Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough

According to the AV-TEST Institute, more than 450,000 new malicious applications are found every day, illustrating the rapid rate of malware spread.

Despite substantial investments in cybersecurity, why are malware and hackers so ubiquitous? Because we cannot stop what we cannot see or identify. With AI-driven deepfakes, attackers can assume anyone’s identity to create convincing impersonations and execute successful attacks. Our inability to discover their true identities has worked in favor of threat actors, enabling them to easily evade arrest. 

The Pervasive Trusted Ecosystem

The key to taming the hacker storm is founded on the core principle of trust: that the individual or company you are dealing with is who or what they claim to be and behaves accordingly. Establishing a high-trust environment can largely hinder hacker success. Following are elements defining a pervasive, trusted ecosystem:

Trusted identities: A key component of establishing trust between interacting parties can be achieved by ensuring the identities of all participants are verified and authenticated if desired and agreed upon by all parties in the communication stream.

There can be three types of identities: Real ID, or real identity, tied to human identity, which is strongly authenticated and assured. Pseudo identity, or pseudo anonymity, is like a made-up label. An example of this is an email address that is not necessarily a person’s real name (i.e., [email protected], [email protected]) or strongly verified to who it belongs to. I could make up a fake email address claiming I’m Bill Gates (e.g., [email protected]) and there isn’t any identity mechanism to stop me. Most email addresses and logon names on the Internet are that type of identity today.

Thirdly, there is attempted anonymity, when a person cannot be traced to a constant identity label.

In identity-based trust relationships, each relationship between the interacting parties has a different degree of trust involved:

• The highest levels of trust can be enforced by nation-state, which requires the highest assurance controls, such as in-person verification requiring real ID documents.
• Medium trust for commercial channels requires medium assurance controls where pseudo identities are allowed.
• Weak trust can work on attempted anonymity. For example, signing up for an account on a website where identity may be verified by sending an email.

Trusted devices: For a pervasive selective trusted ecosystem, an organization requires something beyond trusted user IDs. A hacker can compromise a user’s device and steal the trusted user ID, making identity-based trust inadequate. A trust-verified device assures that the device is secure and can be trusted. But then again, a hacker stealing a user’s identity and password can also fake the user’s device. Confirming the device’s identity—whether it is or it isn’t the same device—hence becomes necessary.

The best way to ensure the device is secure and trustworthy is to employ the device identity that is designed by its manufacturer and programmed into its TPM or Secure Enclave chip. The chip is loaded with an exclusive cryptographic key that is securely stored and never revealed outside the chip. Upon being asked through an API, the chip can serve up cryptographic proofs or certificates that attest to the integrity of the device’s software and hardware. 

Trusted operating systems: Organizations need a trusted operating system in addition to a trusted identity and device. The TPM chip is instrumental in making OS Secure Boot a reality. While booting up, the chip measures the integrity of the bootloader and firmware and compares it to the known, trusted values stored in the chip. The system will only proceed to boot up if the measurements match, safeguarding it against malicious attacks such as rootkits and boot-time malware.

In virtual environments, hypervisors secure operating systems by segregating virtual machines (VMs) from one another and the host operating system. This prevents the infection of a VM from spreading to others if it gets infected. Hypervisors also guard the integrity of the operating system’s kernel using hypervisor-enforced code integrity, which validates all the kernel codes before execution, shielding the kernel from malware and unauthorized entry.

Trusted applications: Organizations can ensure pervasive trusted apps by ensuring a bunch of different security controls are met, including that it is a fully patched OS. Patches fix known security flaws in the OS, providing a secure application environment.

Updating an application enhances protection by updating its global unique identifier, which is digitally signed and securely coded. The identifier remains unique after every update, thereby preventing misuse.

Many modern applications have a self-integrity checking feature, where the application verifies its own code to ensure it hasn’t been altered since the developer signed it. In case of unauthorized modifications or tampering, it fixes itself, preventing attacks like code injection.

Security-bounded cookies are another way to enhance the security of web applications. Cookies stored on the browser are bound to the machine they were submitted on. If an attacker or malware steals them, they cannot be reused elsewhere, safeguarding against cross-scripting and cross-site request forgery attacks.

Trusted actions: Trusted actions are critical in ensuring a secure and pervasive trust environment. Different actions require different levels of authentication, generating different levels of trust, which the application vendor or the service provider has already defined. An action considered high risk would require stronger authentication, also known as dynamic authentication.

The inclusion of dynamic authentication to ascertain the trustworthiness of users, devices, and actions is part of the zero-trust security concept, which presumes that no one within or without the organization can be trusted by default and that constant verification of trusted activities is required to build pervasive trust.

Trusted networks: Trusted networks are created when trust is established across all users, devices, applications, and systems. Users and devices are authenticated, and their identity is verified before being allowed network access. Dynamic trust evaluation ensures that trust is continually assessed based on context and actions.

Trust assurance services: Such services can be local and global. The local trust assurance service interfaces with the user and allows the user to select their identities, personas, and attributes for specific applications, websites, and services. It automatically sends email addresses, URLs, phone numbers, and more, to the global trust assurance service to verify if they have been reported as malicious in the past.

The global trust assurance service is a fully funded, DNS-like global service with a human and AI component. It has a global allow and block list and investigates links and content submitted to it based on the data provided by users and intelligence feeds from cybersecurity vendors.

Other solutions:

In addition to the trust stack and its components described above, organizations can take a few other measures to build a pervasive trusted ecosystem. Training developers on secure coding practices and emphasizing the importance of proactive security in the development phase over reactive fixes post-launch can foster security discipline and trust in the ecosystem. Regular patching will reduce the risk of security breaches by addressing vulnerabilities promptly. Training users with phishing simulation exercises will help them recognize and report phishing attempts in time. 

No security system is foolproof. Yet, a pervasive trust system can harden defenses and prevent unauthorized access by establishing trust in identities, devices, operating systems, apps, actions, and networks. It’s a perfect model for protecting sensitive environments from constantly evolving threats.

Related: Cyber Insights 2025: Artificial Intelligence