Cybersecurity has become more and more important as advanced cybercriminals and other information adversaries attempt to steal your data, exploit your organization, and sabotage your operations. The security risk in unsecured computing systems is high, as stolen data could be used to assume control of entire networks, while service disruptions could cause substantial economic and intellectual property losses.
Creating cybersecurity solutions that can address the latest risks is a constant challenge to the electronic systems developer. In this first part of a three-part series, we talk to Skip Sanzeri, Co-Founder, Board Chair, and COO of QuSecure, about how cybersecurity is becoming increasingly important in today's cloud-based, data-oriented world.
People have wanted to protect their stuff since time was time. Yet it's almost as if we realized that data wasn't that important until just recently, and this complacency is part of the problem. In the past, data was a paper commodity, and very little of it was digitized. Now everything is digitized. What we've done is we've traded convenience for privacy.
So, for instance, when there's a way that you can conveniently and easily log onto something, with or without a password, it's all a trade. And the unfortunate thing is that it's going to get worse because if you think of things like the metaverse now, and how we already have a giant digital footprint for everything that you and I do, there's a footprint. That opens the door to problems like hacking and going after data and people's privacy.
This will become more valuable because there's going to be more information there. It's almost to the point where you could follow somebody who went off the grid by the hole they left behind in the data space.
If somebody goes off the grid, you'll be able to tell where they were last and maybe even determine how far they could have gone. This is why criminals get caught these days, because you can't get money or do anything without creating a digital signal. The moment that you turn your phone back on, the moment you go to the bank to get money, or do a charge or check into a hotel, it's all digitized. So, you know, it's something we just have to get used to, and why we have to be zealots for privacy and security.
A modern, intelligent wireless device is multimodal, multispectral, and multilingual. It's often got different communications protocols to go with the different bandwidths that it's talking on. That presents a significant security risk and challenge for the developer.
Creating a Security Solution
The hard part about developing a product, be it software, firmware, or hardware, is that many times security isn't the first thing in mind. Foremost are that the product works, product efficacy, and things like pricing. Security in many cases gets the back seat because it stands in the way when you think about being compliant with some of the security requirements, which may hinder device development.
Best practices means going down both paths, and investing in security into that product to address compliance while producing a great product. Too often products come out that aren't very secure or where security was an afterthought. You have lots of products manufactured in other countries and we don't know the derivation of those chips or the firmware of those devices. In many cases, products aren’t tested for a derivation that could be a backdoor for data.
This is being recognized now on a regulatory level, with governments and agencies upgrading security standards now for a while. NIST has moved into the post-quantum era, which is security that's developed around protecting against quantum-computing attacks. Now that data is available to any system anywhere, you have to put cryptography on the data so that if somebody does crack it and they get hold of it, hopefully your cryptography stands up so they can't unwind that data.
However, the internet is the great mitigator because data travels everywhere. We are in an interesting time where it's an open pipe out there, which means that anyone can listen and anyone can grab data. They could store that data. They may not be able to decrypt it, but they certainly have it for later.
We all want that convenience of being able to look at anything and do anything on on the internet with anybody. You can't stop humans from communicating. But again, there's a price because that's all going over open pipes. Data isn't just being left hanging out, but it can go through areas where people may be listening all the time and trying to decrypt your data. The key is to implement systems and processes to prevent those adversaries from accessing your data, or if accessed, made illegible to them.
Part 1: Cybersecurity from the Developer's Seat (video above)