One thought : when did the Cyber Age start? It’s not just a nice-to-know question.
Regardless of when it began, the Cyber Age is enabled by a foundation of five technologies (digitization, mobility, cloud, web, and AI) and their concomitant applications that dramatically changed how society interacts within itself, including conducting (or consuming, if you prefer) commerce than how it was done before the Cyber Age.
Always keep in mind the critical importance of the applications of the technologies. And how the (current and emerging) applications will reshape the Cyber Age.
Source: Bing.com from a search of ‘cyber interconnections’
I submit that the seeds of the Cyber Age began in the 1950s particularly with Digitization and AI Concepts. But when did the other three technologies begin – mobility, cloud, and web (well, Internet really but I’m going to focus on the GUI of the Internet aka ‘web’)? I’ll discuss the origins of each of the five technologies, and select applications, in my forthcoming book discussing the insurance industry and cyber.
One emergent property of the Cyber Age is the cyber-forming of all aspects of society from commerce of all goods and services to communication among and between people. Cyber-forming? Yes. Because each and every interaction will have at least one “cyber artifact” enabling the interaction.
Cyber artifact? Aaarggh … another term. I’ll define / describe it in my book. Just a heads-up for now: a cyber artifact is one that has one or more elements of applications from each of the five technologies which have created – and are strengthening – the Cyber Age. A fulsome Cyber Artifact has elements from all five of the technologies.
New Risks; New Risk Environment
As importantly, if not more importantly, for (re)insurers, the Cyber Age brought with its inception a new set of risks: cyber risks. Cyber risks which will continue to evolve into increasingly more complex forms of risks, including systemic cyber risks, which will generate combined ratios over 100%.
All the world’s a set of interlinking ecosystems … (or if you prefer something a tad more literate: “no man is an island”, thank you, John Donne – and neither is any corporation regardless of size or industry). If you don’t usually think “holistically”, I suggest that you begin to do that immediately, particularly if your company is selling cyber insurance or if you are a CISO, CSO, CRO, or CFO of an existing or potential enterprise wanting to purchase cyber insurance.
All the cyber risks, regardless of their simplicity or complexity, ‘live’ somewhere in a never-ending, always-unfolding Nth dimensional cyber attack topographical space (rather than an attack surface). I have a hunch that the cyber risks move at random times to random spaces of the cyber attack topography.
Predator / Prey Dynamic
Another wrinkle: – The Cyber Age brought with it a similar predator/prey dynamic that is essentially similar to a co-evolutionary predator/prey engine found in complex adaptive systems.
Why?
Because the Cyber Age is comprised of a continuing panoply of interconnections and interdependencies among and between digital artifacts, physical artifacts (with IP-sensors embedded on them or in them), living entities (with IP-sensors embedded on them or in them), and non-human entities (NHIs) each connected to the web (and so connected to other artifacts and entities connected to the web).
This never-ceasing expansion of “infrastructural” interconnections is causing the behaviors of participants in the Cyber Age to reflect somewhat similar behaviors as predators and prey exhibit in a natural ecosystem (which is an example of a complex adaptive system).
But what is a complex adaptive system? From Wikipedia: “A complex adaptive system is a system that is complex in that it is a dynamic network of interactions, but the behavior of the ensemble may not be predictable according to the behavior of the components. It is adaptive in that the individual and collective behavior mutate and self-organize corresponding to the change-initiating micro-event or collection of events.”
I think it is “somewhat similar” because in the corporate version of this expanding Cyber Age ecosystem, cyber predators will always have advantages over cyber prey. Moreover, I believe it is the cyber predators who will continue to evolve to better identify cyber weaknesses of the cyber predators (e.g., every person and enterprise that isn’t a cyber predator).
Maybe I’m being too cynical. Cyber prey are evolving: they are using MFA (or beginning to think about it or use it); they are hiring cyber advisory firms to scan inside-out or outside- or both (or are thinking about doing that); they are hiring firms to help them improve their managed detection and breach response capabilities (or are thinking about doing that); they are hiring firms to help them improve their cloud security monitoring and management (or they are thinking about doing that); and cyber prey are investigating or implementing other cyber resilience initiatives (whether with internal resources or from the assistance of outside help from cyber advisory and protection service firms).
Cyber prey are also complying – or striving to comply – with industry cyber regulations and government cyber regulations: I’m sure compliance will not slow down cyber predators. The cyber predators will evolve.
We all know that whether cyber prey evolve slowly or quickly: government and industry regulators will continue to issue cyber regulations; plaintiff’s bar attorneys will continue to sue; cyber modelers will continue to use new(er) technologies to model; but the reality will be that enterprises (whether IT-enabled or OT-enabled or a hybrid mixture of IT-enabled and OT-enabled) will remain cyber prey.
Cyber predators strike when they want (cyber predator intent can’t be modeled) at any place or places on the never-ending, always-unfolding Nth Dimensional cyber attack topography.
Business Owners / Managers Attacked On All Sides
It is one heck of a time to own or manage (or start) a business, attacked by:
- Cyber predators attacking when they want to attack – where they want to attack and how often they want to attack (and even notifying cyber regulators that your business has been attacked);
- Clients bringing lawsuits because they won’t believe you’re adhering to cyber regulations if your business is cyber-attacked (even if your business is adhering to each and every cyber regulation);
- Government regulators bringing lawsuits and fines if your business is cyber-attacked (even if your business is adhering to each and every cyber regulation).
In our expanding Cyber Age: Where do businesses find relief from cyber-attacks; From being drained dry by client; From lawsuits when they are cyber-attacked? From their own government when they are cyber-attacked?
I don’t have any answers.
Rabkin's Opinions 