Cyber security is the process of protecting yourself from someone who is trying to steal from you over the internet. Lets face it, the internet is constantly changing and technology is evolving. You do not have to be an expert with computers but you do need to know what the risk are. You cannot claim ignorance and pretend it will not happen to you.
Its important to understand some of the basic concepts. I believe if you take the time to understand this section, you will be able to make better decisions because you will know why its important. When it comes to the security of yourself, your family, your business or your job, it is important to understand what you are trying to protect. Is it Confidentiality? Who should see this information? Maybe it’s a few private pictures of you that are for your eyes only. Maybe its how much money you have in your retirement account. Protecting the confidentiality of those type of items is important. If it’s a physical copy, you would place them in a file cabinet and lock it. Maybe hide it in the attack or both. Is it the Integrity? How do I know its real? Maybe you have a valuable collectable. You had it reviewed by an expert who gave it a certificate of authenticity. The collectable is not worth anything if its broken or modified in any way. Car collectors look for car with original parts and make sure its integrity is intact. What bout the Availability? What good is it to you to pay for cable is it is not available when you want to watch a show? What good is your computer if you can’t get on the internet?
Why is cyber security so important? A brief perspective will shed some light on the topic of security in general and the evolvement of cyber security as a new threat to the safety of households, individuals, corporations and even entire governments. You may not know that your smart home and other devices you may own are connected to the internet. It is possible that someone is out there trying to find a weakness within your home or office network to turn those devices agents you or someone else. What I am about to share with you may seem far our there but believe me when I tell you, it is not. The reality is this does happen and it is more common than it should be not because they are not securable but because when you bought them, you did not think about how could this be used to harm you or someone else. A lot of use have smart thermostats in our home. They come with a registration process and in some cases a default password which you may not have changed because it did not seem to matter to you. Imagine this scenario if you will. You come home from work to notice your house is extremely hot. You walk over to the thermostat and notice it is set to 110 degrees. You are unable to lower the temperature because there’s a password preventing you from changing it. You go to your computer to contact the manufacture of the thermostat and notice a strange email. The email states, we have control of your thermostat and if you wish have access to it, you need to send 10 bit coins or $100.00 US dollars to x location. There could even be an 1(800) number for you to call. This could happen with any device you have in your home from your smart TV, your video cameras, your lights and anything else you may have connected. Can you imagine not being able to enter your house because your smart door lock has locked you out until you pay a fee? What about your car not starting up? This is the would we now live in. As technology advances to make our lives easier, we must be aware of the risk that comes with it.
I remember working for a large institution were it was not uncommon for computers to go unpatched. This large institution left it was not as important because those computers did not have any valuable information and although I tried to get them to understand the importance of replacing outdated software and when that was not an option, patching and removing/disabling futures that were not required. I failed to explain the risk in a way that they could understand. Much like the example above, you already made a decision on how if at all a smart home would impact you.
It is common to downplay situations that scare us instead of embracing it head on. As all things in life, there are two variables that will eventually lead to a problem. Time and attempts. Hurricane Katrina caused billions of dollars but the main reason was not the hurricane. It was flooding. The levee walls were faulty. This was well known. It was cost a few million or so to fix the problem. You see the Hurricane represents a virus and as all viruses they are formed and deployed. This is the attempt. The levees represent the security weakness. If they would have repaired/replaced the levee walls as required. (This is the mitigation or preventative measure.), Hurricane Katrina would have still hit, but its damage could have been in the millions vs in the billions. Many hurricanes have come and gone but they have not hit New Orleans. With a quick search on the internet you can read up on the damage could have been controlled but yet those steps to prevent it did not take place. Why? I live and Florida where we are no strangers to hurricanes. It is easy to believe why someone in Florida would be worried about controlling hurricane damage if they live in Florida but what about New Orleans? What about Texas? Giving the right amount of time with a continues amount of attempts, the right combination will strike.
That is what happen to this large institution. Out of the 100,000 desktop computer systems they managed, a little over 56,000 of them got infected with the Conficker virus. This virus took out their operation for 2 days and caused damage to their reputation. The worst part about it is, they made the news and it was not just because they had a virus, it was because they were hit with a virus that was over 7 years old at the time. The lack of patching their systems and or replacing outdated operating systems was to blame. The opportunity for someone to take advantage was there for years. It was only a matter of time.
You might be thinking this was an isolated incident but you would be wrong. It happens all the time. Lack of understanding the potential risk, was not the problem. It was the belief the probability was small and the impact would not matter. If you have a computer, you should know that the main program that runs all of your other programs is called an operating system. That operating system is what allows you to used your other applications to access you bank, go on the internet, buy your bills, write emails and everything else you can possibly do on your computer. You should be replacing you operating system when newer ones come out. Most of the time those new operating systems have a better security built-in and have regular updates provided for them. When the manufacturer of the operating system states an operating systems will reach its “end of life” by x date, you should do your best to move from it as quickly as possible. This was not the case for those that were impacted by WannaCry virus. The majority of those impacted were running Windows XP operating systems which Microsoft tried to terminate its support many times and was finally able to on April 8, 2014. WannaCry hit in May 2017. I think that was plenty of time for an upgrade. Remember, it is only a matter of time.