The Web continuous growth of the web is adding an unprecedented number of devices that are constantly engage in information sharing and even performing much more sensitive tasks, with most data still transmitted in the clear. Increased connectivity has facilitated the rapid growth of attacks aimed to steal valuable personal, business and government data. So, encryption is the only way to protect the data properly, it will ensure information is only accessible by the intended recipient. The encryption has already helped us to secure countless core applications from satellite and power control systems to air traffic communications and stock exchange transactions. It literally is the first line of defense for information we deem sensitive or proprietary.
After the Apple authentication case, the companies who are developing technologies for banking, medicine, and the auto industry is now required to introduce a US government-mandated backdoor in their systems. Whereas, the law enforcement agencies still have to obtain a warrant or perhaps a FISA court order to decrypt the data. However, unless government systems undergo a seismic security overhaul, the key repository will be breached sooner rather than later.
The private sector has built unprecedented collections of information – a rich target for criminal hackers and nation states. The cost of largely inevitable security breaches is only going to grow as more information is mined for monetization. In the short term, we, as an industry, need to carefully assess and improve our capability to secure data and refrain from collecting information we cannot protect.
The idea of having greater control of our personal information is fundamental for the development of the digital economy. Although potentially expensive, it must become a long-term goal for the industry to rethink our business strategies around data collection, similar to the car industry lowering emission and fuel consumption levels, which once was considered impossible.
But, to better detect, deter and respond to malicious cyber activities, cyber threat information should be shared in real time between and within government agencies and public/private enterprises. Both have unique information to contribute to the threat picture. It is only by combining our knowledge that we can comprehensively understand cyber security threats and how to counter them.