cYBersecurItY
16 APRIL/MAY 2017 www.vanguardcanada.com
c
ThreaTs in
THe HyPer-CoNNeCTeD WorlD
by valarie Findlay
F
or as much as "white-hat" technologists (the good guys)
have made advancements, it has become abundantly clear
that the risks remain and go beyond technological vulner-
abilities and remedies. In other words, cyber-threats have
become much more than surreptitious, malicious software that
attack our assets; likewise fighting cyber-threats doesn't always
require a technical safeguard.
Formed decades ago, the axioms and what we have come to be-
lieve about cyber-security and the characteristics of cyber-threats
persist, but these outdated notions only stand to hinder efforts,
ignoring the capabilities of the new threat landscape
Naturally, security controls and risk management have been,
and will remain to be, revolving themes in discussions on improv-
ing cyber-security, but at the policy level we're still fighting these
battles as we did in the 1990s. The old-school approaches, such
as "shared responsibility" between stakeholders and enforcement
through pseudo-regulatory measures, aren't working and won't
– and here's why.
domains and asymmetry
Cyber-threats are rooted in unbridled, malicious innovation and
the results are constantly evolving technologies with increasingly
complex attack vectors. Additionally, cyber-threats have become
asymmetrical, designed to capitalize and exploit multiple domains
– the various avenues of opportunity for information-gathering
and acquisition of an asset or target. Years ago, exploits occurred
through primarily network vulnerabilities, but today they can
originate in one or many domains, including physical, application,
device, resource (people) and policy security.
For that reason, an organization's cyber-security framework
must consider more than just technological responses to threats;
it must consider design, development and implementation of
practices and measures across various domains to collectively ad-
dress threats. However, technological "tunnel-vision" – that the
only means to counter a cyber-threat is through cyber-defence – is
rampant.
