Security Market Segment LS
Tuesday, 08 October 2019 17:01

'Super predator' theory explains cyber security problems

BlackBerry global head of cybersecurity services Campbell Murray BlackBerry global head of cybersecurity services Campbell Murray

BlackBerry global head of cyber security services Campbell Murray has a theory that humanity's position as the only "super predators" on the planet explains why we have so much trouble with cyber security.

Murray points out that our combination of brainpower, dexterity, endurance and other characteristics mean that despite not having a particular specialisation "we can do pretty much anything any other animal can do, well enough [to prevail]."

So where one person without modern weapons might be easy prey for a bear, 10 people with primitive weapons can take down a bear.

Humans have adapted to predation, but aren't so good at defence.

For example, centuries ago, people built castles as protective structures. But other people quickly worked out multiple ways of attacking a castle: climbing over the walls, tunnelling under the walls, poisoning the water supply, cutting off the supply of food and other essentials, and so on.

"That's exactly the situation in cyber scurity," Murray told iTWire while he was in Melbourne for the Australian Cyber Conference. "People are out there trying to get your stuff... [data] is the new spoils of war."

"Defence is high effort... [and] very hard to implement," he suggests.

It's not as if this is a new problem. The earliest known example of two factor authentication dates from around 54 BC, he says, and combined the use of a Caesar cipher (requiring knowledge of the offset used) and a scytale (requiring possession of a tapered rod of the correct dimensions in order to read the enciphered text correctly).

But IT increases the stakes due to the massive amounts of data that can be extracted once access has been gained.

Asked about the implication for security roles, Murray said "Most of my team are predators – that's what they're paid to do. After 10 years or so, some of them move into Blue Team (defensive) roles, where they address their new responsibilities by asking 'how would I break in?'

For example, when BlackBerry conducts code reviews on behalf of clients it finds 'time bombs' (pieces of code that are designed to cause damage after a certain date unless updated by the malicious developer) "all the time."

IT workers generally need to "put up as many walls as you can" in order to "be a hard target," he recommends. (The idea of layered defences has gained considerable currency in recent years.)

This is especially true in industries where you find many people, he says. Places like airports and hospitals involve lots of people in lots of roles, and many outside service providers.

Patient records are particularly attractive, so healthcare providers tend to store only essential data in order to reduce the risk.

Murray predicts that in the future, people will be more likely to ask what they are actually getting in return for allowing organisations access to their data. There is currently a widespread assumption that everybody is being profiled, so there's no point worrying about it, but he thinks today's young people will change their minds about this as they accumulate assets that are worth protecting, and "there will be a shift in consumer approaches to data in the next ten years."

People are beginning to move back from mobile apps to the corresponding web sites as a way of increasing their privacy, he says.

If people remove their personal data from the "corporate treasure trove" (or at least stop it going in there in the first place), and then the bad guys will go after something else.

"Commerce won't stop, but it won't be feeding off individuals," Murray predicts.

Read 2394 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News