Breaking Digital Gridlock by John Best

Author:John Best
Language: eng
Format: epub
ISBN: 9781119421924
Published: 2018-03-05T00:00:00+00:00

Security as a Process of Innovation

Some of the most valuable innovations can and should be security related. For instance, the story of the angry ex-wife that I mentioned earlier resulted in a feature that allowed financial institution customers to block out access from certain IP addresses. This turned out to be a very valuable feature for the customers, because as time went on, account takeovers became more and more common, and while eventually hackers started spoofing addresses, this measure on our part caused them to move along to greener pastures. Security innovations will continue to go forward.

Some of the most difficult processes to digitize are security related, such as the FFIEC mandate that specifies that you must have multifactor authentication login. When digitized, this process is inconvenient for customers and ineffective against today's hacking techniques. Having to answer questions like “Who is your first school teacher?” and “What's your favorite pet?” are often inconvenient when you're trying to do something quickly. Especially if you did not set up these questions to begin with. I don't know about you, but I don't know the last name of my wife's favorite schoolteacher. So how will we look at security as innovation in the future? I believe that the evolution of security is going to be built around artificial intelligence and cryptography.

As a matter of fact, the same artificial intelligence that the hackers will be employing will be employed by financial institutions to defend against these new attacks. For example, consider the Facebook chatbot experiment I mentioned earlier. One chatbot was pitted against another chatbot in a negotiation game to determine if two chatbots or AI mechanisms could negotiate with each other. Much in the same way these two systems interacted, I believe that defense artificial intelligence bots will, in the future, protect our digital systems. These artificial intelligence bots will learn from the attacks that are levied against them, and they will create their own countermeasures. As they begin to create their own custom countermeasures, they will also work together with other financial institutions defense bots to collectively learn from the attacks happening at other institutions. Through cooperation and aggregation, we will create a much stronger defense against cyberterrorism and cybercriminals.

We will need to reexamine the security paradigms and conventional security wisdom if we are to succeed in a more dangerous digital environment. For a long time, digital security has been designed around a castle methodology. The castle protects the crown jewels and is fortified with tall walls, moats, alligators, soldiers, hot oil, and dragons. Each fortification is designed to be a defense against failure of the previous defense. The flaw in this design is that it is assumed that no one will ever breach the castle because the likelihood of all the defenses failing at once is low. But unbeknownst to the head of castle security, the king of the castle likes to throw parties, and during the parties he will let almost anyone in the castle. Sometimes during these parties,

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.