to identify and cope with attacks over time. AI helps to lower the human cost of the implementing Liquid Defence™ systems too. By automating the defence process, the manpower and economic burden on the firm can be lightened.
The time to act is now, because the threats that organisations face are real and pressing. Large corporations might be able to weather the storm, but small and medium enterprises are unlikely to do so; furthermore, hacks into governments might irrevocably erode the public's trust in the state.
By striving to be at the forefront of cyber security thought, our cyber security doctrine can be redefined by Liquid Defence™. Together, by acting swiftly and decisively today, we can secure a safer environment for tomorrow.