VIEW 10
Why the squid lost its shell
It is not widely known that squid used to have shells. Ancient cephalopods in the Jurassic era, the common ancestor of modern octopus and squid, were creatures like today’s nautilus. They relied on a large external shell for defence.
However, the seas became more acidic, weakening shells made from calcium carbonate. This meant that the squid gradually evolved three other mechanisms for self-defence. These were:
Intelligence
Squid and octopus are amongst the most intelligent creatures in the ocean. If in doubt, look up the video on YouTube of an octopus opening a screw top jar to get at the food inside.
Camouflage
Squid have special pigment cells called chromatophores in their skin which enables them to change colour and blend into the background.
Agility
Squid are very rapid swimmers using a form of jet propulsion. They fill their internal cavity (unconstrained by a shell) with water and then expel it quickly in a jet enabling them to leap upon their prey.
Looking at the current state of cyber security investment, we are still in the Jurassic era. Most of the spending, some 80%, is on prevention which is a defensive shell strategy (see View #8 for the castle wall analogy). In the future, cyber security investment is expected to become more evenly spread with big gains in other areas such as response and monitoring.
This change can be likened to the squid losing its shell. Monitoring is, in effect, a form of intelligence gathering. Likewise, investments in improving response time is analogous to the squid’s agility. The speed with which an organisation responds to a cyber-attack is a critical factor in determining the degree of eventual damage. Investing in table top exercises to rehearse incident response plans is often money well spent.
What about camouflage? How does that relate to the cyber realm? Camouflage is the ability to blend into the background; the art of not standing out as an obvious target. Another critical factor in cyber defence is the speed of the patching cadence. Companies who neglect to install patches to upgrade their software to the latest versions are extremely vulnerable to hackers. It’s the equivalent of walking down the high street in antique Victorian clothing; you would clearly stand out from the crowd. So patching discipline is the equivalent of a squid’s camouflage, an effective way to avoid becoming a target.
