Business Resiliency

Can the Internet Ever Be Secure?

David Edborg By David Edborg Portfolio Manager, Business Resiliency February 10, 2017

By some estimates, over 150 million phishing emails are sent every day.  Think about that number for a moment, that’s 1,736 attempted crimes every second of every day.  And by and large, it’s those phishing emails that get through our cyber defense mechanisms that lead to a substantial portion of cybercrime losses.  What’s worse, cybercrime is the perfect ghost crime with attackers coming and going without a trace, emboldened by anonymity.  How can we solve this? Can the internet ever be secure?

In 2015, Inga Beale, Lloyd’s of London CEO, estimated that cyberattacks globally cost businesses $400 billion a year in damages and business disruption. 

Another report by Cybersecurity Ventures, a US based research firm whose board of advisors includes the likes of John McAfee and Michelle Finneran Dennedy, the VP & Chief Privacy Officer at Cisco, predicts that the potential worldwide cost of cybercrime will exceed $6 trillion by 2021. $6 Trillion?  That’s more than the projected 2016 GDP of Germany and the UK combined. 

So, what are industry expert’s best response?  Spend more money.  According to IDC, worldwide IT organizations spent almost $74 billion on security related hardware, software, and services in 2016. This is expected to increase to over $1 trillion over the next four years according to Cybersecurity Ventures. 

Will the increased spending change the trajectory of criminal activity?  Hardly; a trillion dollars spent and up to $6 trillion in losses, that’s a losing battle in my book.

The greatest failure in existing cyber defense strategies is that criminals are not being held accountable. In all of 2015, the most recent year that annual statistics are available, the FBI only made 49 Computer Criminal Intrusion Arrests. 

Why the huge disconnect between the damages of the crimes and the number of arrests?  The short answer is that in order to arrest someone, you need evidence.  And unfortunately, cybercrime today is the perfect ghost crime; criminals usually do not leave behind any useful evidence. Whereas in most traditional crimes, criminals can be identified through facial recognition, fingerprints, DNA or other evidence.

So why we are completely feckless in collecting cybercrime evidence?  This is because the Internet, created through the ARPANET project, designed the underlying communication protocols for openness, leaving them devoid of security.  Yes, a US Department of Defense funded electronic communications project produced the early Internet protocols without any security at the protocol layer.

Okay, so what’s the fix?  It’s surprisingly simple, borrowing a technology used by ransomware criminals themselves, Blockchain.  Blockchain protects information we don’t want accessed or tampered with by only verifying data transactions that follow the rules. Redesigning the Internet Protocols with Blockchain technologies will allow us to irrefutably identify the sender.

Irrefutable identity in Internet communications would allow organizations that have been victimized by a cybercrime to provide law enforcement with the cyber-DNA evidence to prosecute the crime.

Certainly, the devil is in the details and it won’t happen overnight; but the cost to create irrefutable Internet communication transactions through the use of Blockchain has certainly got to be cheaper than trillions spent on other solutions.

David Edborg

About David Edborg

Portfolio Manager, Business Resiliency

David originally joined EMC (now Dell EMC) in 2005 and is currently the Portfolio Manager for Dell EMC Business Resiliency Services. Over his career at Dell EMC, David has served as a Global Practice Manager for Availability Technologies, as an Availability Services Solutions Principal, and as the Chief Architect for EMC’s Continuous Availability Services Line.

David has over thirty years in the computer security and disaster recovery industries. Out of college David worked as an IBM Assembler coder and wrote operating system mods for ACF2/VM; the first ever security product for IBM’s Virtual Machine OS. He has worked with other vendors and partners in the DR industry, including supporting recoveries from the 9/11 event. David has also worked in the packaged software industry as Director of Development and Support for a computer security product.

Read More

Share this Story
Join the Conversation

Our Team becomes stronger with every person who adds to the conversation. So please join the conversation. Comment on our posts and share!

Leave a Reply

Your email address will not be published. Required fields are marked *