Disincentivising Hackers, So No Expensive Cyber Defense is Needed
A Revolutionary New Cyber Security Strategy
Merchants, banks, government offices hold massive amount of public credentials, and hence attract the smartest ethically-challenged computer scientists to compromise their ever more expensive defenses. The advantage is with the attacker. It is estimated that for every $1000 of defensive security, attackers need to invest less than $15 dollars in hacking effort. The bad guys eventually win this race. A smart skilled computer scientist will make much more money breaking into systems than defending them, so no wonder talent migrates to the wrong side of the law.
Furthermore ,cyber defense suffers from an intrinsic disadvantage: the defense has to have as much imagination as the attacker to offer credible defense against any method of system penetration used against it. The attacker can be defeated time and again, he needs to win once!
It is time to stop this losing chase of super smart hackers. Back to the drawing board. Let's think afresh.
The best way to stop a thief is not to possess the goods the thief is after. The way things are run today, large public-facing databases hold copies of millions of credentials of the served public. One successful breach, and the attacker nets a fortune of reusable fraud-enabling data. Can we break this paradigm?
What if the assailed databases will not hold the exact copy of the credentials used by the public?
Well, then how would the server authenticate a user?
How about this: the server stores a nuanced version of the user's credentials. The nuance may be so subtle that authentication will proceed as before, but sufficiently pronounced for the server to spot the distinction between what is stored in its database, and what the user submits for authentication.
When the user presents his or her credentials the authentication proceeds normally but the server observes the expected distinction between its stored data and the user submitted data.
What happens when the server is being hacked? The successful hacker now sells his spoils to hoards of identity thieves. They then submit stolen names, stolen account numbers, stolen social security numbers, and pretend to be who they are not. The server will instantly realize that the submitted credentials are the mirror image of its own data -- no nuanced distinction. What's the conclusion? The server has been hacked, and the hacked data is now used to steal identities.
Two things happen right away: (1) the server raises the alarm -- we have been hacked?! (2) the thief is not only rejected, he becomes an instant target of law enforcement. The predator becomes the prey -- poetic justice!
Social media will spread the word as a brush fire: this big hacking success, the hacker bragged about, is no good. Don't use it, don't buy it spoils!
"What a waste!" laments the hacker: all this painstaking campaign to hack the credentials-loaded database ends up as an embarrassing failure. No return on the investment. One thing is for sure, this server will not see this hacker again; will not see any hacker again, because the word gets around -- it's a waste of time!
If hackers don't come, then all those burdensome super expensive cyber security measures can be largely dismantled. Now we are talking big savings! What a solution?! Rather than chase around a sneaky wily hacker, who needs one instant of success to drag you down -- you simply remove his incentive to come after you.
Von Clausewitz taught us that the most efficient way to win a war is not to kill your enemy, but rather to kill his will to come after you.
Von Clausewitz, your teachings work well in cyber space!
Now, to delve into this Nooance® technology, please send us a note, or if you are interested in the hard core of this solution, please check out the underlying patent (US 10395053).
Exhibit your "me first" spirit, take a moment to digest this fundamental new thinking in identity protection. It has many more applications, as we may lay out before you, when we get to talk. But the key point is very powerful: make it unproductive for the hacker to attack you, and then you will not need to deploy expensive cyber defenses to prevent an attack that would not come anyway.