I know, I know. The security and squid blog is located elsewhere. Sorry, but I just have to write about this article.
A short time ago, Chuan-Chin Chiao, Kenneth Wickiser, Justine J. Allen, Brock Genter and Roger T. Hanlon published the article Hyperspectral imaging of cuttlefish camouflage indicates good color match in the eyes of fish predators. (How can you resist an article with such a fascinating title?) For those that don’t thrill to reading academic articles about the eyes of coleoid cephalopods (you weirdos), there is a more accessible press release here.
Why am I fascinated about this? Well, cuttlefish have the ability to change their patterning to blending into the background. We’re familiar with how chameleons do this, but cuttlefish are a lot better at it. Not only are they better at it, but they’re also colorblind! (Like me.) That’s right, these critters are capable of changing their own coloration when they can’t even see it. How do they do it? Well, sorry to keep you in suspense, but we still don’t know. There is some suspicion that it involves opsin transcripts, and evidence that body position may have something to do with it, but those theories are insufficient for complete explanation. What’s interesting is the approach of the paper.
Science, as you know, is all about measurement. There’s little room for guesswork and lots of opportunity to be wrong. So if you’re going to measure camouflage, you’d better have a darn good way of doing it. What these guys did was to take hyperspectral images with a HyperScan VNIR system. Effectively, it measured the different amounts of 540 different colors to determine how well the cuttlefish blended in to their background. They looked at their targets as if they were a super predator, with capabilities far beyond that of the predators we know… and the cuttlefish’s technique was still effective.
So what does this mean for us? Well, for me it means that I lost out, as I am colorblind, but aren’t able to perceive the polarization of light like cuttlefish can (lucky critters). However, for the rest of us as a group, it means this:
These creatures developed this ability over millions of years through a complex process of trying different ways to hide and, when they failed, being eaten. From a business perspective, there is some value in failing fast… but little advantage in being eaten. If you want to develop strong protections, you need to find a predator that lets you know when your defense is working and when it’s not, without eating you. Ideally, this would be a super-predator that is better than most of the predators out there.
We call these people penetration testers. Armed not with a HyperScan VNIR, but with tools like network mappers, vulnerability scanners and exploit frameworks, these people can assess your business and let you know if they could break through your defenses and how. You can then protect yourself better by making appropriate changes. Sadly, the industry is still young, and it’s hard to identify the super predators from the others. There is a project to help with this, but for now, here’s a quick evaluation process. When you call a company (like mine) and ask for an evaluation, ask this handful of questions:
- How much will a penetration test cost?
- How much will a vulnerability assessment cost?
- Rule of thumb: Due to the time involved, penetration tests cost at least ten times when vulnerability assessments do. If they don’t, find another company.
- What is the difference between a penetration test and a vulnerability assessment?
- Rule of thumb: If they only say “A penetration test tries to break in, a vulnerability assessment does not”, find another company.
- What is your assessment methodology?
- Here, you should be looking for a standard and repeatable process. You don’t need to dig into the weeds, but you do want to weed out companies that come across as “We just try stuff at random”.
- What problems have your tests caused in the past?
- Here’s a secret of the industry. Anyone worth their salt has broken something. If you don’t sometimes break stuff, you’re not trying hard enough. Companies that try to gloss over this and say “Oh, our tests are safe” are not super-predators.
Get the right help or get eaten.
It’s that simple.