It is a disaster. No matter what we do, the leaks and the cracks are appearing faster than we are fixing it. It is a global pandemic.
I am not talking about COVID-19, the pandemic that has affected our lives and livelihood for over a year. I am talking about the other pandemic – the compromise of security of data.
In the past 6 months, the data leaks, the security hacks, the ransomware scourge have been more devastating than ever. Here are a few big ones that happened on a global scale:
- [ Thru 2020 ] Solarwinds Supply Chain Hack (aka Sunburst)
- [ March 2021 ] Microsoft® Exchange Hack
- [ March 2021 ] Acer® Ransomware Attack
- [ April 2021 ] Asteelflash Electronics Ransomware Attack
Closer to home, here in South East Asia, we have
- [ March 2021 ] Malaysia Airlines Data Breach
- [ March 2021 ] Singapore Airlines Data Security Breach
It is not working
I am skeptical. Despite all valiant efforts at all fronts, we are inundated by the sheer magnitudes of these cybersecurity compromises. We hear of protection, detection and response, anti-phishing, anti-malware and many cyber security technologies to combat every threat and attack out there, but the news of cyber security breaches continue to grow and grow, and the impacts, one more devastating than the one before. Why?
People and Processes
The weakest links are not the technologies we placed and implemented to shield and protect us from the attacks. The weakest links are the people and the processes within. Cybercriminals are aware of these vulnerabilities and are taking advantage of them. On the rise are the supply chain attacks.
Several well known cases are:
- [ 2019 ] Tesla economic espionage case
- [ 2020 ] Tesla cyber attack – Employee offered USD$1 million to plant malware
- [ 2018 ] Casino database hacked through smart Fish Tank Thermometer
- [ 2018 ] Singapore SingHealth data breach cyberattack compromised by front office workstation
Again, we like to throw technology against these cyber threats. The rise of machine learning in cybersecurity has enabled cybersecurity defenses to be smarter, identify and respond to threats faster, cover more grounds and far more accurate than any cybersecurity expert. Artificial Intelligence is indeed a powerful tool in the cybersecurity arsenal and it has to be in all the cybersecurity defenses.
But it is also a double edge sword. What is available to the white hats and the ethical hackers is also available to the black hats and everything in between. AI can be misused by cybercriminals to enhance the potency of their attacks.
Deep fakes assisted and powered by AI are getting more and more sophisticated, and have been gaining success in cyberscams. Here are a few deep fakes news:
- [ 2019 ] British CEO scammed out of USD$243,000 via AI-assisted Voice Deepfake
- [ 2021 ] Deep fake video creates artificial Tom Cruise
Cloud and cybersecurity look like an oxymoronic pair. Enterprises and organizations have been in control of their IT and digital resources are fearful of relinquishing their control and data to an outsourced cloud service provider (CSP). However, this fear is going out of trend as enterprises and organizations in the clouds are beginning to endear to the benefits of having the CSPs managing the authentication, authorization, access and audit (AAAA) of their digital resources much better than they can. Moreover, CSPs offer more integrated IAM (identify access management) and cybersecurity tools and procedures that close the gaps of cybersecurity threats. With the cloud, organizations are now more effective in developing better processes to handle data privacy and data protection procedures, and fortify their cybersecurity efforts.
However, the silver lining in the clouds (pun intended) isn’t always the pot of gold at the end of the rainbow. The attack vector and the attack surface of the CSPs are far more massive than the network managed on-premises by the enterprises and organizations in their data centers. The impacts on the CSPs, once compromised, will be more devastating and destructive, and could bring the digital world to its knees.
With vendors now touting multi-clouds, the viral effect of linking one cloud to another to another could magnify the spread of the cyberthreats, just like the COVID-19 pandemic.
Data characterization and personalities
I am an advocate of data personalities. I do not know the right industry term for it but some call it self-describing data although I am not 100% sure. I wrote a blog about it:
For better or worse, we have heard that 90% of the world’s data was generated in the last 2 years. Mostly unstructured data, that means we have an opportunity to assign and tag personalities to the generated data at source. The information in metadata can be inserted with “common personalities” when the data was generated and created at the birth of the data at the very beginning.
I am not a data modeler. I do not know how to build data taxonomies and classification frameworks, but I am a believer that we can include common security features into the new data. These ideas include:
- Encryption features
- Data protection levels
- Compliance standards
As the data passes through different devices and sub systems in its lifecycle, certain cybersecurity measures are activated according to the locality of the data at the time.
For example, a data generated at an IOT end device like a flood sensors for climate control, could be tagged as encrypted when the data travels through unsecured channels. Once the data reached the central processing devices, the data protection requirements are turned up to the next level to ensure that the data is copied for added recovery. As its lifetime in the production systems progresses, the compliance features are tuned for archiving and long term retention reasons. Rules and policies can be constructed to attend to the data as it works through its data lifecycles and across different subsystem premises. And this can automated as we integrate standardized common data personalities that work across disparate systems.
I have not read many standard developments in the abstract area of data personalities that I have mentioned. Perhaps I have not searched and researched hard enough. The closest and most prominent one I have followed is iRODS (Integrated Rule-based Data Systems).
The potential and possibilities of what iRODS can do are exciting. I read in an article by the US National Library of Medicine National Institutes of Health about iRODS capabilities which quoted
“We describe the integration of the open-source metadata management system iRODS (Integrated Rule-Oriented Data System) with a cancer genome analysis pipeline in a high performance computing environment. The system allows for customized metadata attributes as well as fine-grained protection rules and is augmented by a user-friendly front-end for metadata input. This results in a robust, efficient end-to-end workflow under consideration of data security, central storage and unified metadata information. “
The article can be found here.
We already see data federation used when aggregating and virtualizing disparate data store for data warehousing, analytics and business intelligence. It serves to standardize data access and provides an optimized framework for addressing the salient objectives of the federated data.
With concept and the maturity of data federation in mind, the venerable framework could play an important role in combating the cybersecurity threats, and perhaps lay the groundwork to build a secure, federated data model on a bigger scale when combining with the common data personalities and characterization that I mentioned in the segment before.
Looking at the ever growing threats of this cybersecurity pandemic, it is time to think and do differently. The cybercriminals seem to be one step ahead most of the time. That is why iRODS intrigues me. It is complex to me now but I am very positive of what it is capable of. The data personalization and characterization may be the help forward into the future.
The war between good and evil continues.