Computer system breaches, data theft, and other cyberattacks are not only big news, they are costing America’s businesses billions of dollars every year. A new report from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and an upcoming MIT Professional Education course take a future-focused approach to this problem.
Howard Shrobe SM ’75, PhD ’78, executive director of the Cybersecurity@CSAIL initiative, acknowledges the usefulness of the many new tools in the marketplace, but he says they are generally aimed at solving yesterday’s attacks. In the report and the course that starts next week, Cybersecurity: Technology, Application, and Policy, he takes a different approach. “The things that attract my attention—and the course is very focused on this—are things that would remove whole classes of attacks from consideration altogether.”
Shrobe says all companies must first learn to identify—and then overcome—the two fundamental cybersecurity threats to businesses:
- Legacy weaknesses in the architecture of most of today’s computer systems
- Flaws in how to identify individuals and to authorize access to highly sensitive data
Research organizations like CSAIL are working to resolve these weaknesses and guarantee security despite human error and accidental vulnerabilities, he says. For more, read an excerpt from “The Future Postponed,” a new report from the MIT Committee to Evaluate the Innovation Deficit. To learn how to reduce your organization’s exposure to cyberattacks, enroll now in MIT Professional Education Digital Program’s Cybersecurity: Technology, Application and Policy. The self-paced, six-week course begins January 12, 2016, but you can join the course through Jan. 19. MIT alumni are eligible to save 15 percent; just email email@example.com from your alumni.mit.edu email address to received your discount code.
Despite the serious topic, Strobe sees reasons for optimism. “Although it takes a long time for new ideas to permeate the mainstream, I think over ten years we are going to see machines that are just fundamentally less prone to attacks,” he says in a recent interview. “In the next few years, we are going to do away with the sort of cheap attacks that steal people’s passwords and things like that.”
MIT’s recent move to a two-factor authentication system for critical systems is a good step. “The great thing about two-factor schemes is that it is very hard for an attacker to succeed at breaking those because they not only have to steal your secret, your password, but they also have to steal your token. Where stealing passwords at scale is possible, stealing tokens at scale isn’t.”