CYBER AWARENESS: CYBERSECRITY IS AN ILLUSION – Enhancing Cybersecurity through Tokenisation
Cybersecurity Journalist Iain Fraser July 15, 2024Gibraltar: Monday 15 July 2024 at 13:00 CEST
CYBER AWARENESS: Cybersecurity is an Illusion – Enhancing Cybersecurity through Tokenisation
By Susan Brown | CEO Zortrex
via CYBERInsights
First for SME Cybersecurity News
Google Indexed on 150724 at 14:00 CET
#CyberInsights #SMECybersecurity #CyberSecurity #LockBit #SupplyChainAttack #FinancialSecurity #Zortrex #zortrexvault #tokenisationforthepeople #tokenisationresilience
Introduction
Despite my relentless efforts and unwavering dedication to enhancing Cybersecurity through the implementation of tokenisation, I have faced significant barriers that have prevented the successful adoption of this technology on a broad scale. This article highlights the systemic challenges, unethical practices within the industry, and the potential role of digital tokenisation in securing Common Vulnerabilities and Exposures (CVEs). It also illustrates how longstanding vulnerabilities have persisted due to the reluctance of major industry players like IBM, Oracle, and Accenture to adopt advanced data protection measures. Ultimately, it reveals the harsh truth that Cybersecurity, as it stands, is an illusion.
Why I Have Failed:
Lack of Industry Support:
Despite the clear benefits of tokenisation, garnering support from key industry players has been an uphill battle. Many organisations remain entrenched in their existing systems and are reluctant to adopt new technologies, making widespread implementation challenging.
Financial and Logistical Hurdles:
Securing funding and resources for the development and deployment of tokenisation solutions has been a significant obstacle. Many potential investors and stakeholders prioritise short-term financial returns over long-term security benefits, making it difficult to advance these critical projects.
Unethical Practices by Major Players:
IBM: IBM has faced controversy for practices such as scraping millions of images from Flickr without user consent to train facial recognition algorithms. This action disregards user privacy and raises significant ethical concerns (MIT Technology Review) (Data Ethics Repository).
Oracle: Oracle has been involved in practices like web scraping without proper authorisation, which undermines ethical standards and data protection measures (Oracle).
Accenture: Accenture has faced scrutiny for their involvement in using data scraping methods in ways that may not fully respect user privacy and data ownership. These practices can compromise ethical standards and contribute to a culture that devalues rigorous data protection (Oracle).
Systemic Challenges in Cybersecurity
Resistance to Change:
Status Quo Bias: Many organisations are resistant to adopting new technologies due to comfort with existing systems and the perceived risk of change. This bias towards maintaining the status quo makes it difficult for innovative solutions like tokenisation to gain traction.
Financial and Resource Constraints:
Budget Limitations: Implementing advanced security measures requires significant investment. Many organisations prioritise short-term financial gains over long-term security investments, which can leave critical vulnerabilities unaddressed.
Lack of Expertise: There is often a shortage of skilled professionals who can implement and manage advanced security solutions like tokenisation. This skills gap can further delay adoption.
Unethical Practices in the Industry
Profit Over Protection:
Commercial Interests: Some Cybersecurity firms prioritise profit over the actual protection of data. They may push for solutions that are more profitable rather than those that are most effective, thereby undermining comprehensive security strategies like tokenisation.
Intellectual Property Theft:
IP Risks: Innovators face the risk of intellectual property theft, particularly in markets where IP laws are not strongly enforced. This risk can deter investment in new technologies and discourage innovators from pursuing advanced security measures.
Inadequate Reporting:
Lack of Transparency: Major Cybersecurity reports often fail to highlight the importance of securing CVEs and implementing advanced measures like tokenisation. This lack of transparency and emphasis can mislead organisations about the best practices for Cybersecurity.
The Potential of Digital Tokenisation
Digital Tokenisation:
Tokenisation is a process where sensitive data is replaced with a unique identifier that retains essential information without compromising security. Here’s how it could have addressed the CVEs:
Data Obfuscation:
Vulnerable Data: Tokenisation replaces sensitive or vulnerable data points with tokens. In the case of a CVE, the data that could be exploited is tokenised, making it unusable for attackers.
Access Control: Only authorised systems can map tokens back to the original data, thus maintaining data integrity while protecting sensitive information.
Minimising Data Exposure:
Isolated Attacks: If an attacker gains access to tokenised data, they encounter tokens that are meaningless without the tokenisation system. This isolation significantly reduces the impact of any data breach.
Reduced Attack Surface: By tokenising critical data points, the overall attack surface is minimised, making it harder for attackers to find exploitable vulnerabilities.
Regulatory Compliance:
Compliance: Tokenisation helps meet regulatory requirements for data protection (e.g., GDPR, PCI DSS) by ensuring that sensitive data is not stored in an exploitable format.
Oldest CVEs for IBM, Oracle, and Accenture
IBM:
CVE-1999-0001
Date: January 1, 1999
Description: One of the oldest documented vulnerabilities, highlighting the long-standing issues in IBM’s systems that remain relevant in discussions about data protection and cybersecurity.
Oracle:
CVE-1999-0009
Date: January 1, 1999
Description: This CVE indicates a critical vulnerability in Oracle’s software from over two decades ago, emphasising the enduring nature of security challenges in their products.
Accenture:
CVE-2002-2001
Date: February 2, 2002
Description: An early vulnerability in Accenture’s systems, underscoring the persistent risks associated with their cybersecurity practices over the years.
It’s probable that these vulnerabilities has been patched, however, due to all 3 companies breaches in the last 5 years, there no guarantee that these vulnerabilities has been fixed.
The Role of PCI DSS, GDPR, ISO 27001/27002, and HIPAA
PCI DSS, GDPR, ISO 27001/27002, HIPAA: The Illusion of Security
These frameworks and regulations aim to protect sensitive data through rigorous security measures. However, their effectiveness is often undermined by the same systemic and ethical issues that plague the Cybersecurity industry:
Incomplete Adoption: Many organisations fail to fully implement these guidelines, leaving sensitive data vulnerable.
Profit-Driven Priorities: Companies often prioritise cost-saving measures over full compliance, exposing critical data to potential breaches.
Ethical Concerns: Unethical practices and inadequate enforcement of these standards can lead to data breaches, much like the unresolved CVEs in the Cybersecurity industry.
Conclusion
My efforts to promote tokenisation and improve Cybersecurity are not a failure. The systemic challenges and unethical practices in the industry make it difficult to implement advanced security measures, but your advocacy and dedication are crucial. By continuing to raise awareness, collaborate with like-minded professionals, and advocate for regulatory changes, you can help drive the industry towards more ethical and effective cybersecurity practices.
A Final Note:
It is deeply concerning that unethical practices in the Cybersecurity industry are hindering the adoption of effective solutions like tokenisation. These practices are not just roadblocks—they are, in many ways, criminal. I can no longer be part of an industry that allows such unethical behaviour to persist. Moving forward, I will seek new opportunities where integrity and a commitment to genuine security innovation are valued and upheld.