Recently I sat down with Alan Duric, Co-Founder and CTO/COO of secure collaboration platform Wire. When it comes to experience, Duric pretty much has done it all, mostly; in the field of real-time communications.
In addition to his role at Wire, Duric is Co-Founder and CTO at Telio Holding ASA, a firm listed on the Oslo Stock Exchange. The same can (be) said about Camino Networks, a company acquired by Skype/eBay back in 2006. As a pioneer of early VoIP (Voice over Internet Protocol) technologies, Duric has further another claim to UCC fame.
He maintains extensive knowledge regarding the standardization of the speech codecs that led to what we now call WebRTC. With his background in mind, we sat down for a chat to discuss the state of the union, or at least the state of enterprise/government-level cyber security in 2022.
Scams, Robocalls, Etc.
Last year, we saw an unprecedented amount of attacks on the likes of businesses and even a never-before-seen number of scams reported to the FTC (Federal Trade Commission). While robocalls are not 'cyber-related, I still feel it necessary to provide further context.
If an agent takes a robocall on a work or personal device and somehow gives an unauthorized individual or potential scammer access to that device - companies then run the risk of encountering (larger) issues like having sensitive company data held hostage for unbelievable sums of money. The wrong click of a link sent by a scammer on the wrong device in the workplace, does, pose challenges, Duric noted.
And the top five states to have received the most robocalls in 2021 were: Maryland (2,028 per 100K population), Delaware (1,982 per 100K population), Arizona (1,945 per 100K population), Colorado (1,943 per 100K population), and Virginia (1,939 per 100K population), according to the FTC's 2021 "Do Not Call List."
Overall, robocalls are way more impactful on consumers. According to CNBC, Americans have lost nearly $13.4 million to coronavirus-related robocalls as of May 2020. Seniors are hit the hardest, with the AARP reporting seniors lose an estimated $2.9 billion each year to financial scams.
While such a breach might only present minuscule financial risks for businesses - it is still an 'in' for bad actors. There is further risk involved in things like BYOD (bring your device) unless you have a robust way to secure the platforms.
A Race to Quantum Domination is in Full-Effect
Duric seems to think, and with good reason, that countries will kickstart the race for quantum resistance, telling me: "The development of quantum computers has reached a state where it can get feasibly deployed to crack modern computer encryption soon."
As I noted earlier, elements like extortion, higher ransom demands, and sensitive data leaks ran rampant in 2021. One of the most notable ransomware attacks; impacted between 800 and 1,500 businesses globally.
Things got sticky for the Florida-based firm, Kaseya, and its customers. So much so that White House officials and the FBI got involved. Duric said that watching scenes like these play out stresses the importance that countries and businesses still have a lot of work to do; by creating larger quantum computers. Ok, here it is - prediction time, according to Duric:
"The race is on for the development of quantum resistance to fend off the possibility of future attacks, and 2022 will see nation-states such as the U.S and China or even a joint effort from the EU and NATO to prepare for the age of quantum computing."
Cybercrime Will 'Balloon' to a $10 Trillion Concern
Duric forewarns - there will be physical consequences. I know, sounds ominous? According to Duric:
"After a string of major cyberattacks from SolarWinds to Colonial Pipeline and more, major world leaders such as Biden, Merkel, and Macron have made cyber security a national priority."
Duric went on to say: "With the rise of nation-state-backed cybercriminals, attacks will only get more sophisticated and frequent next year."
Edge Solutions/Zero-Trust to Become A Necessity
As most feel it is not only safer (health-wise) to work from home, many find it improves their mental health, as well. Workers report more balance, freedom, flexibility, and the ability to reduce commutes/travel - eventually taking more time to do the things they want to do.
Recent data compiled by Slack suggests that folks are willing to leave their job in search of greater flexibility because they have the option for hybrid work. Respondents to the survey were firm in their stance, noting they'd leave their job for one with lesser pay - if it let them work from home. Duric backs up the notion, adding:
"Employees in white-collar jobs have (made it clear) that working from home must be incorporated permanently into work policies. It is, however, unfortunate that most systems that companies have in place are designed to work with a firewall and are unsuited for a remote work environment."
He told me that in 2022, organizations must begin to rethink the systems they deploy and take a deeper look at adopting more edge-based solutions based on zero-trust architecture. All this might sound like a complicated mess, so let's break that down to understand how this might (actually) benefit a business.
What is Edge Computing?
Edge-based computing enables real-time exchange on mobile and wireless platforms. It does so by relieving the often heavy load of data held and processed by data centers in the cloud. It is a form of computing that shifts that responsibility to devices that form the 'Internet of Things (IoT),' optimizing for optimal performance.
What is Zero Trust Security?
In a previous article where I interviewed Wire CEO, Morten Brøgger about Wire and its endeavors in the secure collaboration space, I defined the concept of zero-trust. The idea of “zero-trust” is an IT security model that requires a strict identity verification process for every person and device trying to access resources on a private network – no matter if they are within or outside of the network perimeter.
Such rigorous implementation of advanced security protocols, coupled with employee awareness, could very well mean the difference between secure enterprise-grade communication/collaboration and the risk of proprietary data getting into the hands of bad actors.
