Kirsten Bay, president and CEO, Cyber adAPT
WannaCrypt0r the malware that held data to ransom on a global scale was a powerful illustration of what happens when cyber-security loopholes are not effectively closed. Exploiting a weakness in Microsoft's Windows operating system, the cryptoworm spread between PCs like wildfire, encrypting data and demanding Bitcoin payment in exchange for its return.
It is fair to say the attack took most cyber-security professionals by surprise. But was it really so unfathomable and, more importantly, how can we ensure such attacks are not repeated?
The answer to these questions lies in a theory proposed by Intel co-founder, Gordon Moore, in the 1960s: the processing power of computers doubles every two years.
Having dominated computing for the last 52 years, Moore's Law is now looking set to run out of steam, and it is the reason behind this has much to teach us about cyber-security now, and in the future.
Keeping up with the hackers
According to Europol chief Rob Wainwright, the best way to stop WanaCrypt0r infecting PCs and corporate networks is simple: installing a Microsoft patch on all machines.
Yet as the attack has shown, keeping security systems up to date is challenging. Microsoft, after all, had already released the MS17-010 patch before the ransomware hit, but failure of individual users and businesses to update promptly meant 150 countries were still affected.
The hard truth is: security breaches are not just increasing; they are inevitable especially in large organisations where networks support multiple devices that all run different software. And considering the scale of the biggest organisations affected the UK's National Health Service and FedEx it is easy to see how PCs running outdated systems, like Windows 7, were overlooked.
The key conclusion we can draw from this latest breach is that our tendency to focus on protecting specific networks or devices is a serious error. And this is where Moore's Law comes in
From chip-power to the cloud
When Moore first made his observation, technology was different computing power was determined by how many transistors a dense integrated circuit, or chip, could hold. After noting that the transistor to chip ratio was doubling every two years (a revised estimate made in 1975), he predicted that processing capability would grow at the same rate, and so Moore's Law was born.
Although the theory has been verified by more than half a century of multiplying transistors and shrinking chips, empirical support for it is dwindling. Indeed, in 2015, Moore himself said he saw the law dying in the next decade or so.
The reason for this is that computing capability is no longer tied to hardware. The advent of cloud computing means software, data and extra processing capacity can now be accessed over the internet without increasing the number of transistors in a device.
Thus, when we apply the same argument to cyber-security the problem is clear: current measures are trying to protect limited networks and specific devices, but networks are now edgeless and used by myriad devices. In other words, the idea of patching every single device linked to the network is unrealistic and we are trying to keep a gate closed that is simply too wide.
Outside in: building internal defences
To outpace the hackers, we must learn from the failings of Moore's Law and take a lateral security perspective that extends beyond individual devices.
CISOs need to adopt a detection-led approach that focuses on preventing attacks after hackers have breached networks by monitoring for and removing suspicious users. In doing so, they can ensure their cyber-security measures are fit for the 21st century, rather than embarking on an endless mission to update every device each time a threat is identified. And with such defences in place, security professionals could stop the next ransomware attack from spreading so quickly, or at all.
The demise of Moore's law teaches us that modern security cannot afford to view networks as silos. With the cloud constantly creating new connections, there are no more perimeters to protect, which means keeping systems safe requires defences that can identify hackers after they have made their way in.
By deploying a detection-led method, CISOs can use the lessons of the past to secure networks at all times, and ensure they are positioned tothwartthe next WanaCrypt0r-style-attack in its early stages.
Contributed by Kirsten Bay, president and CEO, Cyber adAPT
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.
Read the original:
What Moore's Law has to teach us about WanaCrypt0r - SC Magazine UK
- HD Moores Law - Video - July 24th, 2012 [July 24th, 2012]
- Moores Law - Transistor Graph - Video - July 24th, 2012 [July 24th, 2012]
- Moores Lane road construction project begins - October 2nd, 2012 [October 2nd, 2012]
- Orono man totals pickup while reaching for cellphone - October 2nd, 2012 [October 2nd, 2012]
- 2 in Charlotte face fake ID charges - October 4th, 2012 [October 4th, 2012]
- Why there may be more to computing than Moores Law - October 11th, 2012 [October 11th, 2012]
- VR pioneer invents 'illumination-as-a-service' - October 12th, 2012 [October 12th, 2012]
- What is reality...M theory vs Moores law creating real universe vs creating a virtual one - Video - October 30th, 2012 [October 30th, 2012]
- The Rayz/Moores Law @ Put-in-Bay Final Countdown - Video - October 30th, 2012 [October 30th, 2012]
- Moores Law @ Beer Barrel Put-in-Bay Hip Hop Medley - Video - October 30th, 2012 [October 30th, 2012]
- Good explanation of the singularity - Video - October 30th, 2012 [October 30th, 2012]
- What you MUST know about the future - Video - October 30th, 2012 [October 30th, 2012]
- Computer Apple 1 How to tell value KK4WW - Video - October 30th, 2012 [October 30th, 2012]
- Rise of the transapients - Video - October 30th, 2012 [October 30th, 2012]
- Moores Law Music Performing Bruce Springsteen - Video - October 30th, 2012 [October 30th, 2012]
- Moore's Law Ice Cream Man - Video - October 30th, 2012 [October 30th, 2012]
- Moores Law performs Vehicle at PIB - Video - October 30th, 2012 [October 30th, 2012]
- Explaining Moores Law [HD] - MOCustoms.co.uk - Video - October 30th, 2012 [October 30th, 2012]
- Global Challenge Part Fifty - Video - October 30th, 2012 [October 30th, 2012]
- Towards next-generation devices through computer nanomaterial design for semiconductor spintronics - Video - October 30th, 2012 [October 30th, 2012]
- Aiming to establish new spintronics - Video - October 30th, 2012 [October 30th, 2012]
- Correlated electronic materials - Video - October 30th, 2012 [October 30th, 2012]
- Energy Efficient Electronics: Searching for the Milli-Volt Switch - Video - October 30th, 2012 [October 30th, 2012]
- Moores Law - Video - October 30th, 2012 [October 30th, 2012]
- Geeking out aero-style for a hundred bucks - Dan Shapiro - Video - October 30th, 2012 [October 30th, 2012]
- moores law visualization - Video - October 30th, 2012 [October 30th, 2012]
- how moores law affects conrad shawcross - Video - October 30th, 2012 [October 30th, 2012]
- The Everton Autobiography: How the Blues nearly signed the great Ferenc Puskas & when police action thwarted Goodison ... - November 2nd, 2012 [November 2nd, 2012]
- Letters: Guardian 'surrender' on self-regulation - November 7th, 2012 [November 7th, 2012]
- Academics take issue with Guardian editorial on press regulation - November 9th, 2012 [November 9th, 2012]
- Area deaths - November 22nd, 2012 [November 22nd, 2012]
- clip 2012 12 02 19;00;19 - Video - December 4th, 2012 [December 4th, 2012]
- Police news: Twice as many helmeted motorcyclists crash since law repeal, kids pair with emergency responders during ... - December 5th, 2012 [December 5th, 2012]
- Clallam burglaries are on the rise - December 6th, 2012 [December 6th, 2012]
- When exotic investments are too good to be true - December 10th, 2012 [December 10th, 2012]
- Top headlines: Man in custody in deadly drive-by shooting, Genesee County commissioner says judge can pay back ... - December 12th, 2012 [December 12th, 2012]
- Paul Raschke - Obituary - December 12th, 2012 [December 12th, 2012]
- Pitt County Grand Jury - December 17th, 2012 [December 17th, 2012]
- Connecticut school shooting prompts Genesee County schools, police to take extra precautions - December 18th, 2012 [December 18th, 2012]
- MEN Sport review of the year 2012 - December 18th, 2012 [December 18th, 2012]
- 'The police weren't laughing:' Text message 'joke' of gunfire frightens Grand Blanc, county schools deal with 'end of ... - December 20th, 2012 [December 20th, 2012]
- Top headlines: Schools closed in Genesee County amid violence rumors, Flint church holds candlelight vigil - December 21st, 2012 [December 21st, 2012]
- More than $1 million worth of drugs seized in Salisbury - December 21st, 2012 [December 21st, 2012]
- Anatomy of the school-closing decision: Rumors of violence led to all Genesee County schools shutting for two days - December 21st, 2012 [December 21st, 2012]
- Solo rock stars die sooner than those in bands - December 21st, 2012 [December 21st, 2012]
- Lecturer's private research not 'held' by university for purposes of FOI disclosure, rules Tribunal - December 22nd, 2012 [December 22nd, 2012]
- Liverpool Local News: Liverpool John Moores University to handout record £2.1m after trebling student scholarship kitty - December 26th, 2012 [December 26th, 2012]
- University and College News: Liverpool John Moores University to handout record £2.1m after trebling student ... - December 26th, 2012 [December 26th, 2012]
- Storm whips into Northeast bringing snow, rain - December 28th, 2012 [December 28th, 2012]
- Genesee County sheriff says fireplace blockage may have allowed carbon monoxide buildup - December 28th, 2012 [December 28th, 2012]
- Moores Law Experiment 2 - Video - September 18th, 2013 [September 18th, 2013]
- The Skanner Newspaper - Remember the Moores at Christmastime - December 20th, 2013 [December 20th, 2013]
- HowStuffWorks "How Moore's Law Works" - Computer - December 20th, 2013 [December 20th, 2013]
- Minneapolis Housing Trend Favors More Residential Home Office Use - December 31st, 2013 [December 31st, 2013]
- Kendal solicitor wins place with top law firm - January 1st, 2014 [January 1st, 2014]
- Prince George’s County home sales - January 3rd, 2014 [January 3rd, 2014]
- Obituary: Loyce Tapp - January 5th, 2014 [January 5th, 2014]
- More charges for WSU grad arrested with bombs - January 11th, 2014 [January 11th, 2014]
- Chemical weapons charge added to man with dozens of bombs - January 11th, 2014 [January 11th, 2014]
- Myths of Moore's Law - CNET News - January 16th, 2014 [January 16th, 2014]
- Team 10 saves war medals from auction - January 22nd, 2014 [January 22nd, 2014]
- Dad who abducted kids, fled to Cuba found insane - January 23rd, 2014 [January 23rd, 2014]
- Calendar: Jan. 23 to 26 - January 23rd, 2014 [January 23rd, 2014]
- After baby's death in Perry County, parents seek answers - January 23rd, 2014 [January 23rd, 2014]
- Simulations to enable novel lithographic patterning techniques - January 28th, 2014 [January 28th, 2014]
- Sullivan sued by victim’s parents - January 30th, 2014 [January 30th, 2014]
- Palm Beach murderer James Sulllivan sued to recover $13.5 million he was ordered to pay 20 years ago for killing his ... - January 30th, 2014 [January 30th, 2014]
- Group: Adult jail no place for juveniles - January 31st, 2014 [January 31st, 2014]
- Sotomayor Presides Over Moot Court Raising Privacy Questions - January 31st, 2014 [January 31st, 2014]
- Harbour Grace mayor under pressure over staffing crisis - February 4th, 2014 [February 4th, 2014]
- Colleens Dream Foundation Grants Over $12,000 to UC San Diego Moores Cancer Center to Fund Ovarian Cancer Research - February 4th, 2014 [February 4th, 2014]
- Crossbar nanowire chips combine to form tiny CPU for ... - February 6th, 2014 [February 6th, 2014]
- New Mexico Blocks Vote on Legalized Pot - February 12th, 2014 [February 12th, 2014]
- Calendar Feb. 17 to Feb.19 - February 18th, 2014 [February 18th, 2014]
- Calendar: Feb. 20 to 23 - February 20th, 2014 [February 20th, 2014]
- IBM Atomic Shorts The end of Moores law 00 12 - Video - February 28th, 2014 [February 28th, 2014]
- MIT Research Looks to Extend Moores Law - March 1st, 2014 [March 1st, 2014]
- Indiana Guardsman's bomb-possession charge moved to federal court - March 4th, 2014 [March 4th, 2014]
- Bomb case moved to federal court - March 5th, 2014 [March 5th, 2014]
- Will 100 become the new 60? - March 9th, 2014 [March 9th, 2014]