The difficulty in figuring out who, exactly, is behind cyber attacks creates a vacuum typically filled by technological finger-pointing. The software exploited, network abused or malware used come under intense scrutiny, distracting from the people responsible.
A Raging Battle
Cybersecurity vendor nomenclature has responded in kind, with modern countermeasures touting machine learning, artificial intelligence and other automated responses. This has the effect of creating an overriding feeling of anonymized machine warfare, sanitizing the human element of the conflict.
Technology needs to play a part, because without the multiplier effect of the almighty algorithm, the good guys will be overrun in a day. However, we need to recognize the role that people play in this war. The public goes about its daily lives unaware that a continual battle is raging over the fiber-optic cables deep beneath their feet.
The fight against cybercrime is a positive development in which companies are uniquely involved. Never in human history have people in the private and government sectors worked so closely together to address a nefarious element. On a micro level, the good guys who work at cybersecurity companies are some of the most dedicated I have seen for exactly this reason.
Never Give Up
Driven to address a continually morphing problem that affects millions of people around the world, the team I work with develops and updates software at a furious pace. Aside from the usual motivations, this is because every single member of my team knows that if we don’t keep moving forward, the enemy will get ahead of us. In addition to the usual bug fixes and efficiency updates, we know we are real people helping families keep their pictures, money and personal data safe everywhere, from Hyderabad to Harare. The teams that update software are acutely aware of this, often paying in sweat and caffeine trying to stay ahead of their adversaries.
To say the pace of change in this industry is relentless is an understatement. However, this is not to do with management diktat; rather, the motivations of good people to deny bad people.
The X-factor that good humans bring to solving problems must never be understated in beating bad humans. All too often, new, automated security technologies are heralded as a magic bullet, only to be undone by a simple human factor. You can have nearly sentient algorithms guarding your company perimeter 24/7, but does it understand the sarcasm, twisted humor and pop-culture references used by a cyber attacker? When HAL9000 alerts you to 38 imminent threats and everyone is at the beach out of cell-phone range, what then?
To say the pace of change in this industry is relentless is an understatement.
This is where there needs to be an element of human thinking in the mix. For all its benefits, automation still needs context on which to base decisions; it can get stuck if faced with a stinker of a curve ball. Human beings come with what technology would deem “faults” hardwired into their decision making process. Random influences such as emotions or preconceptions become factors in the response to any problem.
If it truly was a machine versus machine war, this would be an unnecessary external factor. Given that the point of instigation for any attack is human — this intuition can be an absolutely vital part of the decision making process.
The Fight Will Go On
As those who have been in the trenches of the security industry for some time will tell you, there is no panacea. Fighting nefarious activity online is an ongoing battle, with new enemies popping up at a rate that only mathematics and computing power can enable.
However, one thing that I am absolutely certain about is that it is not just a binary battle fought purely with technology. People are as much a necessary part of the response, if for no other reason than the fact they instigate it in the first place.