The "Cybersecurity Marketing Scam" contributes to Cyber-attacks warns Simon Smith, eVestigator
"Self-proclaimed instant 'Cyber Experts' are the new 'Cyber-scammers'. They bypass 20 years of multiple expert fields," Cybersecurity expert Simon Smith warns the world.
Buzz words: "Emerging innovations", "Artificial Intelligence", "Internet of Things", "Neural Networks", "Cognitive Computing", "Cognitive Security", "Augmented Cyber Reality", "The Cloud", "Cyber Neurons" are NOT new, innovative, and emerging relevant, realistic or related technologies.
All one needs to do is look on the internet, read a newspaper or listen to the news and hear outlandish stories about so-called 'Cybersecurity solutions'. Mr. Smith, Cybersecurity Master with 21 years' experience, explains.
"They are supposed to be fighting an industry of deception, yet their deception is the biggest Cyber-risk of all," says Mr. Smith.
"In fact the very people that write these articles are instantly making themselves known to those who are real experts as risks to Cybersecurity. Almost all of the above words are either decades old or have always existed," said Mr. Smith. "The 'Cloud' is the Internet, and remote execution has existed ever since I was interested in programming 26 years ago. Simply via thin client application hosting, Citrix, VMWare and Remote Storage, these were part of the applications we made as avid Software Engineers when I started," he said.
"At 11 years old, and commercially at 18, with now 21 years of combined industry experience, it disturbs me to see the industry falling apart by phrases that are being adopted by not even software companies. The 'Internet of Things' is another abused word, as the internet was always connected to hardware devices I created, and never with 'Cybersecurity problems'. It is a myth and sales bluff dreamt up by charlatans simply looking to cash in on what they 'want to be an emerging innovative rush to market'. The reality is, they are causing the problem, not mitigating it," Mr. Smith said logically.
Some Companies' seminars coming up with 'best practices', 'ideas', and 'products' have absolutely no speakers with experience in Cybercrime, Cybersecurity or anything related. "They are destroying the industry. These amateurs are trying to jump up 20 years of stairs and look for a shortcut but it is a discipline of many professions, and they are the biggest Cybersecurity risk with their uneducated advice," Mr. Smith said.
Mr. Smith is a seasoned Software Engineering Master, Cybersecurity Trainer, Frontline Cyber Crisis Defender, Mentor, Expert Witness, Frontline Mitigation Expert, and Cyber Forensics Investigator. He is also a Computer Digital Forensics Expert with real industry experience in the entire sphere of security and software engineering with over 21 years of practicing industry experience, ISO Lead Information Systems Auditor Qualified, has completed 8 Department of Homeland Security (US) recognised courses, holds over 10 Graduate Certificates/
"In a recent forum I saw somebody write the solution to a skills shortage. It was to 'simply hire lay people'. I responded and said, 'Would you like to have open heart surgery from a Nurse?' It seems that the rush to market has already become more important than the traditional SDLC and testing. Companies would rather send a product to the shelves and have teenage 'amateur hackers' with no methodology maybe find something than proven methodology under the SDLC. It is no wonder they are hackable," Mr. Smith said.
"Ideologists jump on Wikipedia and look for the latest 'buzz word' and start marketing. I've seen them quote semi definitions such as 'Cognitive computing technology' from Wikipedia. If they copy and pasted it properly, you would read at line one that 'At present, there is no widely agreed upon definition for cognitive computing in either academia or industry," says Mr. Smith.
"What all these ridiculous words are referring to and the software they are purporting to describe merely replicate 'Automated Machine Learning', which I, and so many others, have been programming for over 21 years, and yes, if done correctly, can make some difference. There is nothing a computer can do that a human does not instruct it to do. It can do it faster, it can learn with methods we tell it how to, but at a risk that if we get it wrong - we make a big 'fast' mistake. The only exception to this is algorithms. It is still humanly possible to perform mathematics, and all these so-called 'emerging malware detection' cognitive human replacements (even if they existed and did work) could do is spot a trend that could help a human spot a reality. However, that is still 'Automated Machine Learning'," stated Mr. Smith - who audits 'IT Experts' in court as an Expert Witness.
"However, if that was not enough 'buzz words'," Mr. Smith looks beyond claims of Artificial Intelligence, and says, "for Artificial Intelligence, we turn to both logic, science and definition. Firstly, what you think it means is impossible and documented as AI (Complete). What it does mean is also logically impossible to rely on and manage tasks such as reasoning, i.e., predicting actions of 'prior consciousness' that we humans are born with. In every other sense, it is 'Machine Learning'. It is well documented that AI differs from Machine Learning because it requires 'commonsense knowledge' similar to 'prior consciousness'. By definition, commonsense knowledge is impossible in general unless the machine is familiar with all the same concepts that an ordinary person is familiar with."
He then moves on to say, "Now, Pattern Recognition in its context is defined as a form of Machine Learning as it has to know by a human what constitutes a pattern. The definition of Pattern Recognition is the assignment of a label to a given input value."
Mr. Smith likens this deceptiveness similar to that which he comes across when he encounters Cybercrime, those who are laughing at all of us due to our diversion of reality and ignorance. Mr. Smith, who caught a major Cyberscammer last week, part of a $30-40m crime syndicate, stated, "When I find real life Cyberscammers, Cyberstalkers and Cybercriminals I see real suicides, real cult kidnappings, real hacking, real businesses destroyed, real people facing jail, real child exploitation and real gunpoint horror stories. It is not a game, it is not funny to the victims, so my advice to the 'Cyber Marketing Scammers' is to literally get out before people get hurt."
Finally, Mr. Smith covers the new 'buzz word' that the new breed of 'Cyber Marketing Scammers' are resorting to. This was the topic that caused Mr. Smith to warn the industry it is doomed if it doesn't take a stance. They tend to use the word 'Cognitive ability' and now 'Neural Networks'.
Mr. Smith states, "The public should now know that there has only ever been 'Automated Machine Learning', but in this case assisted with a Mathematical Algorithm. Some mathematics trends can be predicted, some are impossible. Again, we turn to Wikipedia and it states, "Like other machine learning methods, neural networks have been used to solve a wide variety of tasks, like computer vision and speech recognition, that are difficult to solve using ordinary rule-based programming. It is also worth mentioning that all these quotes date back to the 1980-90's. When I say that, I am talking about 'IoT', 'Cloud' and all so-called Emerging Innovations."
What has changed to cause the increase in Cybercrime?
"Absolutely nothing except laziness, market exploitation, a big rush to market and breaking of the SDLC/eliminating proper testing methodology & care. The writers of these articles and presenters of these seminars are causing a concern. Programmers and product developers need to start getting smarter and do their job and testing properly. Then, the marketers need to wait for a proper SDLC to be undertaken. There are no short rides to become a Cybersecurity expert. Spend 20 years and learn the profession, then you will inherently know the discipline," Mr. Smith states.
If the truth hurts, deal with it. It has to be a warning to the world from somebody who is on the front line with expert experience. Not everybody is out to intentionally behave like this, but it is true and it is happening and Mr. Smith is offering this intelligence for no monetary gain. Decision makers (including Government) should do due diligence against those putting out these claims, products or events. Secondly, Cyber Mitigation and stopping insider threats and human mind hacking (social engineering)
He offers limited social engineer insider testing and contracts out. He engages as an Expert Witness, performs R&D and/or is looking for that next Cybercriminal. His services and time are in demand.
He reminds readers that cyber-attacks based on software cover only 10% and the average Company knows about it 300 days after it has occurred. 90%, he states, is social engineering. "You have to look from the inside," Mr. Smith concludes.
Motto - You cannot replace human excellence - you can assist it
Remember, humans are the weakest link in any Cyberattack;
Simon Smith, eVestigator Cyber Forensic IT & Expert Witness Services, Head of Cybersecurity (APAC), 21+yrs C-Suite Master Programmer, Mentor, International Advisor, Forensic Investigator, Social Engineer, Expert Witness, MBA Mentor, Media Advocate, International Police Special Unit Cybercrime Advisor.
Connect for Insights and Media Requests on LinkedIn:
Subscribe to all media interviews via my YouTube Channel by clicking here: https://www.youtube.com/
Simon Smith, Cybersecurity Forensic Investigator