Sunday, October 23, 2011

Cyber Security Awareness Month - what's the hype about

"Every American has a stake in securing our networks and personal information" All the daunting and cool hacker stories today may leave the everyday citizen feeling... well a little uninvolved. NOT SO! Consider for a moment how this directly affects you....

You are a but a cog in the machine is the global information systems. You could be an important cog and never know it. First it's important to realize that most "hacking" is similar to the average burglary. Really it is. Remember the average burglary gains entry through an open or unlocked door or window, right? Well the average malware (malicious software - the projection of the hacker) gains access to your computer by getting past poorly maintained firewalls, anti-virus software that is not updated, and through unpatched/updated software applications. And what does this malware do you ask? What does a burglar do? The malware may roam your machine and look for interesting data, it may lay in wait for you to enter interesting information and it carries it away to for someone else to use. A burglar takes you TV and fences it. A hacker using malware may steal your credit card, social security number, phone numbers, addresses and what not, and then fence them on a website. Or they may just use them for their ends.

What is the most significant difference between a burglar and a network hacker? Threat Population! At any given time there are only so many people within travel distance of your home or office with the tools, expertise and desire to break into your home or office. Let's just make it easy and say the population of the metro area where you live and work. Now the available population for attacking your online presence is everyone connected to the Internet who can download a free software to seek out vulnerable machines and exploit them (so nearly everyone connected). The population difference for the threat is several orders of magnitude larger. Imagine a burglar that was able to cast out their thoughts (fanciful I know but bear with me) and in the telepathic scan can know who did not lock a door or window to their home or office without ever leaving the comfort of their warm soft couch and the other amenities that bring any lazy minimalist pleasure. That is what a hacker may do when they scan the portion of the Internet where your machines are connected. The easiest targets become apparent - the low hanging fruit of cyber theft.

Now an updated firewall, anti-virus software, and application software will not protect you from everything - not even close. Though it will cover the laziest of online miscreants. If you apply the Pareto Principle to this it means that 20% of your effort will be sufficient for 80% of the problems. Updating software also helps to keep it operating smoothly and efficiently.

Why mess with it if it works. I like to install it and leave it alone you say? Consider this analogy for unmaintained firewall. A firewall is a device or software used to separate networks. It's the difference between an open door and a door with an armed receptionist to manage authorized traffic. So you have a security officer come to your home every night to check and make sure everything is locked up and no one can get it. Now everything requires maintenance, even the officer. After a time the vision in his right eye begins to fade but he keeps reporting to you that everything is locked up tight. Then one day you hire a new officer because you had too and suddenly he reports that the last guy didn't see that one of the windows had been unlocked - the one on the right. Who knows how long that window has been open and your resources have been leaving through it.

When you get infected with malware you may be sending to your friends, and their friends, and their acquaintances. Just like a nasty STD. You send an email or message that the malware has attached itself to without your knowledge. Your friend trusts you and opens the email and maybe even an attachment. They're infected now too. The malware that your half-blind security let it might be sending these emails without your knowledge as well. So, please keep your software, firewall, anti-virus, and applications up-to-date. It's a start.

No comments: