Exploring the Cybersphere – October 2016

SMALL cyber tuesday

This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite. Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Millions of years of evolution have given humans a shared legacy of fear triggers. Darkness, the snapping of a twig, a rush of sound can put us in full fight or flight mode. The best horror movies understand the psychology of fear, and play to our survival instincts. Movies about vampires, like the classic Nosferatu, use sound and shadows to keep us eerily on edge. As Halloween approaches, here are some stories that also can put us on edge.

It’s Alive

The combination of human and artificial intelligence will define humanity’s future
Tech Crunch

Through the past few decades of summer blockbuster movies and Silicon Valley products, artificial intelligence (AI) has become increasingly familiar and sexy, and imbued with a perversely dystopian allure. What’s talked about less, and has also been dwarfed in attention and resources, is human intelligence (HI). In its varied forms — from the mysterious brains of octopuses and the swarm-minds of ants to Go-playing deep learning machines and driverless-car autopilots — intelligence is the most powerful and precious resource in existence. Our own minds are the most familiar examples of a phenomenon characterized by a great deal of diversity. Yet, HI is unique among this variety of intelligence because of its unparalleled ability to design, modify and build new forms of intelligence. HI is what defines us as humans and our relationship with everything on earth. Now, through the combination of HI and AI, we are at the brink of intelligence enhancement, which could be the most consequential technological development of our time, and in history. Intelligence, in its varied forms, powers every opportunity we pursue and every problem we seek to solve. It sits upstream from everything else. It is at once the master tool and the master of all tools. It is not only the most general means to do things, it is also the meaning-making force that decides what is worth doing. Intelligence is what allows us to create forms of governance, cure disease, create art and music, discover, dream and love. Intelligence is also what decides that these things, rather than other things, are worth doing, by translating discoveries into meanings, experiences into values and values into decisions. The evolution of human tools, from rocks to AI, can be seen as a trajectory of increasingly powerful effort arbitrage, where we exploit our comparative advantage relative to our tools to do things better, and do more new things. Along this trajectory, tools that embody significant levels of intelligence are our most powerful yet. In this pursuit of effort arbitrage, the smallest of intelligence advancements has the power to yield enormous gains for humans, individual and collective. A seemingly simple change 2.5 million years ago — using stone tools to butcher animals — led early hominids down the path to becoming modern humans. From that modest starting point, throughout human history, we created tools that increased our individual and collective intelligence and became extensions of our natural selves. We started with crude functional tools such as hammers and axes. Over just a few tens of thousands of years, we progressed to more intelligent tools, such as thermostats, and governance technologies based on rule-of-law rather than despotism.

Artificial Intelligence-powered malware is coming, and it’s going to be terrifying
Business Insider

Imagine you’ve got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you’re planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client’s email mannerisms, with a virus attached to the map. It sounds pretty far out — and it is, for now. But that’s the direction that Dave Palmer, director of technology at cybersecurity firm Darktrace, thinks the arms race between hackers and security firms is heading. As artificial intelligence becomes more and more sophisticated, Palmer told Business Insider in an interview at the FT Cybersecurity Summit in London in September, it will inevitably find its way into malware — with potentially disastrous results for the businesses and individuals that hackers target. It’s important to remember that Palmer is in the security business: It’s his job to hype up the threats out there (present and future), and convince customers that Darktrace is the only one that can save them. It’s a $500 million (£401 million) British firm, with an AI-driven approach to defend networks. It creates an “immune system” for customers that learns how businesses operate then monitors for potential irregularities. But with that in mind, Palmer provides an fascinating insight into how one of the buzziest young companies in the industry thinks cybersecurity is going to evolve.

Desperately Seeking Godzilla

Four reasons why Asia is a prime target for cybercriminals

From attacks on Ukrainian power grids to central bank heists in Bangladesh and the leak of stolen information from the Democratic National Committee in the U.S., cybersecurity threats have escalated massively in recent years. Governments, companies and individuals are equally susceptible all over the world, but cybersecurity experts believe Asia is most vulnerable to such attacks. Data from American security company FireEye showed 28 percent of organizations in Asia Pacific were hit with an advanced cyber-attack in the second half of 2015, nearly double the global average of 15 percent. Experts told CNBC there were several reasons why Asia is a prime target for hackers. Housing nearly 60 percent of the world’s population, the aggregate number of people connected to the Internet in Asia is massive – nearly a billion people have access to the Internet, with more than half of them in China. In August, Xinhua, China’s official news agency, reported the country had 710 million internet users as of June 2016, according to an official report from the China Internet Network Information Center. “That’s a lot of people on the Internet, transacting, doing social work, social media [and] doing business,” Keshav Dhakad, regional director at Microsoft’s Digital Crimes Unit, told CNBC in a recent interview. Collectively, experts say, Asia’s level of awareness towards cyber threats and cyber security was comparatively lower than other regions, such as the United States and Europe. As a result, many companies were less likely to devote additional resources to secure their technology infrastructure against external breaches and their response time to detect such breaches would be slower. FireEye data showed globally, companies took a median of 146 days in 2015 to identify a security breach, while in Asia Pacific that number was at 520 days. The delayed response time meant attackers were more likely to succeed in stealing information without immediate detection and could make a good return on their investment, according to Bryce Boland, chief technology officer for Asia Pacific at FireEye. Cyber attackers usually have to invest capital, time and effort to build new forms of attack and their reward is often in selling the data they manage to steal. Boland explained to CNBC, “If I spend $10,000 to try to break into a company, and they keep detecting me, I’m not going to make any money back.” By remaining undetected for longer, the same attack could be used repeatedly to steal data.

A Human Sacrifice

Businesses Sacrifice Security To Get Apps Released Faster
Dark Reading

Strong security is essential in an application-centric world, but new research shows businesses are sacrificing security in order to improve speed-to-market for their app offerings. This was one of the findings discovered in a new report, “The Security Imperative: Driving Business Growth In The App Economy,” conducted by Coleman Parkes and commissioned by CA Technologies. Researchers surveyed 1,770 senior business and IT executives, including more than 100 CSOs and CISOs, to investigate how their security operations affect business performance. Results indicate businesses view IT security as a business enabler but struggle to deliver stronger protection under the pressure of the app economy. Sixty-eight percent of respondents admit they compromise on security to get apps to market faster. This is a tremendous risk. Managing user identities across thousands of apps, systems, devices, and platforms requires organizations to increase the complexity of their security practices, not cut corners. The app economy is creating new cybersecurity challenges for IT leaders operating in a multi-channel, multi-platform world. Customers expect rapid and secure experiences from any device, and will take their business elsewhere if security is burdensome or data is jeopardized. The rise of mobile and cloud has opened up new opportunities to drive the app economy, explains Nick Nikols, SVP and CTO for cybersecurity at CA Technologies. However, it also changes the security dynamic. What happens to traditional security approaches, like hiding behind a firewall, when data can be located anywhere? “How do you secure something that is much more ‘out there,’ and not entirely under your control as much as it once was?” says Nikols of protecting cloud-based data. When information can be stored anywhere, businesses can’t rely on traditional approaches to security. It’s time for businesses to think outside these approaches as they pursue new opportunities in this environment.

Attack of the Killer DDOS

Here’s what crippled the internet

Twitter wasn’t working and neither was Netflix. Spotify was down, too. And anyone visiting Amazon, PayPal, or Reddit probably encountered trouble on the web.

For much of the day Friday, the internet’s core infrastructure was under a massive attack, shutting off access to many sites and slowing down the internet for much of the East Coast.

The disruptions were caused by a series of cyber attacks on Dyn, a provider of internet performance services to many of the biggest tech companies. Starting early Friday, Dyn experienced multiple distributed denial of service, or DDoS, attacks in which adversaries overload a victim’s network with traffic directed from a large number of malware-infected devices.


By Tom Davis, SDI Cyber Risk Practice

October 25, 2016