Sure,
security starts with the individual. But when a person does everything
right and still gets hacked, tell me, how are the hackers not winning?
It's time to admit it. The hackers are winning.
Are They, Really?
Assaying blame for hacks is a difficult endeavor. On one hand, people say we need to rebuild the Internet to make it more secure by default. Their theory is that the Web is, by its very nature, a hodge-podge mix of vulnerable nodes and standards that is aging and easy to exploit. This is largely true. Hackers hoard zero day vulnerabilities like squirrels preparing for winter, and a motivated hacker can basically bust through anything.
It's time to admit it. The hackers are winning.
Are They, Really?
Assaying blame for hacks is a difficult endeavor. On one hand, people say we need to rebuild the Internet to make it more secure by default. Their theory is that the Web is, by its very nature, a hodge-podge mix of vulnerable nodes and standards that is aging and easy to exploit. This is largely true. Hackers hoard zero day vulnerabilities like squirrels preparing for winter, and a motivated hacker can basically bust through anything.
On
the other, many security experts argue that security starts with the
individual. If you get hacked, you are basically at fault for violating
basic security protocols -- for instance, by failing to change your
passwords or by clicking on suspicious links.
Hackers,
scammers and malware writers have two main advantages: they have access
to a lot of money (either by sponsorship or classic fraud) and they
don’t have to obey any software practice (their “software” doesn’t have
to be properly tested, it can have bugs, doesn’t have to work on any
operating system and it really doesn’t matter if it crashes a few
machines). However, no one wants to complicate their lives more than
needed or pay more that it actually makes, so if the hack gets very
complicated, they will simply move to someone else.
Is It Your Fault?
Some
in the security industry think that breaches (both enterprise and
individual) are inherently preventable. Just be smart and you’ll be
fine, right?
“The sky is not falling,” said
Cluley. “Burger King, Jeep and others who have had their Twitter
accounts hacked have probably fallen victim because of human weakness.
Chances are that they followed poor password practices, like using the
same password in multiple places or choosing a password that was easy to
crack.”
I can half believe that sentiment. It's
very easy to imagine some intern manning the Burger King Twitter account
might have a poor password or has been clicking on linkbait spam. That
doesn't negate the fact that Twitter itself was hacked, exposing the
passwords of some of its more popular and influential users.
I'm
highly aware of suspicious links and attempts to spearphish me (a
tactic where a specialized message with a poisoned link is sent to an
individual as opposed to spammed to the masses). I don't click on links
that might be malware.
Security Starts With The Individual (Who Can Still Be A Victim) :
Researchers like Cluley have long advocated that security starts and ends with the individual.
“The
takeaway from all these security stories is that each of us has a part
to play in the fight against the bad guys -- whether it's on our home
computers (ensuring they don't get hijacked into a botnet) or in the
workplace,” Cluley said. “Report suspicious activity, think before
clicking on unsolicited attachments or links, keep your OS, your PDF
reader, your anti-virus up-to-date with the latest security patches.”
The
argument is a sound one and similar to how entities like the World
Health Organization have gone about fighting outbreaks of epidemic
disease: educate people to take care of themselves. Sometimes though, it
doesn't matter how much you know or how assiduously you take care of
yourself -- you are going to get sick (or hacked) and there is nothing
you can do about it.
So, are the hackers winning? When people still do everything right and still become victims, you tell me.
No comments:
Post a Comment