Papers
Published on December 10th, 2016 📆 | 1710 Views ⚑
Is Internet Security a Losing Battle?
iSpeech.org
The Internet, as a whole hasn’t been designed for what it is today, it evolved this way, and there are hundreds of cracks that can be exploited all over it.
Typically, there are 3 major types of frauds and security issues by the point of attack: client (endpoint), connection and server.
First thing: everybody should fix their connection, use a firewall, use https, email should be secured, LAN should be careful setup, WIFI should be protected. There are a few simple tricks and your connection could be hardened to an ultra high potential.
Secondly, if you’re in the software business, if you have a website, or an app: the server part is as easy to secure, and with the rise of cloud computing, all major players are taking care of most of your stuff. If you’re big enough get a specialist to help you with security or at least pay a security firm to audit and do a penetration test for your apps. Ethical hackers may help you too.
However, the biggest problem is the user. People are using very simple passwords, they don’t use 2nd-factor authentication, they share accounts, they open phishing emails, they click on suspicious links, they leave their PCs unattended and unlocked, and the list may continue. But the real problem is that people don’t know how to protect themselves and that they don’t care. I’m not saying that system exploits are not around anymore, they still haunt us all, but technically if your computers are up to date, you’re at lower risk from a pure technical exploit and that’s pretty much all you can do about it.
Hacking nowadays is focused more and more on exploiting human vulnerabilities, on social engineering, or at least on combinations between phishing/viruses and human interaction. Experts found out that it is harder to scale exploits based on system vulnerabilities alone and they can do little damage. “Luckily” there are social engineering techniques that work at scale especially when combined with basic system exploits.
[adsense size='1']
Let’s take phishing for example: in it’s simplest form, a user gets an email from someone who looks like a friend, coworker, or simply clicks on a link on some “grey-zone” page, an exploit is installed on his PC which typically starts gathering passwords, credit cards, and other interesting information. Once you have access to people’s passwords it’s easier to get to their money, and that’s how basic cybercrime and online identity theft works. In the corporate world, the problem is even more complex, as people care even less about the company data and they don’t follow security procedures.
So, in order to harden Internet security, it’s important to understand how attacks work, protect user accounts from the apps, implement 2nd-factor authentication everywhere and protect browsers, PCs, phones and (now) IoT devices stronger than ever before.
Gloss