How It Began,
Security is not something we should work for, it's something we should have

May 20, 2020 / Stefan H. Farr

It was a pleasant sunny day back in August 2015, but no amount of nice weather could uplift my mood, for my mind was busy finding a way out of a trap. My smartphone was randomly popping up advertisements that seemed to have no origin and I've already done everything possible to get rid of it, except the one thing I did not want to do - factory reset. My brother's computer was hit by ransomware and he was asking for my advice on how to prevent this in the future, so there I was with the embarrassment of a cybersecurity practitioner having to educate others on practices that he himself failed. It was frustrating. I've obeyed all the rules in the book and obviously, they weren't enough. So was this the end? All that was left was backups? Mechanisms to recover but no means to stop evil from happening? The words of Robert Mueller, then director of the FBI, were ringing in my head: "There are only two types of companies, those that have been hacked and those that will be" with the entire cybersecurity industry echoing this cowardly "wisdom". I felt one of them.

You can be bullied in cyberpsace ... and the consequences are very real

I couldn't help drawing some parallels with reality. I imagined myself as a policeman visiting a class and explaining to a bunch of stupefied kids how to recover from being bullied: how to have multiple sandwiches, bandaids, extra money, how to mend a purple eye, because this was inevitable. There was nothing the police or parents could do. Sooner or later everybody gets beaten up and has their sandwiches taken away, or worse. Ridiculous, in what reality would that be normal? And yet this is very much the reality we live in. The Internet is no longer the harmless curiosity it once was. Cyberspace and reality are fused together. You can get bullied in cyberspace and you can have your bank account emptied, and the consequences of such outcomes are not virtual, they are very real.

In reality we don't bother stopping the crime, we stop criminals.

But that parallel with reality also drew my attention to something else. That we approach security in a very different way in reality than we do in cyberspace. In reality, the vast majority of us do not wear bulletproof vests, and are not equipped to defend ourselves, nor do we expect to have to do so. We simply have security, and the incidence of an attack on any one's persona is so remote that we most of the time feel perfectly comfortable to completely have our guard down. That state of mind is almost all the way to the opposite end from coming to terms with inescapable doom. It also became evident that in reality, law enforcement approaches things differently too. They do not expect to be there in every corner, dark alley or house to prevent a crime when it is taking place. Crime in fact can take place almost anywhere because almost nobody is prepared for it. On the other hand, whenever such a thing does happen, the police will hunt down the perpetrators and remove them from society for good. In reality we don't bother stopping the crime, we stop criminals. Because of this, crime is so expensive relative to security, that the security of an entire society can be enforced by just a few. Clearly, dynamics, not sheer strength, is the key, and if success in stopping crime would require law enforcers to be everywhere, be able to recognize any crime and be equipped to stop it - even the ones they never encountered before - all we need to stop criminals is the ability to tell them apart.

At first glance, this does sound like an insurmountable challenge - I mean, what criminal would want to be identified - but society is greater than the sum of its parts. In fact, we don't need to ask criminals to wear an identity. If all the good guys can identify each other, then criminals or whoever chooses to walk in the shadows, are left without an option: either step in the light and become visible, or stay in the dark but then we can lock them out.

That for me was the answer to the riddle. Since then, my friends and I have been on a mission to replicate this effective dynamic in cyberspace and provide businesses and people with means to enable a state of security instead of continually having to fight for it. I am Stefan, the founder of Identity Plus and I believe everybody should be entitled to keep their sandwiches. Even if they, themselves, don't have the strength to fight for it.