By Apu Pavithran, CEO, Hexnode
When Charles Babbage invented the first computer in 1822, little did he know that its capability to store information would unleash a series of cybercrimes. What started as an attack on the French Telegraph system in 1834 later saw its better selves with the advent of the internet in the 1960s. After a series of destructive attacks, the concept of ‘computer security,’ commonly dubbed as ‘cybersecurity,’ was born in the 1970s.
Following the attack on the ARPANET, the Internet’s predecessor that harmed 10% of the connected computers, the Association of Computer Machinery (ACM) inaugurated ‘National Computer Security Day’ in 1988. A decade back, when your business took birth in a garage with you and your partner being the only employees, security never had to be a cause of worry. However, over the years, as your businesses mushroom, your staff base expands, and your workplace landscape turns around, slacking on security might mean putting your business on the line. So, as another November 30th draws close, let’s rewind the clock and evaluate where we stand today in terms of security.
The Exodus towards Computer Security
A great majority of people believe that using a seven-character password to secure your devices is the sum total of cybersecurity. However, the latest conversations around password management and security give an insight into how passwords used in brute force attacks usually include eight or more characters. With the dark web controlling the internet to gain monetary benefits, it is evident that data is not just safe anymore and passwords like “12345”, “qwerty,” and “password” can easily put your business on rough waters. The fact that bidders are willing to pay an average of US $ 3,100 for stolen credentials in the dark web sets off every alarm and drives businesses’ attention to password management systems. Unfortunately, businesses seem to disregard such alarming figures, and many organizations are yet to deploy a mechanism to manage their work passwords.
While these issues can be addressed by subscribing to a password management tool, the concept of passkeys has been slowly sweeping over the password management business. Google, Microsoft, and Apple have all supported this cryptographic alternative to passwords, the latter picking up the technique in iOS 16 and macOS Ventura.
Additionally, intending to do away with the password system, passwordless authentication has been gaining traction in conjunction with SSO (Single-Sign-On) and MFA (Multi-Factor Authentication). This authentication mechanism allows users to gain access to an application or IT system without entering a password or answering security questions.
Encryption, the mechanism of converting plain text into cipher text, has always been identified as one of the most powerful tools in the security arsenal. As a result, various operating systems have developed their version of encryption, like BitLocker for Windows and FileVault for macOS. However, given sufficient computing power, any sophisticated adversary could crack an encryption code, which calls for advanced encryption techniques. In addition, quantum computing will eventually make encryption more challenging. However, in the interim, organizations must evaluate their assets and take advantage of confidential computing.
Down the road of Computer Security
While the Internet changed lives in the 60s, the ‘Internet of Things (IoT)’ took over in the 2000s. While connectivity is the cardinal virtue of IoT, it is also its Achilles’ heel. A threat in one of the devices translates to affecting the entire computer network. In response to securing IoT, technologies that protect every link in a chain have been gaining wide adoption.
One such technique that has been lauded as the future of network connectivity is SASE (Secure Access Service Edge). When on-premise and perimeter-based solutions started to make little sense in this distributed workforce, SASE brought security to the table via the cloud, making it one of the most promising examples of edge computing. However, while most big enterprises are already using most of SASE’s services like SD-WAN, CASB, FWaaS etc., the scenario is different for mid and smaller enterprises. Small to mid-scale businesses might need more dedicated resources for networking and security. It comes as no surprise that, given the centralized, cloud-native, and distributed design of SASE, Gartner expects that, by 2025, at least 50% of enterprises will have established SASE strategies.
The evolution of mobility has its own share of history. Today’s endpoint culture encompasses more than just PCs- smartphones, laptops, wearables and IoT. Further broadening the mesh, the BYOD bandwagon has also introduced personal devices into the network. Cloud-based technologies like Unified Endpoint Management (UEM) solutions, exclusively tailored for endpoints in a distributed workforce, help manage, monitor and secure your multi-platform corporate assets. From provisioning new devices and pushing configurations to remotely controlling, troubleshooting and locking them down, the capabilities of a UEM go far beyond the scope of this article. However, it is worth noting that, given how IT asset footprints have been rapidly expanding and the UEM industry predicted to be a $53,656 million industry by 2030, there will be a lot to watch out for in terms of integrations and collaborations with other security solutions like IAM, ZTNA and MTDs.
Closing Note
That yesterday’s solution can barely solve today’s chaos is a platitude for those in the tech industry. Technology has never ceased to astound us, nor has the evolving threat landscape. I can no more than concur with Troy Hunt’s assertion that we have started collecting data from devices that were never digitalized before, and 2023 is going to be scarier than its predecessors. One need not look closely to realize that cyber threats have also booked a spot in global politics. Furthermore, we still need to address the lingering cybersecurity skill gap. Cyberspace has always been about the survival of the fittest, and the deal is to consider this chaos as more of a ladder than a pit.