Billions are being lost to cyber-crime each year, and the problem seems to be getting worse. So could we ever create unhackable computers beyond the reach of criminals and spies? Israeli researchers are coming up with some interesting solutions.
The key to stopping the hackers, explains Neatsun Ziv, vice president of cyber-security products at Tel Aviv-based Check Point Security Technologies, is to make hacking unprofitable.
“We’re currently tracking 150 hacking groups a week, and they’re making $100,000 a week each,” he tells the BBC.
“If we raise the bar, they lose money. They don’t want to lose money.”
This means making it difficult enough for hackers to break in that they choose easier targets.
And this has been the main principle governing the cyber-security industry ever since it was invented – surrounding businesses with enough armour plating to make it too time-consuming for hackers to drill through. The rhinoceros approach, you might call it.
But some think the industry needs to be less rhinoceros and more chameleon, camouflaging itself against attack.
“We need to bring prevention back into the game,” says Yuval Danieli, vice president of customer services at Israeli cyber-security firm Morphisec.
“Most of the world is busy with detection and remediation – threat hunting – instead of preventing the cyber-attack before it occurs.”
Morphisec – born out of research done at Ben-Gurion University – has developed what it calls “moving target security”. It’s a way of scrambling the names, locations and references of each file and software application in a computer’s memory to make it harder for malware to get its teeth stuck in to your system.
The mutation occurs each time the computer is turned on so the system is never configured the same way twice. The firm’s tech is used to protect the London Stock Exchange and Japanese industrial robotics firm Yaskawa, as well as bank and hotel chains.
But the most effective way to secure a computer is to isolate it from local networks and the internet completely – so-called air gapping. You would need to gain physical access to the computer to steal data.