The Growth of the Criminal Economy: The Higher Cost and Increasing Damage from Successful Attacks

The Growth of the Criminal Economy

The growth of the criminal cyber economy is out of control. It is a Tsunami that will overwhelm Western Democratic Society. It is a Digital WMD. It only takes one dramatically successful, undetected cyber attack, whether casually through a common vector or plotted as an advanced exploit, to inflict severe and lasting damage on a business or a nation. The ramifications extend far beyond rapid technical remediation to include:

• Financial Losses: Direct costs from incident response, forensic analysis, and ransom payments are compounded by the long-tail indirect costs of business interruption and lost competitive advantage.
• Reputational Damage and Loss of Trust: A single breach can irrevocably shatter customer trust and partner confidence, creating a long-term drag on market share and valuation.
• Business Disruption: Attacks can halt core operations for extended periods by disrupting supply chains, service delivery, and internal workflows.
• Regulatory Fines and Penalties: Breaches involving protected data often trigger significant fines from regulatory bodies, adding substantial financial penalties to the recovery costs.

Shifting from Reactive Defense to proactive Inherent Security

Hardware must keep up with software progress. Advanced code-reuse attacks such as ROP, zero-day attacks, and insider threats demonstrate the inherent limitations of traditional, signature-based security tools and perimeter-focused defences. These methods were designed to detect known threats or block intrusions. Still, they are blind to stealth attacks built from an application's legitimate code, internal terrorism, or undiscovered design flaws. 

To address this wide range of increasingly successful attacks, the strategic imperative must shift from merely detecting attacks to eliminating all underlying vulnerabilities that enable them. By designing systems that eliminate the very concept of undetected errors, including undiscovered bugs, zero-day attacks, internal sabotage, and architectural flaws like linear memory addresses for code execution. 

This is achieved scientifically by a 'water-tight' design. By replacing shared addressing with token-based symbols called "Golden Tokens", access to critical architecture details like the predictable return stack that attackers can overwrite and abuse is logically prevented. This model removes the "Physics of Shared Linearity" that ROP attacks and constructs bicameral data-tight atomic independence. This scientific alternative represents a critical solution as a fundamentally robust cybersecurity measure on the computational surface of computer science, resilient through mathematically provable design rather than hopeful detection.

This is not a new alternative; it has been used throughout history, as explained by a trilogy of books on the what, why and how of Industrial Strength Computer Science.