EVP Business Development, guardDog.ai
Our CEO, Peter Bookman, often points out the economics of Cybersecurity hacking. We only need to take a look at what it takes to get into the hacking business to understand why bad actors are compelled to do it so much.
Hacking is easy. And cheap!
So, what does it take to become a hacker? As Peter points out, it’s pretty much a keyboard and processor (about $200) and a bit of programming skill. Then create the deceptive emails or connection requests that hammer the internet universe in search of people to accidentally provide identifying or financial information, or to click or accept the request Then it’s game on with the exploits to extract their money or to make the ransom request.
Why do hackers persist? Because it’s easy and financially advantageous, especially when they can shape shift fast enough to enter through I.O.T. devices in Edge Territory that isn’ protected by device management or VPN. If we “follow the money” by looking at the financial incentives, we have a clear look at where the bad guys are likely to go.
Unfortunately, however, the same line of logic applies to cybersecurity providers as well.
Where’s the incentive?
As a (big) case in point, consider situations such as the ransom attacks in situations such as the Solar Winds attack in December 2020 and the Colonial Pipeline breach in May 2021. In at least the Pipeline situation, a large cybersecurity vendor was paid a multi-year multimillion dollar contract to protect the Pipeline from security breach. When the protection failed, Colonial suffered 6 days of downtime, at a potentially immeasurable cost, and paid the hackers a 75 Bitcoin ransom worth between $4.4-5 million to a Russia-linked team of cybercriminals called DarkSide, opening the way for remediation to begin and for oil to begin flowing again.
The situation was severe enough to raise the price of U.S. gas for a time. The required disclosures, of course, made the situation public and served to embolden other cybercriminals. As a small silver lining, the U.S. Justice Department assembled a task force that was able to recover approximately half ($2.3 million) of the ransom, probably due to a careless criminal who shared the private bitcoin key in emails the FBI was able to seize, according to published reports.
But here’s another interesting travesty – the very vendor paid to protect operations such as the Pipeline from attack, is also the vendor paid to remediate the situation when the protection has failed, for a price substantially higher still.
Let’s do the math.
Let alone the costs for cybersecurity insurance and cybersecurity protection, which are passed through to investors and consumers as higher prices and lower investment returns … and the costs of the Justice Department task force being funded by taxes… the aftermath of a disaster of this size hits us all. And even worse is the realization that a cybersecurity company that was paid some $4 million to protect against such a failure may now be paid $10 million to remediate the damage (while the organization, or at least the organization’s insurance, has paid an additional $2.3 million in ransom, now lost).
It doesn’t take a math or economics degree to realize that Cybersecurity companies in a case like this may be earning more money than the criminals themselves to fail, then charge the giant billings required to fix the failure their solution has failed to prevent.
While it’s extremely doubtful the technology organization would deliberately or even carelessly fail, it seems clear enough the incentives are running in the wrong directions.
As an industry we need to follow the money – to create the level of solutions that give a criminal less financial motivation to steal, and to create more financial motivation for security companies to create protection that succeeds rather than hitting an even higher payday through the charges to remediate the situation their system’s failure has caused. Solutions need to become more proactive and pre-emptive through better use of AI and better protection for the “Edge Territory” that standard device and network management solutions don’t see.
Whether your small business or your personal accounts may present a much smaller target than an enterprise like Solar Winds or an energy resource like the Colonial Pipeline, the verdict is clear – it’s important to “think like a criminal” and follow the money as we determine and build the level of security solution that is poised to succeed.
guardDog.ai provides a software service that simplifies cybersecurity management with AI-powered autonomous detection and response technology. The solution is designed to make advanced cybersecurity accessible for small, mid-market, and distributed organizations without complexity. It can be easily deployed on hardware, in virtualized environments, embedded systems, and more, offering automatic protection at the network level. Hidden threats to networks and devices are made visible and instantly terminated with intelligent countermeasures, and detected vulnerabilities are exposed. Management of the service, incident and severity level reporting, and access to additional advanced features are accessed through a cloud-based security operations dashboard. For more information, please email dealers@guardDog.ai or visit the guardDog.ai dealer page here.