Professional Documents
Culture Documents
An Account On Cybersecurity Failure On The Last 20 Years - SG
An Account On Cybersecurity Failure On The Last 20 Years - SG
Shkelzen Goxhaj
McMaster University
ECE 738 Cognitive Risk Control for Physical Systems 2
1. How worldwide companies are failing on cybersecurity and some human inherited
difficulties.
Based on a survey made by Thycotic – a provider of privileged account management (PAM) was
shown that more than half of the companies (58%) failed to evaluate their efforts to measure
their cybersecurity investments and performance against best practices. This means that
worldwide companies and governments are investing blindly in cybersecurity defenses, while the
After about 20 years and billions of dollar invested, the organizations still are struggling with
cybersecurity and the problem is deteriorating instead of getting better. The issues seem to be not
only technical. There other challenges which lay on our difficulty to understand cyberspace
which is quite different from our physical world and make this field very counterintuitive. Since
the cyberspace is made by nodes and light speed communication, concepts like distance,
proximity and borders are very different. It is difficult to define which entity is on charge of
security of certain parts of the network. In our physical world, border security is maintained by
federal government, but this approach won’t work on cyberspace. The routes that are used from
businesses to communicate internally and with their customers are also used from the attackers to
steal or invade business digital property. The government can’t get in the way of the later
without getting on the way of the former. Generally speaking, using out physical world as a
Furthermore, the cybersecurity policies, law and practices are not fully developed. From this
prospective, this realm is fairly young considering that internet exist only on the last 25 years and
its frequently changing. Therefore, we haven’t been able to developed the framework we need.
ECE 738 Cognitive Risk Control for Physical Systems 3
Here is some question which we don’t know how to clearly answer yet:
What is the right division of responsibility between governments and the private sector in
terms of defense?
What standard of care should we expect companies to exercise in handling our data?
What actions are acceptable for governments, companies, and individuals to take and
boundaries?
When we have a better understanding of these questions, we would be able to developed the
2. Other challenges
An often approach used to unsure cybersecurity is by chasing the hackers, which has become
a never ending arm race and where the organizations are on rush to catch-up. This approach
A promising technology such as AI which have been seen as weapon which can be used
against cyber-attacks, however the rise of AI will enable cyberattacks and it’s expected to cause
an explosion of network breaches. It is very likely to lead to an AI arms race, not very different
Moreover, there is a human aspect on this war to ensure cyber safety. A lost laptop or
opening a phishing email is something we could not prevent; however, this is not as harmful as
ECE 738 Cognitive Risk Control for Physical Systems 4
when criminals break into organizations network. For example, when a criminal is involved, the
cost for a breach is typically $170.00 per capita per breach, compare to a human error which is
about $140.00 a breach. Other than the most obvious mistakes that employees do, such as
phishing emails, or exposing their passwords, there are other mistakes such as uploading
information on third parties and collaborative platforms without taking the necessary protection
measures.
3. Overview
Today reality is that no matter how careful we are, no matter how well we design our
strategies or how well we educate employees and users, we’re never 100% safe against a cyber-
attack. Organizations best defense reaming extra cautious and putting in place strategies in case