Wiping your bum with your other hand

Why we had to re-learn what cybersecurity is

It's the least natural thing to do - to change your thinking from something that is ingrained from years of behavioral learning to something new. The only reason to change our thinking on cybersecurity was that it was fundamentally flawed, and the consequences of those flaws have significant impact. Unlearning flawed thinking is hard. It means we have had to re-learn about what my industry is and does.


What we learned is that what we call cybersecurity, isn't. Most often it is network security. Sometimes it's application security or information security. Each is a part of cybersecurity but to refer to the services and tools that deliver network or application security as cybersecurity is wrong. It's like giving a seven year old a seat and handlebars for his birthday and telling him to enjoy riding his bike.


It would be okay to call these things cybersecurity if it didn't matter - after all it's just a word, right? But it does matter.


The cyber world is much bigger than a network or the cloud or a set of applications. It includes all the internet, including social media, the deepweb and the darknet. Security services or tools that secure a network or a set of applications, whether these extend into the cloud or not, can't cover all the internet, the deepweb and the darknet. They are incapable of identifying threats that emanate from places that they don't know exist or understand, until its too late. Being purely reactive, they simply respond to what comes to them, usually after the event. (101 days after the event, on average, according to Mandiant)


It matters because these services and tools have become so ineffective in fighting cybercrime that they are simply treated as an inconvenience to those who are going over, under or around them; or more commonly today being invited in the front door.


It matters because cybercriminals who use advanced strategies and tools to infiltrate networks to take what they want are winning the cyberwar. Cybercrime pays. It is the most lucrative form of crime, with the lowest chance of being caught. US$600 billion in 2017, according the Center for Strategic and International Studies report, "Economic Impact of Cybercrime - No Slowing Down".


Calling network and application security cybersecurity matters because it implies that these tools can protect from cyberthreats when they really can't. Cybersecurity is much more than the vendors of these tools and services are saying.


From our new relearning perspective a cybersecurity system must do four things:

  • It must be Relevant to the way we live and work today - which is Anytime, Anywhere, Any device.

  • It should provide Intelligence - it should be able to deliver timely and credible information that can be acted on to protect or remediate.

  • It should be Proactive in identifying risks before they become threats, whether the risk is inside or outside the organisation.

  • It should Protect.


Network and application security only do the last. Beyond protection they deliver none of the things that make up cybersecurity. The vendors of network and application security services and tools are selling us short - handlebars and bike seat - short! If we keep letting them tell us that network security and application security are cybersecurity solutions, our thinking won't change. Years of conditioning - telling us that all that they have is all that we need for our security has proven to be a lie - it's not working!


That's why we need to rethink what we know about cybersecurity. That's why we need to start asking some tough questions - like "where's the rest of the bike?" That's why we need to do that awkward thing - just like learning to wipe your bum with your other hand, and find cybersecurity solutions that are relevant, intelligence-delivering and proactive. Even if these new solutions are new and unfamiliar - names we've never heard before - products and services that we don't intimately understand, we need to do more to protect our sensitive data, our customers and our intellectual property.


It doesn't mean that we should discard what we have. We need everything that our protective tools give us, We just need more things to round out our cybersecurity solutions.


Darkscope was born out of this rethink - the need for more than just protective services. Our trained Artificial Intelligence is in the darknet and on social media. It can find client-specific intelligence that we can deliver proactively to our clients. We call this Proactive Cybersecurity. Our monitoring and reporting services - Cyber Risk Score, Cyber Watchtower, Domainwatch and eScamwatch have been built using this technology to hunt in the darknet and on social media to find the malevolent behavior that represents cyber risks to our clients.