An inadvertent mistake undermines Cybersecurity

It is necessary to put the mistake in context to understand the weakness it introduced. Business leaders cannot address a problem when a mistake has become an accepted norm.

This is written so a business audience can understand the mistake their cybersecurity experts aren’t explaining. Sometimes mistakes are so obvious, they are ignored. Therefore, a few obvious elements of security will be explained.

The Internet was designed for the free and open exchange of information, that’s it. This communication vehicle morphed at a speed and in ways no one could have imagined.

Keeping up with technology, and the Jones’s required immediate action based on existing knowledge. No one took the time to consider the long-term effects of their decisions.

Decades ago, with public adoption of the Internet, businesses with secure activity wanted to exploit the Internet to provide greater access to their clients, a noble goal.

Yet the implementation was mistaken, the context is critical to understanding. At the time cellphones were unheard of, Internet access was dialup and “portable computers” weighed in at 35lbs. The Internet was a browser to browse the web.

Companies already had marketing websites and they were spending money to drive traffic to those websites.

The unasked questions then and now: Should secure activity be browsed? Should secure activity be performed in public? The cybersecurity crisis began when a “secure portal” was open 24/7 on a marketing website to every visitor.

Remember, company marketing was soliciting an unknown audience to visit their website. The mistake looks obvious from a distance, the question is how to address the problem.

The solution then and now is exactly the same. Create a private environment with private access limiting an organization’s secure activity to authorized users. Security is about protocols.

The question as the Internet grew was “could” technology do something, no one stopped to consider if technology “should” do something. The rush to adoption was a rush to unintended consequences.

Cybersecurity fails because a “Secure Class” of access was never created. This mistake blurred the lines between secure activity and everything else. Cybersecurity needs to change its perspective, and process, from filtering data to identify authorized users to limiting access to authorized users.

The solution to the cybersecurity crisis is to have a non-cyber “Security Expert” analyze business processes to properly classify them. (Especially communications.) Then perform secure activity in Private. The Internet is the only place where a declaration of identity, data from an endpoint, is all that is required to access…everything.

Any organization that issues credit, debit, insurance and employment cards/IDs has already identified their Private community. Simply upgrading these tokens creates an independent private access method for each organization.

Then simply move “Secure” activity into the organization’s private Internet environment. Cybersecurity is a process, not a product.

The source of a problem can be found by following the logical decision process back to identify the first mistake. It is then a simple decision, correct the mistake or keep making the mistake. Cybersecurity Experts chose mitigation as their response.

Mitigation is a decision to keep making the same mistake …over and over expecting different results. Einstein had a theory.

Security is a process based on protocols that have stood since the dawn of recorded history. If something is secure, is it placed in private? Then identified members of a group are authenticated before access is granted. Times may have changed and become more sophisticated, but security protocols remain the same.

Cybersecurity will be achieved, as soon as an organization decides what they consider secure and then they secure it. Mistakes do not fix themselves and mitigate is a choice to keep making the same mistake over and over.

Arrange a Conversation