No more tears?

It has been almost two years now since the world was gripped by a string of pervasive and damaging ransomware attacks, which fuelled mass paranoia and concern over the cost of technological advancement. Such levels of panic and speculation hadn’t been seen since the turn of the millennium and the Y2K system failure predictions and panic. From Petya to WannaCry and the creatively named NotPetya ransomware attacks, individuals, organisations, and nation states were awed and rightly fearful of the pace of dissemination and destructive capabilities wrought by the attacks.

There has been a lull in this type of compromise in the last couple of years, the reasons for which remain speculative. The awareness raised by the breaches in 2016 and 2017 has clearly aided in improving cyber security hygiene with respect to patching systems and networks, running the latest versions of software, and conscientiously installing antivirus programmes. However, it is unlikely to be the whole reason, nor is it an excuse to become complacent.

Having visited Mobile World Congress 2019 in Barcelona last month, it is clear that the Fourth Industrial Revolution is well upon us, with 5G being one of the era’s conduits of choice. The fusion of technologies that is blurring the lines between the physical, digital, and biological spheres offers huge opportunities for economic and social advancement, though the damage to be wreaked should cyber security defences fail are almost too dire to contemplate.

The growing prevalence of artificial intelligence, automation, and big data means that cyber security needs to evolve to keep pace with such advancements, and thus must similarly be based in the prevailing next generation technologies of the time such as quantum computing and advanced cryptography. The days of an individual or a team of individuals being made responsible for controlling and monitoring data systems for anomalous activity on a real-time basis are over, and have been for some time. We are in the era of machines vetting other machines, with human contact only being required to validate, escalate and approve a suggested course of defensive action.

Cyber resilience today will not mean the same thing tomorrow, nor will the elements required to maintain it remain static. If society at large and the high-tech industry in particular want to minimise the possibility of crying another tear of frustration or dread from another WannaCry attack, the key is in placing cyber resilience at the centre of every technological advancement, and making protecting new services and applications indivisible from the mechanisms that safe-keep them and allow them to operate optimally.