Home / News & Videos / News / Homeland & Cyber Security /

Cyber Security – More Chameleon, Less Rhino

Cyber Security – More Chameleon, Less Rhino

December 9, 2019

Homeland & Cyber Security

Stock Daily Dish — Billions are being lost to cyber-crime each year, and the problem seems to be getting worse. So could we ever create unhackable computers beyond the reach of criminals and spies? Israeli researchers are coming up with some interesting solutions.

“We need to bring prevention back into the game,” says Yuval Danieli, vice president of customer services at the Israeli cyber-security firm Morphisec. “Most of the world is busy with detection and remediation – threat hunting – instead of preventing the cyber-attack before it occurs.”

The main principle governing the cyber-security industry ever since it was invented – surrounding businesses with enough armor plating to make it too time-consuming for hackers to drill through – is called the rhinoceros approach. But some think the industry needs to be less rhinoceros and more chameleon, camouflaging itself against attack.

Prof. Yuval Elovici, head of Cyber@BGU and co-founder of Morphisec

Morphisec – born out of research done at Ben-Gurion University of the Negev (BGU) – has developed what it calls “moving target security.” It‘s a way of scrambling the names, locations, and references of each file and software application in a computer‘s memory to make it harder for malware to get its teeth stuck into your system.

The mutation occurs each time the computer is turned on so the system is never configured the same way twice. The firm‘s tech is used to protect the London Stock Exchange and Japanese industrial robotics firm Yaskawa, as well as bank and hotel chains.

But the most effective way to secure a computer is to isolate it from local networks and the internet completely – so-called air gapping. You would need to gain physical access to the computer to steal data. Prof. Yuval Elovici, head of the Cyber Security Research Center at BGU and co-founder of Morphisec, warns that even this method isn‘t 100% reliable.

“The obvious way to attack an air-gapped machine is to compromise it during the supply chain when it is being built,” he says. “So you then have a compromised air-gapped computer in a nuclear power station that came with the malware – the attacker never has to enter the premises.”

There is always a trade-off between usability and security. The more secure and hack-proof a computer is, the less practical it is in a networked world. “Yes, we can build an unhackable computer, but it would be like a tank with so many shields that it wouldn‘t move anywhere,” says Morphisec‘s  Danieli.

The concern for the cyber-security industry is that as the nascent “internet of things” develops, powered by 5G mobile connectivity, the risk of cyber-attack will only increase. And as artificial intelligence becomes more widespread, it will become just another tool hackers can exploit.