The proliferation of point cyber solutions is not only downing us in complexity and amplifying an existing skills crisis, but it is also leaving most of the world, from small businesses to less developed economies, almost totally exposed. A whole new approach is required and there is an award-winning British startup that might just have it, explains Bill Mew.
At Infosec Europe in London this week a massive array of fantastic cybersecurity technology and innovation was on display. There was a host of great solutions and truly innovative products solving any number of different cyber problems. Individually they are fantastic, but collectively they are part of the problem – the cyber complexity problem that is.
While there is some consolidation and integration in the cyber arena, it is being outpaced by the proliferation of poor-integrated, point cyber solutions. And while each of these is great at solving a particular problem, CISO and cyber professionals that want to address the whole spectrum of threats are drowning in complexity. Having the skills to properly manage all of these tools, let alone integrate them effectively is almost impossible – especially with such skills being costly and in short supply.
Indeed cyber complexity has become more of a challenge for many CISOs than the cyber threats themselves. We desperately need to find a new way to address this mess.
I have a vested interest here. I do a lot of work with the International Association of Risk and Crisis Communication (IARCC.org). Some of its leadership team have been helping the World Health Organisation (WHO) with its crisis response to COVID and Monkey Pox. Their support has not been focused on the G7, where specialist resources are plentiful, but in other regions where these resources are scarce.
I am IARCC’s cyber ambassador. While I am concerned about the cyber threat landscape in the G7 (where the richest prizes for cyber criminals exist), I am mainly focused elsewhere. Two major divides concern me. There is firstly the massive divide in the G7 between large organisations that have CISOs, cyber tools and hopefully the skills to manage them, and those in the majority of the economy which is made up of small businesses which mostly lack either the tools or skills to protect themselves effectively.
Secondly, there is then the divide between the G7 and the many less developed nations. The G7 has resources like the UK’s National Cyber Security Centre (NCSC) with similar bodies elsewhere across the wealthier nations. Meanwhile the less developed nations not only lack the cyber tools and skills, but also have nothing comparable with the NCSC either.
The worse the cyber complexity crisis gets, the worse it will be for smaller organisations and under-resourced nations. And 5G and the Internet of Things (IoT) will vastly increase the number of endpoints that will need protecting. At the same time advances in Artificial Intelligence (AI) mean that the volume of threats and the overall complexity are only going to get worse. We cannot go on this way!
So what’s the answer?
ANGOKA is a start-up specialising in securing machine to machine communication. It is also the winner of the UK’s Most Innovative Cyber SME 2023 contest and it may just have the answer.
Its hardware-based solutions safeguard critical machine-to-machine communication integrity and data provenance, creating trusted connections, even in untrustworthy networks.
In theory point to point communication should be secure. You have a phone number or an IP address and this allows calls and data to be routed from one point to another. Unfortunately, phone numbers and IP addresses can be spoofed, and communications can be intercepted or interfered with.
ANGOKA creates unique identifiers for all devices that cannot be spoofed and provides a handshake between devices that prevents interception or interference. This may sound simple, but it is truly revolutionary. Once we have this kind of security baked in, all other layers of security can be built on top of it without the kind of complexity that is getting out of control.
Currently its technology is being tested in the form of PCI cards or dongles that can be fitted to computers, but in time it could potentially be incorporated into the silicon chips produced by device manufacturers. This would not only make it pervasive, but it would make it available at fairly negligible cost. We would then have security baked in at the device level and available to all … with minimal management overhead. It would also provide a standard platform that would enable far greater interoperability and eliminate a great deal of complexity.
I will be tracking this Belfast-based company with great interest. I hope that their vision can be brought to life and even if their innovation is not adopted as widely as we hope or if it is eventually superseded by a further iteration or innovation, it will have shown us a path to potential salvation.
Check them out at https://angoka.io/