In the Pegasus world, only the cyber-paranoid survive
Summary
- It’s ironic that cyber threats could result in a closed internet at odds with its promise of openness
- Crypto exchange Kraken’s security policies that include having employees’ kids sign non-disclosure agreements are a sign of paranoia-suggesting measures that could multiply.
A recent Bloomberg article talks of a company whose “employees’ children have to sign non- disclosure agreements before attending company parties, with the only exception being kids who haven’t yet learned to write"; “New employees spend two days in security classes, then three days setting up office computers and passwords, and then a week going over a 70-item checklist of recommended personal security measures, which include installing alarms and surveillance cameras at home, and closing social networking accounts." They cannot identify themselves as employees of this company. Takeshi Chino is one of the few executives of this firm who is allowed to tell the world where he works, but “he can’t tell his wife the physical location of the office!" No, this organization is not the CIA, nor the fabled Cosa Nostra, or the Sicilian mafia. It is San Francisco-based Payward Inc, which runs Kraken, a $10 billion cryptocurrency exchange, and it insists on foolproof cybersecurity, especially against ransomware attacks.
There seems to be a database breach, hacking or a ransomware attack almost every day. Some of these have been massive ones on well-known companies like Target and Maersk, and even in India on MobiKwik and others. States have been engaged in it too. Israel and the US famously stalled Iran’s nuclear programme with their Stuxnet attack on its centrifuges in 2010. Last week, US President Joe Biden formally warned Vladimir Putin over multiple attacks by Russian hacking group REvil. And this week, the US and its allies formally charged China with breaking into Microsoft’s exchange servers. Experts expect such ransomware and hacking attacks on companies and governments to increase, giving way to a Kraken-like obsession everywhere.
While cybersecurity has been a big concern for years, the attacks, and therefore the paranoia, has exploded in recent months, with a slew of factors combining to create a perfect cyber- security storm. Here are five of them:
The advent of the cloud: It has given corporations a great price and flexibility advantage, and its pay-as-you-go model has accelerated digital transformation and let entrepreneurship flourish. However, public clouds are replete with misconfigurations, and the fact that they enable computing at scale implies that breaches can happen at such scale too. While the world’s top cloud providers like Amazon, Microsoft and Google are racing to strengthen security, there are still many vulnerabilities.
The march of the robots: Hackers are using artificial intelligence (AI) and machine learning (ML) technologies to create sophisticated robots and systematically attack the security walls of enterprises. The same technologies are being used in defence against these attacks. And so a robot arms race is on.
The work-from-home revolution: Remote work has been a saviour, as hordes of workers moved offices to their homes almost overnight. But this has also been a security nightmare, as they moved to unsecured information technology environments beyond the protective firewalls of their office devices, prompting a veritable hack fest.
The IoTisation of the world: The coming age of 5G-based Internet of Things infrastructure, with its sensors, cameras and exabytes of data generated, will suddenly unleash billions of intelligent devices begging to be hacked. Driverless car-hacking has already seen a demonstration.
New ransomware players and business models: Ransomware entities have started operating as profit-oriented companies. They lock an organization’s access to data, demand a ransom to let their target access it, and ‘double dip’ by selling the data already harvested. Some ransomware players like Darkside and REvil have developed a ransomware-as-a-service (RaaS) model, where they do this for other attackers, taking a cut of the ransom collected.
Attacks have been getting increasingly sophisticated. Rich companies are being targeted, as also the critical infrastructure of countries. Experts prophesize that cyberattacks could start ‘closing down’ or compartmentalizing the open internet—an ironic statement to make on the 30th anniversary of India opening up what was a closed economy pre-1991. In another context, Intel’s Andy Grove had a famous phrase: “Only the paranoid survive." It is this quest for survival that drives Kraken’s paranoia. “I heard from people that Kraken is crazy about security before I joined, and yes, it is really intense about it," says Takeshi Chino, “But that’s what it takes." And it is set to take more and more.
Jaspreet Bindra is the author of ‘The Tech Whisperer’, and founder of Digital Matters
