VIEW 22
Why the squid lost its shell
It is not a widely known fact that squid used to have shells. Ancient cephalopods in the Jurassic Period, the common ancestor of modern octopus and squid, were creatures like today’s nautilus.
They relied on a large external shell for defense. However, the seas became more acidic, weakening shells made from calcium carbonate. This meant that the squid gradually evolved three new mechanisms for self-defense. These were:
Intelligence Squid and octopus are amongst the most intelligent creatures in the ocean. If in doubt, look up the video on YouTube of an octopus opening a screw-top jar to get at the food inside.
Camouflage Squid have special pigment cells called chromatophores in their skin, which enable them to change color and blend into the background.
Agility Squid are very rapid swimmers, using a form of jet propulsion. They fill their internal cavity (unconstrained by a shell) with water and then expel it quickly in a jet, enabling them to leap upon their prey. With these adaptations, squid became highly successful without a protective shell; smarter, able to hide, and very quick to respond. There are now over 300 different species of squid and they are found in all the oceans of the world.
Looking at the current state of cyber security investment, we are still in the Jurassic Period. Most of the spending, some 70%, is still on prevention, which is a defensive shell strategy. This is changing. Cyber security investment is growing fast in other areas such as response and monitoring, so a more even spread is expected in the future.
This change can be likened to the squid losing its shell. Monitoring is, in effect, a form of intelligence gathering. Likewise, investments in improving response time are analogous to the squid’s agility. The speed with which an organization responds to a cyber incident is a critical factor in determining the degree of eventual damage. Investing in tabletop exercises to rehearse incident response plans is often money well spent.
What about camouflage? How does that relate to the cyber realm? Camouflage is the ability to blend into the background; the art of not standing out as an obvious target. Another critical factor in cyber defense is the speed of the patching cadence.
Companies who neglect to install patches to upgrade their software to the latest versions are extremely vulnerable to hackers. It is the equivalent of walking down the high street in antique Victorian clothing; those old-fashioned togs would clearly make you stand out from the crowd. So patching discipline is the equivalent of a squid’s camouflage, an effective way to avoid becoming a target.
