My in-laws refer to me as the family’s resident computer expert, which means I get to field their questions on the subject. I expect that most readers of this blog play a similar role in their families. I enjoy helping out where I can, but when it comes to computer security I try to bite my tongue. Occasionally a family member will ask a sufficiently pointed question to which I can give some sort of answer, but I still try to hold back. I expect most readers will understand that I don’t want to “release the river” of scary information, and drive my in-laws away from the technology that causes it. Yet there are four points that should make everyone reconsider their security posture.
- Cyberwarfare currently rages at the global level. China constantly tries to steal intellectual property from the United States. Iran was hit by malware unleashed to destroy its nuclear-industry centrifuges. The Russian mafia uses botnets to unleash DDoS attacks and extort money from businesses. The hacktivist group Anonymous attacks whomever it feels needs rebuking. The scariest part is that most of these facts are public knowledge and independent of attacks going on right now that we don’t know about.
- Security through obscurity does not work. Okay, I’ll admit it works a little, but not much better than really no security at all. Security through lack of value does not exist. We are each valuable targets. Brian Krebs outlined this very clearly in an infographic that the SANS Institute picked up and translated. He also wrote about it while reporting for The Washington Post. Krebs enumerates how much value can come from a hacked PC, making us all targets.
- Too many people think nothing bad can really happen to them. Well, if you still think that after looking at the information Krebs put together, then let’s move on to Mat Honan. The Wired magazine writer had his entire digital life blown away in a matter of minutes. After a really rough weekend, he managed to piece most of it back together with days of work and thousands of dollars.
- Antivirus does not work against advanced persistent threats. We all want to feel safe and secure, but the fact remains that no existing consumer product will protect against zero-day exploits and advanced threats. Antivirus products do keep our computers from catching last year’s viruses, because no one wants to catch Nimda again. But if you think that immunization for ILOVEYOU will protect you from Flame then you have pwnage coming. Bit9 protects all types and sizes of organizations against zero-day exploits and advanced threats, but individual consumers must rely on constant vigilance.
I cannot blame anyone for becoming a Luddite based on the rosy picture those four points paint, but I still believe the benefits of a digitally connected society far outweigh the cyber security risks. The importance of recognizing each threat and making the investment to thwart them is essential. Or you could wait until the Kraken of cyberthreats is unleashed on you or your company.