Before reading, I realize how pervasive with buzz words some would consider the title of the article and for that, I apologize! I am just trying to illustrate a perspective I feel has been ignored.
The question that is immediately asked whenever a zero-day (previously unknown exploit to security professionals and the companies developing the project alike) rifles through networks as firms rush to find a method to triage is “how does this affect business?” Although this is an important consideration for multinational organizations whose downtime is equivalent to that of the GDP of a small nation, this consideration cannot remain so narrow. Even though some of these organizations are becoming the very medium that culture is expressed through, there needs to be a dialogue on the considerations of further-reaching implications than that of the dollar value of an attack. This is not an attempt to minimize the impact of some of the most widely used platforms, but rather a cry for identification of the unrealized opportunity cost that cyber attacks pose to developing nations.
Opportunity cost is a concept that most have a tangible understanding of. In short, you forgo the benefit of the next best option depending on the, theoretically, rational choice being made. The opportunity cost of a cyber attack could be an astronomical amount on an enterprise environment as they would start to hemorrhage resources to try to triage where you could have been conducting business as usual.
Software as a service (SAAS) products are not only more relevant than most hardware in our industry, but they introduce a potentially lucrative opportunity with knowledge and drive being the only barrier to entry. Many economists state that we currently are in a period deemed to be the 4th industrial revolution. It’s not a focus on manufacturing and reinvention of workers manning an assembly line, but it’s about how technology is revolutionizing the production of value.
With less natural resource-rich countries not being able to rely on exports or tourism if they’re looking to boost their GDP, software provides an incredibly valuable opportunity for growth. That being said, as we live in an age where NATO has recently recognized cyberspace as a domain for warfare, these countries — and their economies, are being placed at significantly more risk.
With their extremely limited funding, these countries are going to be far from investing in things like cybersecurity. Even if there was enough funding, there exists the possibility that they could fall prey to another attack before they were able to clear the processes required to implement some of these measures. Not only is the software and hardware associated with building a secure system expensive, but the cost of the skilled labor and expertise to set up these systems, human capital.
The immediate solution to this going forward is a reliance on some of what makes modern software companies tick, open-source software. You have open source SIEM’s to monitor networks like Wazuh and other options to counter the incredibly feature-dense, but expensive products that are dominating the market. The value would be directly proportional to that of possible log sources that they would have to feed into the system, but that is starting to dive into another discussion besides the proof of concept.
Yet another solution could be backing a group like the International Organization for Standardization with funding to support a state of uniformity for countries with a GDP under a certain threshold. The initial costs could be great for such a program, but the possibilities of computing can only benefit from more minds tackling it.
These are just ideas, but those are something that I have plenty of (unfortunately).
Thank you for taking the time to read this!
