“In the period of 2021 more successful security attacks and compromise will be encountered, with many high profile organisations, in multiple sectors falling on their own sword of insecurity, and will thus pay the price of the reactive style of a supposed security posture. Sadly, 2021 will not be the year we see real steps taken toward Cyber Resilience – but it will be the year in which we finally see a more serious mindset toward addressing cyber insecurity with a proactive security posture.”
Developed back in the 1830/1840’s by Samuel Morse and other collaborating inventors, the telegraph revolutionized long-distance communication. It worked by transmitting electrical signals over a wire laid between stations, and changed the nature of communications forever – in fact it was commented by one authority:
“The new technologies will bring every individual into immediate and effortless communication with every other, and will practically obliterate political geography, and make free trade universal. Thanks to technological advance, there are no longer any foreigners, and we can look forward to the gradual adoption of a common language.”
Powerful words, linked to positive aspiration. However, stepping forward to the invention of the Internet by Sir Timothy John Berners-Lee, not only may we track our all encompassing technological progress, but equally may note that the outcomes have not always been so positive, with the advent of cyber insecurity.
From the Genesis period of the Internet Revolution there was always a very real concern that such a multi-faceted world on interconnectivity should dictate a very firm need for security in the uncontrolled space of the World Wide Web (WWW) – it did not. In fact such early concerns were around the area of the Internet naming and numbering authority – or, to put it bluntly the root authority. In that era, John Postel was, like many are today, fighting to prove the dangers of lacklustre controls, and on 28 January 1998 decided to take action, and took control, sidestepped Network Solutions and demonstrated that he could transfer root authority whenever he chose to – this made those in control sit up and take note.
So just what has the histrionics of the Internet got to do with the WWW today – answer, the simplicity of John Postels early concerns are now maximised to an unprecedented level with complex interwoven connectivity, with potentially millions of domains across the world being maintained in a vulnerable and exposed profile.
Along the path to exploiting what is referred to as the Super Highway, multiples of global organisations, and governments have embraced this easy to empower technology to their own singular advantage. However, as this eager embracement grew, it would seem in the majority of cases, those who were chasing the benefits of the Internet were unaware of the Genie of Insecurity which was gradually creeping from the lamp and entering their domains.
As of 2020 there are around 2 billion websites running on the net, so just imagine if 10% are insecure – that amounts to 200,000,000. However based on what has been discovered from a number of sample surveys conducted with WHITETHORN SHIELD that number would seem to be very much on the low side – with 25% being a more realistic percentage, the end number of insecurity is now scarcely significant.
What really changed the world of cyber was the appreciation and practice of OSINT (Open Source Intelligence) which goes well beyond the element of the IP address to discover titbits of unknown unknowns which can expose even the most secure of sites – titbits gathered from multiple sources may then be leverage to paint a aggregated big picture, Cuckoo Egg style off-line acquisition of dark intelligence metrics which may be used to further expose and exploit further insecurities.
In 2020, much work has been done by Cybersec Innovation Partner with their cutting edge WHITETHORN SHIELD engine, and findings gathered from both commercial and government sites are to be observed with the question – how can this be? The findings not only suggest there is a potential for cyber insecurity to exists on multiple site, but goes well beyond and prove that these discoveries are fact. The problem seems to be, nobody is willing to listen – that is until such time they are compromised!