Can the Internet Ever Be Secure?
By some estimates, over 150 million phishing emails are sent every day. Think about that number for a moment, that’s 1,736 attempted crimes every second of every day. And by and large, it’s those phishing emails that get through our cyber defense mechanisms that lead to a substantial portion of cybercrime losses. What’s worse, cybercrime is the perfect ghost crime with attackers coming and going without a trace, emboldened by anonymity. How can we solve this? Can the internet ever be secure?
In 2015, Inga Beale, Lloyd’s of London CEO, estimated that cyberattacks globally cost businesses $400 billion a year in damages and business disruption.
Another report by Cybersecurity Ventures, a US based research firm whose board of advisors includes the likes of John McAfee and Michelle Finneran Dennedy, the VP & Chief Privacy Officer at Cisco, predicts that the potential worldwide cost of cybercrime will exceed $6 trillion by 2021. $6 Trillion? That’s more than the projected 2016 GDP of Germany and the UK combined.
So, what are industry expert’s best response? Spend more money. According to IDC, worldwide IT organizations spent almost $74 billion on security related hardware, software, and services in 2016. This is expected to increase to over $1 trillion over the next four years according to Cybersecurity Ventures.
Will the increased spending change the trajectory of criminal activity? Hardly; a trillion dollars spent and up to $6 trillion in losses, that’s a losing battle in my book.
The greatest failure in existing cyber defense strategies is that criminals are not being held accountable. In all of 2015, the most recent year that annual statistics are available, the FBI only made 49 Computer Criminal Intrusion Arrests.
Why the huge disconnect between the damages of the crimes and the number of arrests? The short answer is that in order to arrest someone, you need evidence. And unfortunately, cybercrime today is the perfect ghost crime; criminals usually do not leave behind any useful evidence. Whereas in most traditional crimes, criminals can be identified through facial recognition, fingerprints, DNA or other evidence.
So why we are completely feckless in collecting cybercrime evidence? This is because the Internet, created through the ARPANET project, designed the underlying communication protocols for openness, leaving them devoid of security. Yes, a US Department of Defense funded electronic communications project produced the early Internet protocols without any security at the protocol layer.
Okay, so what’s the fix? It’s surprisingly simple, borrowing a technology used by ransomware criminals themselves, Blockchain. Blockchain protects information we don’t want accessed or tampered with by only verifying data transactions that follow the rules. Redesigning the Internet Protocols with Blockchain technologies will allow us to irrefutably identify the sender.
Irrefutable identity in Internet communications would allow organizations that have been victimized by a cybercrime to provide law enforcement with the cyber-DNA evidence to prosecute the crime.
Certainly, the devil is in the details and it won’t happen overnight; but the cost to create irrefutable Internet communication transactions through the use of Blockchain has certainly got to be cheaper than trillions spent on other solutions.