Happy birthday Internet: why the web was built for shareability over security, and how we can one day have both
Aug 07, 2018
On 6 August 1991 - 27 years ago - British computer scientist Sir Tim Berners-Lee launched the world’s first web server from CERN in Switzerland. This soon led to the first HTML webpage being launched, which was arguably the birth of the world wide web.
The beginnings of the Internet
We love the Internet, and we are so glad it was created. It allows us to connect with peers across the globe; collaborate in real time; and store and access infinite amounts of data. And it’s apparently not just us who feel this way. Several years following Berners-Lee’s HTML website, there were more than 500 known web users. Nowadays, the number of internet users has surpassed 4 billion. But the Internet was not built for security, and we are now paying the price.
Why the Internet wasn’t built for security
The topic of who invented the Internet and when is about as heavily disputed as the true identity of Satoshi Nakamoto. However it is generally acknowledged that the concept of the Internet had its foundations in the ARPANET. This was a network built in 1969 by researchers attached to the US Department of Defense, as a means of collaborating between offices. The founders of the ARPANET just wanted to share information amongst themselves. And they never imagined the more refined and widespread use that the Internet would eventually be put to. Or, God forbid, the criminal and nefarious purposes that would eventually come into play. This explains why the foundations of the Internet were built to make information accessible; to allow data to be sent quickly and reliably - not for securing information or verifying the identity of the recipient.
As the Internet began to evolve there were various movements to incorporate more security measures, for example encryption within TCP/IP. But this was knocked back both for national security reasons (ironically!), as well as for the additional hardware requirements which the more sophisticated system would have required. Nowadays it is commonly accepted that it’s basically too late.
The problem with favouring shareability over security
We are now left with an Internet that was built for ease of sharing. The only problem is that some things weren’t made to be shared. The data of 147.9 million Equifax users wasn’t made to be shared. That’s why the company’s CEO was fired, and $4 billion in share valuation was lost, when this leaked in 2017. The passwords of 3 billion Yahoo users wasn’t meant to be shared either. That’s why $4.5 million was knocked off the company’s sale to Verizon when this happened in 2014.
The rise of accidental data leaks
The Internet is increasingly becoming a place where people store and exchange sensitive documents. This was less of a problem when these assets remained within the confines of the company perimeter. But collaboration is starting to permeate the barriers of our internal networks to accommodate, for example, employees working from home, or suppliers and freelancers working on our documents inside their own - often poorly protected - networks. US companies now work with an average of 1,500 third parties, and it is becoming increasingly more complicated to guarantee the security of the sensitive information that they handle. According to Ponemon, 56% of companies have experienced a data breach linked to a vendor. And if a third party is involved in a leak, it will cost an average of $17 more per record than the average cost of a data leak per record.
Data leak detection: the key to balancing shareability and security
The Internet was not built to be secure, and we are adding more risk by electing to operate within increasingly complex supplier ecosystems. In environment like this, data leaks become inevitable. But the good news is that damage is optional. By investing in threat intelligence solutions, companies can proactively address the risk. A data leak detection solution, for example, will allow companies to detect leaks the instant they occur and quickly remediate while damage is at its lowest.
We think it’s great that the Internet enables fast and efficient collaboration the world over, and we wouldn’t want it any other way. But companies need to understand the risk tradeoff that this presents to their precious data. And they need to be prepared to take measures to offset this in order to enjoy the benefits of shareability and security. Because who says they need to be mutually exclusive?