Of all the different periods in human history you could have lived, today’s technologies and our digital and connected society have magnified your ability to disrupt the status quo and change the lives of billions of people at a scale and speed that was unimaginable even just a decade ago.
Today, if you hit the right metaphorical buttons, your ideas, opinions, and products can be embraced in real-time by more than half the world’s population and change global behaviors in an instant. Step back 50, 100, 1,000 years and no one – not kings or queens, or presidents or prime ministers – wielded that power.
Together, the three force multipliers of connectivity, “digital,” and technology make individuals more powerful than ever, so much so that now all you need to bring a country to its knees is arguably one hacker and some carefully placed ransomware. Ponder this point carefully: Historically, to accomplish this you would have needed lots of expensive assets, resources, and of course, an army.
Today the cost and effort of launching increasingly sophisticated cyberattacks against targets are approaching zero. Put bluntly, the cost of crippling your organization could soon be less than a candy bar. And that’s before we discuss the impact of automation and autonomous systems.
Furthermore, as the force multipliers increase in both ubiquity and utility, and as everything becomes increasingly connected, this situation will only get worse. So it’s no surprise that cybersecurity is top of mind and keeping everyone awake around the globe.
With this resolute focus on cyber, though, it’s easy to forget everything can be weaponized or made vulnerable. That’s why it’s important to remember that keeping your assets and your people safe requires a “defense-in-depth” approach. After all, you might have the world’s most secure data center but in the “real world,” I have a bulldozer, a map of the local power grid, and a lit Molotov cocktail.
Dark forces gathering
Think of the world’s greatest innovation communities and I’ll wager you think of Silicon Valley or Cambridge in the U.K. It’s unlikely you’ll think about the criminal underworld, but from Napster, which inspired commercial music-sharing platforms, to the weaponization of the encryption systems designed to protect us, to Deepfakes, these and many other innovations owe their existence to criminal ingenuity.
With reportedly $6 trillion in annual revenues or 7 percent of global GDP, criminal communities have grown revenues at double digits for over two decades now. They’ve been supercharged by these force multipliers and resolutely unfazed by the attempts of the world’s most powerful governments, which have spent trillions of dollars to dismantle them.
Today, some criminal enterprises such as the mafia and Hydra, a dark web marketplace, are so successful that if they were legitimate they’d be the fifth- and 67th-largest organizations in the world with revenues of over $248 billion and $45 billion respectively. Plus, with some lines of business growing by triple digits; with revenues from ransomware operations, for example, now topping $350 billion annually; and, from cyber topping $1 trillion, if they were publicly traded, they’d likely be the bulls of the market.
Around the world, these criminal communities run schools to train the next generations of hackers and scammers, sell their products, such as DDoS, malware, ransomware, and zero-day exploits as a service, and if you have a problem running your attacks then their dark-web support desks are there to help – all for a cut.
How about hacking a police forensics lab by encoding malware into DNA so that when the gene sequencer analyses it, the resulting data becomes a program that takes control of the underlying computer? That one’s not science fiction. It happened.
Neither are adversarial attacks, where the adjustment of a single pixel on an X-Ray can cause a hospital algorithm to give terminal cancer patients the all-clear, or alter the results of clinical trials for the purposes of medical fraud. Then there’s the favorite “sticker-on-a-stop-sign” attack that causes autonomous vehicles to accelerate through intersections, and of course, the strap-some-explosives-to-a-drone while it’s using near-infrared to exfiltrate data through the window of your company’s offices attack.
I haven’t even discussed the use of Deepfake technology or other forms of disinformation campaigns that can undermine democracies or tank your company’s share price so criminals can buy at the bottom and sell high.
Then, of course, there’s hacking verified Twitter accounts and using them to promote crypto scams, as well as hacking your cloud instances or smart fridges to get them to mine crypto.
Notching it up, we have criminals adjusting sensor readings in industrial plants to get them to explode, reverse engineering proprietary AI systems and even cyber security software itself from the cloud and using X-ray lithography to reverse-engineer computer chips. They’re cloning people’s biometric data, including voices, then using them to phish and scam companies out of huge sums of money – including over $250,000 recently from an anonymous European energy firm.
Too little, too late?
The future has even more in store: From criminals who are already building NMR (nuclear magnetic resonance) quantum computers in their garages (whose big brothers could crack 4,096 encryption and Bitcoin wallets in hours) to implanting malware on implanted medical devices and literally holding people’s lives to ransom.
We’re just starting to get warmed up: From the development of ‘curious’ problem-solving open-ended AI systems and robo-hackers that can probe your company’s defenses and engineer and evolve their own exploits millions of times faster than any human hacker, to autonomous polymorphic malware and the use of synthetic biology tools to re-create viruses like the highly contagious and previously extinct Horse Pox virus (a cousin of smallpox), along with its obvious implications.
Notably, this latter threat became real when, ironically, legitimate Canadian researchers used $100,000 and mail-order DNA to “de-extinct” said virus. The World Health Organization had this to say in its public report on the matter: “[This] did not require exceptional biochemical knowledge or skills, significant funds or significant time.”
When it comes to conceiving new ways to threaten our establishments and even our own existence, we have no shortage of ideas, but when it comes to solutions, it’s often too little too late.
This was perfectly highlighted in 2017 when 40 world-renowned experts met behind closed doors at Arizona State University to play the “Doomsday Games.” When it came to brainstorming future threats they matched the world’s greatest sci-fi writers. But when asked how the teams fared when it came to designing solutions to counter these threats, their reply, as reported by Bloomberg, was: “Not well.”
Reasons to be positive
As a society, we benefit greatly from new technologies, but the downsides can be as powerful as the upsides, so we must remain vigilant and be prepared for what’s coming.
The advantage that humans have is our well-honed “fight-or-flight” response; it’s why we’ve flourished as a species. It began with our most distant ancestors who quickly realized the rustling in the grass may be a potential predator.
Today, when it comes to cybersecurity, we hear the tiger in the grass louder than ever, and we have a call to action: Band together and fight.
Read the 2021 Arm Security Manifesto
The third Arm Security Manifesto surveys the threat landscape today and details the tremendous strides the industry has made in the past four years.