"How we face death is at least as important as how we face life."
As we progress through the year, I can't help but recall these words from Star Trek II: The Wrath of Khan -- one of my favorite movies. In recent years it seems like every aspect of the human experience has been affected by cybersecurity and privacy concerns. It’s time to establish a universal language and understanding of those foundational facts that govern our data-security lives.
Here are my five laws of cybersecurity, and while there could easily be more, these five will forever be the immutable universal constants that govern this topic and our existence in relation to it.
Law No. 1: If There is a Vulnerability, it Will be Exploited
In my first article for Forbes, I stated: “Consider for a moment that when the first bank was conceived and built, there was at least one person out there who wanted to rob it.” In the more modern era, since the first “bug” was found in a computer, we’ve been looking for ways to bypass the framework or laws that govern a computer program, a device, or even our society. Consider that there are those in our society who will try and hack everything within their capability. This could be obvious with more basic exploits, like the person who figured out how to obstruct their car’s license plate to go through a tollbooth for free, or the more obscure, such as infecting a complex computer system to derail an illegal nuclear weapons program. Finding ways around everything for both good and bad purposes is so ubiquitous today that we even have a term for it: “Life Hacking.”
Law No. 2: Everything is Vulnerable in Some Way
We cannot assume that anything is off the table and completely safe anymore. State-sponsored hacking is an excellent example of this. Government intelligence has been astonishing over the years in gaining access to an opponent’s systems when they were thought to be secure. Publicly, we’ve seen a series massive data breaches over the years from corporations that spend millions annually on cyber-defense strategies.
From Target to Anthem Blue Cross, these are corporations that hold millions of records on virtually every person in the United States combined, and fall under multiple government requirements and compliance laws for data security; yet here we are. Beyond obvious targets, we can also find more obscure examples that can affect us all on a global level. For decades, we have assumed our computers' processors are essentially safe and harmless, doing the job they were designed for. At the beginning of 2018, it was revealed that for decades these workhorses have been carrying a massive vulnerability that could allow malicious hackers to wreak havoc on all of us. From minor to major vulnerabilities, Law No. 2 is inescapable.
Law No. 3: Humans Trust Even When They Shouldn't
Trust, quite frankly, sucks. Yes, it’s an essential part of the human experience. We trust our significant others, trust by virtue of faith in whatever religion we adhere to, and also trust in the infrastructure around us. We have an expectation that the light switch will turn on the light or that the mechanic we pay to perform the oil change in our car will actually do it. We cannot have a functioning society without a sense of trust, and this is why it’s our greatest weakness in cybersecurity. People fall for phishing scams, assume that the anti-virus program they bought for $20 will turn their computer into Fort Knox (it won’t), or believe the form they’re filling out is legit (it sometimes isn't).
It sounds weird to say we need to combat trust, but we do if we’re going to survive against the nonstop hacking that takes place.
Law No. 4: With Innovation Comes Opportunity for Exploitation
The world is full of brilliant people. Bill Gates created a global computing platform to get humanity on the same page. Mark Zuckerberg created a social media platform used by billions globally. Alexander Graham Bell invented the telephone, which made the world a lot smaller. However, with each innovation and evolution in our technology comes certain exploits. We live in the age of IoT, and by virtue of this, our lives have, hopefully, been made better. One of the first big examples of this is the Ring doorbell. It made adding a video camera to your front doorbell easy, and very easy to monitor through a mobile app. Life was good with the clearly innovative Ring device -- until a security vulnerability was discovered. The company has since fixed that exploit, but as is always the case, we are waiting for the next vulnerability to be discovered, and naturally, it’s made even worse by Law No. 3.
Law No. 5: When in Doubt, See Law No. 1
This one isn’t a cop-out. Every single law written here comes down to the simple fact that no matter what the concerns or problems are with regard to cybersecurity, they all stem from a vulnerability of some kind. If we ever forget this, we are doing nothing but asking for trouble.
Our ability to properly defend ourselves comes from understanding that human nature makes these laws immutable. When we start thinking like a hacker is when we can actually stop them, so here’s to hacking the future together for our own security.
Written by: Nick Espinosa, Chief Security Fanatic of Security Fanatics, CIO, Keynote Speaker, Author, Radio Show Host, and Cybersecurity Expert, for Forbes.