For decades now, the cybersecurity industry has been trying to keep hackers and virus authors at bay by their scan engines. These scan engines, be it an antivirus, antispyware, anti-worm, anti this and anti that have been with us for ages. However, the cybercriminal community has taken the challenge, as they continue to develop new types of malware that the world is not ready to face yet. The successful penetration of WannaCry malware of 2017 and the silent operation of various cryptocurrency mining malware this year, 2018. In both instances, in two consecutive years, the cybersecurity industry has not done anything but to play catch-up, the sad continuation of their ‘reactive’ business portfolio against nasties.
The current setup is the maintenance and improvement of scanning engines, either with a newer signature or a much improved engine itself. However, this does not suffice today, as proven by the 1,300% increase of cybersecurity-related cases from 2005 to 2015, two years before ransomware even became a household name and three years before the common Internet Joe found-out the existence of crypto mining malware.
The cybersecurity industry needs to reform itself as a better provider of IT security products and services, to finally stop being reactive to what the hackers and virus authors are producing. The key to this change can be summarized in one word: deterrence. Fighting cybercrime will not be successful if we will just remain reactive. There is no point of disinfecting a hard drive that was already infected by malware, we already lost the flag in the game. One point that can be reviewed is the ever decreasing cost of developing malware.
Moore’s law states that computer power doubles every 18-months, something that still holds firmly to this day. This same law lowers the barrier of entry for a neophyte virus author, as hardware becomes commoditized. Additionally, with available easy access to the Dark Web, portions of the web beyond the capabilities of search engines to crawl, a promising new virus author has all the information and tools in his hand to start his ‘career.’ The current setup is very friendly for virus authors, while cybersecurity companies have to deal with the laws of the country where they sell their antimalware products in the name of user privacy.
This is why Australian law makers went ahead with their anti-encryption legislation. Yes, from the perspective of a typical IT professional, we may call it stupid if not outright moronic to deliberately insert backdoors to software sold to customers. It’s basically like asking a doctor to sign his name on a poisonous formula as a prescription medicine. But from the perspective of a law and order, creation of a backdoor may help lessen the drive of virus authors, cyberterrorist and hackers against a system, companies and individual computer/gadget users.
The Australian legislation may become an experiment we really need to witness, as no other country wants to be the guinea pig of becoming the first nation to lessen encryption’s effectiveness in the name of fighting crime. It is not yet known if the information for breaking an encryption algorithm will be exclusively be held by Australian authorities alone, or it can be shared with cybersecurity defense companies under an NDA.