Home > Articles

This chapter is from the book

Technology X Will Make You Secure

There is a well-known meme attributed to Internet pioneer Vint Cerf. It is a simple flowchart that starts with the decision point “Do I need a blockchain?” and points to a single endpoint: “No.” Blockchain is not the answer to every problem (it might not be the answer to any significant problem), and it certainly is not the perfect answer to cybersecurity.

Cloud. Quantum computing. Open source intelligence. Blockchains. Artificial intelligence and machine learning. Even encryption! Innovation and technological evolution continue to drive progress in cybersecurity by lowering risk, and these technologies can be powerful enablers. Technology plays a prominent and important role in cyber defense—however, it is a myth that any technology alone will eliminate cyber risk. Beware the hype.

Jackie Fenn coined the term hype cycle at Gartner in 1995. She observed a predictable path of over-enthusiasm and disillusionment for new technologies before they eventually provide predictable value. The graphical representation covers five phases:

  1. Technology Trigger

  2. Peak of Inflated Expectations

  3. Trough of Disillusionment

  4. Slope of Enlightenment

  5. Plateau of Productivity

The hype cycle acknowledges the value of technology but never espouses that any will solve all problems.

The history of cybersecurity is full of examples of defenses we once thought were perfect. Address space layout randomization (ASLR) was created to prevent the exploitation of memory corruption vulnerabilities. So was Data Execution Prevention (DEP). They did have a positive impact and helped to cripple some malware. But ASLR and DEP did not stop attacks across the board. These technologies could not prevent phishing and other social engineering from affecting computers. Furthermore, attackers adapted and learned to bypass DEP and ASLR using Return-Oriented Programming (ROP).

This myth goes hand in hand with the myth that a single product will protect us. Nothing applies to all threats and all situations. Add into that the fact that these technologies and solutions often have their own vulnerabilities. Nothing is perfect in the cybersecurity world.

The key to avoiding the myth that any technology will solve cybersecurity is honesty about what it cannot do. Do not let that stop you from being excited about new technology. Evaluate, experiment, and deploy with open eyes, while acknowledging that it alone cannot save us. Also, be alert to any new vulnerabilities or exposures that might result from it!

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.