When we were kids, some of us liked to play cops and robbers. The former had to seize the latter, who obviously did everything to escape from them. Cyber security makes us play this game again; except that the playground has expanded into the endless reaches of cyberspace and the game, while fun, isn’t all that fun anymore.
This logic of cops and thieves is the logic of a spiral along which any movement is made, since it is the result of a confrontation between offenders and criminals: the technological and methodological progress of some is ahead of others, and vice versa. The more complex and effective the defense systems, the more sophisticated the means of bypassing or forcing them become.
Because of their evil creativity, thieves are always one step (or one step) ahead. However, the strong position is sometimes occupied by the police, sometimes by thieves, alternating with innovations in technology and methods. By the strength they put into fighting each other, the opponents thus mutually reinforce each other, where their hope is to win by overthrowing the enemy. The more we strengthen cybersecurity, the more we become interested in the savvy hackers who are attracted to, for example, the task of infiltrating a citadel considered impregnable.
This game of rules and restrictions is reminiscent of the phenomenon of doping in high-level sport: doping products are always one step ahead of the protocols designed to identify them and the rules responsible for their prohibition.
For a long time
Thus, hacking consists of cycles. He finds new loopholes that take time to find solutions to close the loopholes. Thus, some methods become obsolete when the levels of protection are sufficient.
But, in addition to obsolescence, old-fashionedness also lies in wait for the means used by hackers. Hacking is also subject to fashion effects. As if crime has its own aesthetic, attacks use certain technologies and not others: viruses, DDOS, ransomware… and then temporarily abandon them in favor of others.
Thus, cybersecurity is a relatively long-term concept for companies. This is no longer a one-time threat that weighs on them, or a risk that we could go through with a little luck, but a constant pressure that we must now reckon with on a daily basis.
Long distance race
We can no longer view the fight against cyberattacks as “strike” operations when we pit a specific response against a single attack. This design is not enough. Or rather, not enough. In reality, all divisions of the company, without exception, should be involved in the fight against cybercrime. Cybersecurity awareness throughout the company is the first condition for the success of any cybersecurity policy. A CEO who has invested heavily and thinks he has done the right thing in terms of cybersecurity but neglected a key cyber-awareness step is sitting in the sand and his efforts have been in vain.
Just as with good health management, check-ups should be regular, risk assessment should be ongoing, and treatments should be determined by a competent medical practitioner. In the same way that it is necessary to repeat tests in order to see changes (diabetes, cholesterol…), it is recommended to constantly and in real time start assessing cyber risk. Cyberrating technologies allow managing corporate health.
And as the latter evolve, they evolve, these technologies should be able to follow these changes, accompany them, evolving too. Yesterday’s needs are not necessarily tomorrow’s. Not to mention cyber risk, which, like a virus, mutates, regularly offers new options, discovers new flaws to exploit, and thus pushes cybersecurity players to constantly evolve.
Even if you always have to respond quickly to attacks, cybersecurity today is more like a long-distance race where you need to be able to prioritize correctly, put energy where it is needed at the right time, hold your breath and not exhaust yourself. yourself in useless sprints.
Therefore, companies need to reconfigure or adapt their vision of cybersecurity to match this persistence of risk and the long term cyber threat. Without this adaptation, cyberattacks can be fatal.
So, are you ready for a little test?