There is an employment crisis in cyber security that has silently compounded over the past six years. Toward the end of 2012, analysts identified a near zero percent unemployment rate in the cyber security industry with thousands of vacant positions. Now, the industry is on track to reach near two million open cyber security positions with no qualified employees to fill the gap.
On the other side of the equation, attacks are on the rise. Today’s $8.5 billion/year antivirus market is broken, with 70 percent of threats going undetected and cybercrime damages expected to double by 2021 and reach $6 trillion.
There is an obvious problem with how we approach cyber security, but blockchain may help revise the infosec hiring model, make cyber security more efficient, and decrease the impact of malicious attacks globally.
A single marketplace that brings enterprises, consumers, vendors and geographically-diverse security experts together may be the solution for more complete cyber threat detection. An example would be PolySwarm’s blockchain project where experts craft and maintain competing software “micro-engines” that quickly identify the latest threats, attempting to outperform their competition. The combined protection of thousands of micro-engines allows for broader, faster coverage and more efficient protection.
Why use blockchain micro-engines rather than bug bounty?
Unlike traditional bug bounty programs, blockchain has opened the door to more collaborative antivirus environments that can use prediction markets in combination with proof of work. In a micro-engine model, experts collectively evaluate artifacts with competing software. Then, they use smart contracts on the blockchain to make bets on whether those artifacts are malicious or not. Software that best defend end-users receive a tokenized reward. Experts work to maintain and improve their engines to remain competitive.
Blockchain removes the human element of the antivirus marketplace and supplants it with a well-oiled system of computers running competitive detection. Mediated consensus across the blockchain rewards consistently accurate participants.
How does this impact the issues outlined above?
Today, single vendor offerings dominate cyber security. Companies and individuals purchase antivirus software often on a subscription basis and apply broadly with no interoperability. Consumers can’t use two antivirus programs for combination protection. And most don’t want to purchase multiple subscriptions for threat detection anyway. This is a fundamental problem that has perpetuated a decline in cyber security success.
No antivirus software is perfect. Thousands of hackers are evolving their malicious code constantly. Yet, customers must hang their hats on a single team to keep pace with vaccinating and patching against insurmountable odds.
Creating collaborative, yet competitive environments for protection simply makes sense. It rewards security based on its delivery, not just an illusion of protection or empty promise.
As for the increasing demand for security professionals, there are two lines of thought.
First, we tend to categorize infosec professionals based on their existing job track and access to employment. The truth is, there are still many experts floating around the third-world with lack of access to jobs. Major antivirus companies tend to hire first-world support. This leaves uncounted infosec professionals to deploy their skills elsewhere in IT or even maliciously. A decentralized blockchain marketplace is not bound by geographic support. Consequently, it provides fewer barriers for those seeking to enter the infosec market.
Second, the increasing demand for cyber security points to the inefficiency of our existing system. Companies tend to hire security professionals as sentries that react to attacks. The experts are used to validate security practices and vet software.
Unfortunately, staffing more infosec employees doesn’t solve the issue because these teams are largely analyzing the same threats. Which means hiring more doesn’t necessarily expand their threat detection capabilities.
A crowdsourced marketplace approach can help to remove that duplication of effort, so there would be a smaller numbers of security experts required in a company’s on-site security team. Those on-site teams would be doing the work that is specific to that company, while the security experts in the marketplace will cover all of the common and duplicative work.
Companies know they need security, and they’re increasing their spend and headcount for more peace of mind. But this action is often a wasted exercise by companies that simply don’t know what else to do.
The Truth About Blockchain
Blockchain is often conflated with cryptocurrency as a speculative asset. Most media publications tend to focus on the market volatility and potential value of a currency while dragging blockchain and smart contracts into the discussion. However, they neglect to discuss the real importance benefits of the technology. The utility of smart contracts has spurred a burst of innovation across several markets. And although there is a lot of noise and overhyped value, don’t discount the practical benefits of the technology could bring to information security.
There is uncertainty in the blockchain marketspace, but most analysts concede that the underlying technology is here to stay. The infosec community must consider how blockchain might support the advancement of cyber security. Moreover, it must proactively explore partnerships and solutions to these mounting security problems.