- Posted by Aron Hsiao
- On October 19, 2018
October is Cybersecurity Awareness Month, and depending on whether you’re in the United States or Canada, any of the following may be the themes for weeks two and three of this month:
- Buy secure
- Our data is valuable
- Millions of jobs in Cybersecurity
- Ensuring online safety at work
Each of these themes hits a different note, but they all have one thing in common—an awareness of the way in which cybersecurity and the workplace are increasingly entwined.
Forty years ago, computing itself was merely a niche in the business world. Twenty years ago, even with information technology rapidly becoming central to the economy, cybersecurity was a similar niche.
But this is 2018, and we now face statistics like these:
- At $600 billion, the costs today that result from cybercrime are already larger than the global drug trade or the GDP of Singapore.
- At a projected $6 billion, the costs of cybercrime by 2021 will be fully half the GDP of China, the world’s manufacturing engine.
With numbers like these on the horizon, the importance of buying secure, protecting corporate data, creating tomorrow’s cybersecurity professionals, and protecting workplace cybersafety are more clear than they ever have been before.
Though many imagine B2C e-commerce when they see a phrase like this, at Plurilock we have another reaction—we realize that it’s more important than ever for organizations to buy security, and to then employ this security effectively so that clients, in turn, can buy secure.
As breaches over the last several years have demonstrated, for an organization’s customers to be secure, the organization itself must be secure—but security is now too complex and intensive a specialty for most organizations to tackle it in-house.
Plurilock, for example, employs top PhDs in the field, former national security personnel, former top brass from KPMG, McAffee, and Dell, and has a pure research track record stretching back over a decade. Our products have undergone over 35,000 hours of rigorous laboratory testing.
It’s nearly impossible for organizations that don’t specialize in security to duplicate this kind of expertise in-house, yet this is precisely what is necessary to identify unseen security problems—such as the fact that nearly all of today’s computing sessions are vulnerable once authenticated—and to remedy them cost-effectively.
For consumers to buy securely and trust that their data is protected, the organizations that serve them must increasingly be willing to invest in strong security solutions, particularly those that address long-standing gaps in cybersecurity, such as those that affect nearly all statically authenticated computing sessions.
- Over 400 million identities compromised via dating site breaches
- Over 350 million identities compromised via financial institution breaches
- Over 400 million identities compromised via retail breaches
- Over 3 billion identities compromised via Yahoo alone
These aren’t small numbers, and the effects of these breaches can linger for years—which speaks to just how valuable user data can be for black-hats.
The problem, of course, is that there’s a fundamental contradiction in information technology that the world has struggled to address since the very beginning:
- Only by storing data can we retrieve it later on
- Retrieval is what makes data useful; the less retrievable it is, the less useful it is
- Yet stored data can only be made safe by erecting barriers to retrieval
- And only completely unretrievable data is ever completely safe
It’s the last two bullets in this list that Plurilock exists to address. For decades, the barriers to data retrieval have been static ones—protections focused on login prompts, identifying tokens, and encryption. These made data retrieval harder, yet without providing nearly enough protection, as the numbers above demonstrate.
We think it’s time for organizations to change the kinds of barriers to data retrieval that they employ—from increasingly ineffective barriers like static authentication and login prompts to a new generation of barriers that are far more secure, yet also far more transparent.
- Authenticate continuously, so that the barriers to unauthorized retrieval aren’t neutralized once a user has “logged in,” but rather remain in place permanently, all the time.
- Authenticate transparently at the very same time, so that users and employees don’t don’t have to know that (or how) their sessions are always protected.
Black-hats, though, know immediately—because rather than simply having to overcome a simple barrier like a login prompt, they discover that data is safeguarded by a system that recognizes actual bodies with every single keystroke and click—and it doesn’t recognize theirs.
Jobs in Cybersecurity and Safety at Work
As a security company, we can’t help but be partial to the idea that millions of new jobs in cybersecurity are soon to come into existence—and yet we can’t shake the nagging feeling that this kind of growth, if it happens, will likely be inseparable from the growing reality that there is less safety at work than ever before.
In other words, the fact that two million jobs in cybersecurity will be ready and waiting for qualified applications next year is certainly good for new grads—but if they’re coming into existence purely because of massive ongoing security problems, we’d rather see the security problems proactively solved and these bright minds able to contribute their considerable skills elsewhere.
One of the reasons for this predicted increase in the demand for cybersecurity labor is the massive complexity and unfriendliness—both for users and for admins—of today’s security paradigms and solutions.
Encryption and static authentication have been made to carry virtually the entire weight of the security burden so far, and it shows. Each of these has become progressively more complex—both to implement and to deploy—and each requires progressively more expertise both to use and support.
And all of this while breach rates to continue to skyrocket.
Yes, if this state of affairs continues—if, for example, the only solutions that emerge amount to yet more additions to already onerous and fraught login processes—then we can see a world in which more and more cybersecurity labor is needed and workplace cybersafety is an ever-larger topic in public discourse.
But as a behavioral biometrics company, we don’t think this is inevitably how the future will look.
In fact, we can imagine a world in which some of the most intractable, expensive security risks of the present are no longer problems in the future, having been paired with solutions that:
- Are easy to deploy and support
- Protect all computing activity continuously yet transparently
- Recognize actual user identities rather than merely login credentials
- Do this using the power of biometrics
- But also do it in a way that safeguards privacy, without storing identifying details
- Does all of this in real time, to head off all threats in seconds
If this sounds like a pipe dream, you’re a bit behind the times—because this is what Plurilock’s behavioral biometrics products are able to do already.
A Better Future Than Imagined
As a behavioral biometrics company, we’re not just excited about the relevance of cybersecurity week; we’re also optimistic about the future of cybersecurity across the business and consumer worlds.
Yes, the numbers and projections all seem to indicate a world in which cyber insecurity is a dominant motif, at workplaces, in consumers’ homes, and in young persons’ career plans. But behavioral biometrics companies like Plurilock are now on the scene—and decades of cutting-edge research is now hitting the market in the form of real, cost-effective solutions. These provide the next generation of security, immune to many of the compromises and failings of the past.
So we’ll take weeks two and three of Cybersecurity Awareness Month to plant a flag in the ground and say: We’re growing rapidly and making companies, governments, and other organizations more secure than they ever thought possible—today.
So maybe the future of cybersecurity can still be a little sunnier than it looks today after all. And we hope that more and more organizations join us in our new, more secure world. ■