Speaking of hackers in general, the video "Creating panic in Estonia" was well done. It speaks to aspects of cyber security I have touched on personally with peers and users who are generally unaware of how dangerous the Internet can be, and do not understand how they should be protecting themselves and in turn the rest of the user community at large. The global dependency on the Internet as a necessary aspect of daily life can, and may, eventually lead to its demise. It used to be seen as a tool, something that made research easier or necessitated more efficient processing of goods and services to customers. The global Internet is far more interconnected than most people can comprehend. We, as IT pros and field experts, find ourselves at a unique crossroads when it comes to the cyber realm. On one hand, we are users who find entertainment and conduct business transactions through the Internet. We keep in touch with friends, relatives, and associates. Pay bills and send gifts to people, through the Internet. We curiously investigate other perspectives on anything we can think of, reachable with a simple search string. On another hand we develop and/or service information systems and are responsible for ensuring that the users are not their own worst enemy, and the executive stakeholders understand why expenses are necessary to ensure seamless operations while maintaining data security and integrity through digital interactions across the company or across the Internet. Yet another proverbial fork is that of a hacker. Not necessarily one that breaks into systems with malicious intent, which are primarily the hackers (criminals) most people hear about, but the white hat hacker who, like the man who works for Kaspersky in Russia, looks to improve the quality and safety of the Internet. In order to beat a hacker, one must be able to think like a hacker, and have the intimately specific knowledge of software and systems, how they interconnect, and how users interact with them. This whole-view perspective on digital communications is necessary in order to properly safeguard oneself, and also the global user community. Education and repetitive reinforcement have been the successful combination for me in getting users at all levels to start to invest in cyber security and take a different view on what they share on the web. People contact me regularly to clean infections from their systems and networks. Unfortunately, most of these users are of the mindset that "it should just work, and never give me problems, regardless of what I do" which has no substantive basis in reality. In reality, it takes the combination of dozens, if not hundreds, of software applications to make a system function the way it does today. Since no user situation is ever the lab-tested "ideal" situation, users must be educated on not only how to use their system, but a basic level understanding of how their use affects everyone connected to their system, and the subsequent systems the collective interacts with. As experiences and exposure to different interactive scenarios manifest, continued education is the key which not only makes a better user but a better system as a whole.
The Stuxnet event could have been avoided with the right engineer designing security protocols, establishing policies, and integrating hardware solutions designed specifically at denying access to unauthorized devices on a network. Granted, Estonia may not have had access to the technology necessary to affect such a system, but those types of systems do exist. It is this reason why companies like Symantec, McAfee, and Kaspersky have integrated a feature into their anti-everything software packages to instantly scan any removable device attached to a protected system. Granted, the Stuxnet did not yet have a known signature and thus could not be specifically scanned for, but those packages also have zero-day detection capabilities, meaning they have an algorithm designed into the software to detect virus-like patterns and flag them as suspicious - which is how Stuxnet was ultimately found, through a zero-day detection algorithm. While they are highly effective, they can only be detected on a system with this type of software installed. Unfortunately, there is a large number of users who do not have protective software, let alone hardware solutions, installed in their systems and/or networks which leaves them, and anyone they connect to, highly vulnerable. Here again, education is the key - once the people can be made to understand the risks involved, they will be willing to learn how to best safeguard themselves, which protects everyone else they interact with digitally. It is like getting an immunization for a disease - if everyone gets the shot, then no one can transfer it or get it from someone who is infected or has not had their immunization. The shot cures any carriers of the disease, prevents spreading of the disease to others, and does not allow the inoculated to become carriers again. That is the same philosophy of security software, and important for the same reasons.
~Geek
Reference: Video On Demand - http://digital.films.com/PortalPlaylists.aspx?aid=7967&xtid=50121&loid=182367
No comments:
Post a Comment