Security Market Segment LS
Tuesday, 08 October 2019 17:01

'Super predator' theory explains cyber security problems

BlackBerry global head of cybersecurity services Campbell Murray BlackBerry global head of cybersecurity services Campbell Murray

BlackBerry global head of cyber security services Campbell Murray has a theory that humanity's position as the only "super predators" on the planet explains why we have so much trouble with cyber security.

Murray points out that our combination of brainpower, dexterity, endurance and other characteristics mean that despite not having a particular specialisation "we can do pretty much anything any other animal can do, well enough [to prevail]."

So where one person without modern weapons might be easy prey for a bear, 10 people with primitive weapons can take down a bear.

Humans have adapted to predation, but aren't so good at defence.

For example, centuries ago, people built castles as protective structures. But other people quickly worked out multiple ways of attacking a castle: climbing over the walls, tunnelling under the walls, poisoning the water supply, cutting off the supply of food and other essentials, and so on.

"That's exactly the situation in cyber scurity," Murray told iTWire while he was in Melbourne for the Australian Cyber Conference. "People are out there trying to get your stuff... [data] is the new spoils of war."

"Defence is high effort... [and] very hard to implement," he suggests.

It's not as if this is a new problem. The earliest known example of two factor authentication dates from around 54 BC, he says, and combined the use of a Caesar cipher (requiring knowledge of the offset used) and a scytale (requiring possession of a tapered rod of the correct dimensions in order to read the enciphered text correctly).

But IT increases the stakes due to the massive amounts of data that can be extracted once access has been gained.

Asked about the implication for security roles, Murray said "Most of my team are predators – that's what they're paid to do. After 10 years or so, some of them move into Blue Team (defensive) roles, where they address their new responsibilities by asking 'how would I break in?'

For example, when BlackBerry conducts code reviews on behalf of clients it finds 'time bombs' (pieces of code that are designed to cause damage after a certain date unless updated by the malicious developer) "all the time."

IT workers generally need to "put up as many walls as you can" in order to "be a hard target," he recommends. (The idea of layered defences has gained considerable currency in recent years.)

This is especially true in industries where you find many people, he says. Places like airports and hospitals involve lots of people in lots of roles, and many outside service providers.

Patient records are particularly attractive, so healthcare providers tend to store only essential data in order to reduce the risk.

Murray predicts that in the future, people will be more likely to ask what they are actually getting in return for allowing organisations access to their data. There is currently a widespread assumption that everybody is being profiled, so there's no point worrying about it, but he thinks today's young people will change their minds about this as they accumulate assets that are worth protecting, and "there will be a shift in consumer approaches to data in the next ten years."

People are beginning to move back from mobile apps to the corresponding web sites as a way of increasing their privacy, he says.

If people remove their personal data from the "corporate treasure trove" (or at least stop it going in there in the first place), and then the bad guys will go after something else.

"Commerce won't stop, but it won't be feeding off individuals," Murray predicts.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments